Edit File: messages
Nov 9 04:21:28 server83 rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.3" x-pid="4219" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Nov 9 04:21:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:21:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14401 PROTO=TCP SPT=41459 DPT=8348 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:21:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.3.53.7 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=240 ID=54321 PROTO=TCP SPT=59590 DPT=789 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:21:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19185 SEQ=1 Nov 9 04:21:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47625 SEQ=1 Nov 9 04:21:34 server83 letsencrypt.live.cgi: time="2025-11-09T04:21:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=saraswatitrust WantedNames="[]" error="Account is suspended" Nov 9 04:21:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56939 SEQ=1 Nov 9 04:21:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=123.58.200.120 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=0 DF PROTO=TCP SPT=58993 DPT=10098 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:21:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51278 PROTO=TCP SPT=49956 DPT=27228 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:21:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57048 PROTO=TCP SPT=33337 DPT=6686 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:21:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3331 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:21:49 server83 letsencrypt.live.cgi: time="2025-11-09T04:21:49+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=proket WantedNames="[]" error="Account is suspended" Nov 9 04:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63340 SEQ=1 Nov 9 04:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14902 SEQ=1 Nov 9 04:21:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.170.232.33 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54204 PROTO=TCP SPT=54055 DPT=43383 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44937 SEQ=1 Nov 9 04:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63340 SEQ=1 Nov 9 04:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51195 SEQ=1 Nov 9 04:21:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=59381 PROTO=TCP SPT=61234 DPT=5969 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:21:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.126 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=26728 DF PROTO=TCP SPT=19750 DPT=23042 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6097 SEQ=1 Nov 9 04:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6097 SEQ=1 Nov 9 04:21:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3330 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:21:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18889 SEQ=1 Nov 9 04:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51294 SEQ=1 Nov 9 04:22:01 server83 systemd: Started Session 306247 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306248 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306246 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306249 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306250 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306252 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306251 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306253 of user root. Nov 9 04:22:01 server83 systemd: Started Session 306254 of user root. Nov 9 04:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33959 SEQ=1 Nov 9 04:22:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62095 SEQ=1 Nov 9 04:22:04 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:22:04 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:22:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.209.126.68 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=48744 DF PROTO=TCP SPT=59608 DPT=1245 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:04 server83 letsencrypt.live.cgi: time="2025-11-09T04:22:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ajmerkhwajafound WantedNames="[]" Nov 9 04:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.209.126.68 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=48745 DF PROTO=TCP SPT=59608 DPT=1245 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11800 PROTO=TCP SPT=39612 DPT=6142 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.191.234.170 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=235 ID=15929 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=9824 Nov 9 04:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62095 SEQ=1 Nov 9 04:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37151 SEQ=1 Nov 9 04:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51294 SEQ=1 Nov 9 04:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60867 SEQ=1 Nov 9 04:22:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.209.126.68 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=48746 DF PROTO=TCP SPT=59608 DPT=1245 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2979 PROTO=TCP SPT=56357 DPT=4066 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.221.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52472 DPT=10100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14085 SEQ=1 Nov 9 04:22:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37067 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22189 SEQ=1 Nov 9 04:22:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51252 SEQ=1 Nov 9 04:22:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25277 SEQ=1 Nov 9 04:22:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.218.44.152 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=38718 DF PROTO=TCP SPT=42984 DPT=1244 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31448 SEQ=1 Nov 9 04:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39868 DPT=15345 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:20 server83 letsencrypt.live.cgi: time="2025-11-09T04:22:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=verdecargo WantedNames="[]" Nov 9 04:22:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=56166 DF PROTO=ICMP TYPE=8 CODE=0 ID=12528 SEQ=47076 Nov 9 04:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25277 SEQ=1 Nov 9 04:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31129 SEQ=1 Nov 9 04:22:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3337 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:22:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.222.28.53 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=31626 DF PROTO=TCP SPT=61084 DPT=8080 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31524 SEQ=1 Nov 9 04:22:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10942 PROTO=TCP SPT=49956 DPT=26197 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:22:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.172.190.251 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=63733 DF PROTO=TCP SPT=54356 DPT=1224 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.222.28.53 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=31628 DF PROTO=TCP SPT=61084 DPT=8080 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.172.190.251 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=63734 DF PROTO=TCP SPT=54356 DPT=1224 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.172.190.251 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=63735 DF PROTO=TCP SPT=54356 DPT=1224 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:22:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12530 SEQ=1 Nov 9 04:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5119 SEQ=1 Nov 9 04:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.156.129.106 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=53617 PROTO=TCP SPT=28495 DPT=5555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:22:36 server83 letsencrypt.live.cgi: time="2025-11-09T04:22:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=passport WantedNames="[]" Nov 9 04:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21181 SEQ=1 Nov 9 04:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19535 SEQ=1 Nov 9 04:22:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9726 PROTO=TCP SPT=49956 DPT=29228 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59147 SEQ=1 Nov 9 04:22:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=27763 DF PROTO=TCP SPT=2476 DPT=10249 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:22:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54197 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62489 SEQ=1 Nov 9 04:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62489 SEQ=1 Nov 9 04:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28535 SEQ=1 Nov 9 04:22:51 server83 letsencrypt.live.cgi: time="2025-11-09T04:22:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=liveonnl WantedNames="[]" Nov 9 04:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58265 SEQ=1 Nov 9 04:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52649 SEQ=1 Nov 9 04:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25942 SEQ=1 Nov 9 04:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61767 SEQ=1 Nov 9 04:22:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52629 DPT=47690 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:22:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7230 PROTO=TCP SPT=40878 DPT=41775 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:23:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40016 SEQ=1 Nov 9 04:23:01 server83 systemd: Started Session 306256 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306257 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306259 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306258 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306255 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306260 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306262 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306261 of user root. Nov 9 04:23:01 server83 systemd: Started Session 306263 of user root. Nov 9 04:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13336 SEQ=1 Nov 9 04:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31697 SEQ=1 Nov 9 04:23:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.39.249 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=58618 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:23:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5204 SEQ=1 Nov 9 04:23:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40016 SEQ=1 Nov 9 04:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.37 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=48504 DF PROTO=TCP SPT=41855 DPT=25398 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:23:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38628 SEQ=1 Nov 9 04:23:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25172 SEQ=1 Nov 9 04:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62540 SEQ=1 Nov 9 04:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43025 SEQ=1 Nov 9 04:23:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.80.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1055 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:23:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7365 DF PROTO=TCP SPT=55134 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:23:07 server83 letsencrypt.live.cgi: time="2025-11-09T04:23:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=indiragr WantedNames="[]" Nov 9 04:23:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7366 DF PROTO=TCP SPT=55134 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:23:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.9 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=21739 PROTO=TCP SPT=44911 DPT=21294 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:23:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7367 DF PROTO=TCP SPT=55134 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:23:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3336 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:23:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7368 DF PROTO=TCP SPT=55134 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:23:17 server83 systemd: Started Session c2828 of user root. Nov 9 04:23:18 server83 scripts.sh: Load Average: 5.09 , 4.17 Nov 9 04:23:18 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 04:23:18 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 04:23:18 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 04:23:18 server83 scripts.sh: HTTPD Status: inactive Nov 9 04:23:18 server83 scripts.sh: MySQL Status: active Nov 9 04:23:18 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 04:23:18 server83 scripts.sh: Disk Info: / 936G/1.8T - 57%|/home2 489G/1.8T - 30%| Nov 9 04:23:18 server83 scripts.sh: SSHD Status: active Nov 9 04:23:18 server83 scripts.sh: FTP Status: active Nov 9 04:23:18 server83 scripts.sh: LiteSpeed Status: Active Nov 9 04:23:18 server83 scripts.sh: Imunify Status: Active Nov 9 04:23:18 server83 scripts.sh: cPanel Status: active Nov 9 04:23:18 server83 scripts.sh: Memory Status: 12/31 GB - 41.46% Nov 9 04:23:18 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 04:23:18 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 04:23:18 server83 scripts.sh: Local Version: 4.4.5 Nov 9 04:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.184 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53482 DPT=9174 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:23:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.218.54.153 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=57688 DF PROTO=TCP SPT=19606 DPT=11443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63248 SEQ=1 Nov 9 04:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49674 SEQ=1 Nov 9 04:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35560 SEQ=1 Nov 9 04:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28472 SEQ=1 Nov 9 04:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7369 DF PROTO=TCP SPT=55134 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39234 SEQ=1 Nov 9 04:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49674 SEQ=1 Nov 9 04:23:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:23:23 server83 letsencrypt.live.cgi: time="2025-11-09T04:23:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=citizenglobal WantedNames="[]" Nov 9 04:23:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.201.212.55 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=57718 DF PROTO=TCP SPT=54262 DPT=10443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.201.212.55 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=57719 DF PROTO=TCP SPT=54262 DPT=10443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.90.103.72 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=48798 DF PROTO=TCP SPT=42636 DPT=9200 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.201.212.55 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=57720 DF PROTO=TCP SPT=54262 DPT=10443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.90.103.72 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=48800 DF PROTO=TCP SPT=42636 DPT=9200 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44677 SEQ=1 Nov 9 04:23:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=44.211.222.141 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=8960 DF PROTO=TCP SPT=53232 DPT=3232 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14030 SEQ=1 Nov 9 04:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=53767 DF PROTO=ICMP TYPE=8 CODE=0 ID=25430 SEQ=46129 Nov 9 04:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10014 SEQ=1 Nov 9 04:23:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=44.211.222.141 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=8961 DF PROTO=TCP SPT=53232 DPT=3232 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.163.10 DST=145.239.177.179 LEN=41 TOS=0x00 PREC=0x00 TTL=43 ID=13432 PROTO=UDP SPT=52370 DPT=5094 LEN=21 Nov 9 04:23:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=44.211.222.141 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=8962 DF PROTO=TCP SPT=53232 DPT=3232 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:23:39 server83 letsencrypt.live.cgi: time="2025-11-09T04:23:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=govtreasury WantedNames="[]" Nov 9 04:23:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=106.75.162.227 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=38253 PROTO=TCP SPT=58914 DPT=44818 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:23:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3335 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:23:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25585 PROTO=TCP SPT=36342 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=11757 PROTO=TCP SPT=21459 DPT=102 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25586 PROTO=TCP SPT=36342 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41374 PROTO=TCP SPT=53564 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:23:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=14707 PROTO=TCP SPT=42660 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1131 SEQ=1 Nov 9 04:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27495 SEQ=1 Nov 9 04:23:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=14709 PROTO=TCP SPT=42660 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15548 SEQ=1 Nov 9 04:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33220 SEQ=1 Nov 9 04:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2146 SEQ=1 Nov 9 04:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15548 SEQ=1 Nov 9 04:23:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=14711 PROTO=TCP SPT=42660 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:23:54 server83 letsencrypt.live.cgi: time="2025-11-09T04:23:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=caissepdclare WantedNames="[]" error="Account is suspended" Nov 9 04:23:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:23:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=58266 DPT=6565 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:24:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48814 PROTO=TCP SPT=49956 DPT=27531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:24:01 server83 systemd: Started Session 306264 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306265 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306267 of user root. Nov 9 04:24:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:24:01 server83 systemd: Started Session 306266 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306268 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306270 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306269 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306272 of user root. Nov 9 04:24:01 server83 systemd: Started Session 306271 of user root. Nov 9 04:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45808 SEQ=1 Nov 9 04:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50203 SEQ=1 Nov 9 04:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35695 SEQ=1 Nov 9 04:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8264 SEQ=1 Nov 9 04:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45808 SEQ=1 Nov 9 04:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.44.244.12 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=11720 DF PROTO=ICMP TYPE=8 CODE=0 ID=11 SEQ=11729 Nov 9 04:24:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.171.241.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=37494 DPT=161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17671 SEQ=1 Nov 9 04:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.44.187.150 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=38 ID=19211 DF PROTO=ICMP TYPE=8 CODE=0 ID=32141 SEQ=55644 Nov 9 04:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57543 SEQ=1 Nov 9 04:24:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14521 SEQ=1 Nov 9 04:24:10 server83 letsencrypt.live.cgi: time="2025-11-09T04:24:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vidhisite WantedNames="[]" Nov 9 04:24:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3328 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:24:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.159.155 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=49 ID=64735 DF PROTO=UDP SPT=19333 DPT=19333 LEN=16 Nov 9 04:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=443 SEQ=1 Nov 9 04:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4757 SEQ=1 Nov 9 04:24:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=28544 PROTO=TCP SPT=40878 DPT=12339 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55711 SEQ=1 Nov 9 04:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25726 SEQ=1 Nov 9 04:24:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46462 SEQ=1 Nov 9 04:24:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55711 SEQ=1 Nov 9 04:24:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40415 SEQ=1 Nov 9 04:24:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=2.59.22.234 DST=145.239.177.179 LEN=41 TOS=0x08 PREC=0x20 TTL=114 ID=1667 PROTO=UDP SPT=18494 DPT=5094 LEN=21 Nov 9 04:24:25 server83 letsencrypt.live.cgi: time="2025-11-09T04:24:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nationstrade WantedNames="[]" Nov 9 04:24:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.41.232 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3079 DF PROTO=TCP SPT=42616 DPT=3870 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:24:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25362 PROTO=TCP SPT=36788 DPT=6385 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:24:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14574 SEQ=1 Nov 9 04:24:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62220 SEQ=1 Nov 9 04:24:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31751 SEQ=1 Nov 9 04:24:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59445 SEQ=1 Nov 9 04:24:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=10058 PROTO=TCP SPT=45831 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14574 SEQ=1 Nov 9 04:24:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15323 PROTO=TCP SPT=61234 DPT=5939 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:24:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3334 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:24:41 server83 letsencrypt.live.cgi: time="2025-11-09T04:24:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gucu1 WantedNames="[]" Nov 9 04:24:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48957 PROTO=TCP SPT=61234 DPT=2068 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:24:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6011 SEQ=1 Nov 9 04:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60335 SEQ=1 Nov 9 04:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55554 SEQ=1 Nov 9 04:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5521 SEQ=1 Nov 9 04:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7091 SEQ=1 Nov 9 04:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64249 SEQ=1 Nov 9 04:24:57 server83 letsencrypt.live.cgi: time="2025-11-09T04:24:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=exponlineus WantedNames="[]" Nov 9 04:24:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=45292 DPT=9026 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:24:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1367] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1372] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1373] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1377] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1387] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1390] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:25:00 server83 NetworkManager[922]: <info> [1762642500.1407] dhcp4 (eth1): dhclient started with pid 18026 Nov 9 04:25:00 server83 dhclient[18026]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x6c176a04) Nov 9 04:25:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50036 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:00 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.245 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=UDP SPT=44008 DPT=123 LEN=200 Nov 9 04:25:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:25:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:25:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:25:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:25:01 server83 systemd: Started Session 306275 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306276 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306278 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306279 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306274 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306273 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306277 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306281 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306280 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306283 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306284 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306285 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306282 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306286 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306287 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306288 of user root. Nov 9 04:25:01 server83 systemd: Started Session 306289 of user root. Nov 9 04:25:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13912 SEQ=1 Nov 9 04:25:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54106 SEQ=1 Nov 9 04:25:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17617 SEQ=1 Nov 9 04:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36781 SEQ=1 Nov 9 04:25:03 server83 dhclient[18026]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6c176a04) Nov 9 04:25:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.145.10.191 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=21654 DF PROTO=TCP SPT=28130 DPT=3000 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.155.112.151 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=22915 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:25:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.50.16.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=36090 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.216.238 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=50718 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=6099 Nov 9 04:25:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.145.10.191 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=21655 DF PROTO=TCP SPT=28130 DPT=3000 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.218.248.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=62186 DF PROTO=TCP SPT=31450 DPT=12443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.218.248.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=62187 DF PROTO=TCP SPT=31450 DPT=12443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:10 server83 dhclient[18026]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6c176a04) Nov 9 04:25:12 server83 letsencrypt.live.cgi: time="2025-11-09T04:25:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ummahdreamsfound WantedNames="[]" Nov 9 04:25:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=55445 PROTO=TCP SPT=53434 DPT=5349 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:25:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:25:14 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:25:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.212.86.166 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=16374 DF PROTO=TCP SPT=28852 DPT=13443 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49907 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.90.115.72 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=54413 DF PROTO=TCP SPT=12606 DPT=7547 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:18 server83 dhclient[18026]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x6c176a04) Nov 9 04:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.250.189.30 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=13206 Nov 9 04:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41431 SEQ=1 Nov 9 04:25:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.90.115.72 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=54415 DF PROTO=TCP SPT=12606 DPT=7547 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.250.189.30 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=14161 Nov 9 04:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63350 SEQ=1 Nov 9 04:25:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.171 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52121 DPT=9590 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43874 SEQ=1 Nov 9 04:25:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51028 PROTO=TCP SPT=41890 DPT=5862 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41431 SEQ=1 Nov 9 04:25:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.38.15.109 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=17252 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=2055 Nov 9 04:25:27 server83 dhclient[18026]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x6c176a04) Nov 9 04:25:28 server83 letsencrypt.live.cgi: time="2025-11-09T04:25:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pharmakit WantedNames="[]" Nov 9 04:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=56917 DF PROTO=ICMP TYPE=8 CODE=0 ID=28593 SEQ=41837 Nov 9 04:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6326 SEQ=1 Nov 9 04:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27968 SEQ=1 Nov 9 04:25:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.78.106.97 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=21 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=5327 Nov 9 04:25:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.163.32.211 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=11078 PROTO=TCP SPT=32948 DPT=5938 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56257 SEQ=1 Nov 9 04:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6105 SEQ=1 Nov 9 04:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6092 SEQ=1 Nov 9 04:25:42 server83 dhclient[18026]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x6c176a04) Nov 9 04:25:44 server83 letsencrypt.live.cgi: time="2025-11-09T04:25:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=stablefundsmarke WantedNames="[]" Nov 9 04:25:45 server83 NetworkManager[922]: <warn> [1762642545.0907] dhcp4 (eth1): request timed out Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.0907] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1066] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18026 Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1067] dhcp4 (eth1): state changed timeout -> done Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1069] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:25:45 server83 NetworkManager[922]: <warn> [1762642545.1072] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1073] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1103] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1105] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1106] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1107] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1116] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1118] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:25:45 server83 NetworkManager[922]: <info> [1762642545.1132] dhcp4 (eth1): dhclient started with pid 19887 Nov 9 04:25:45 server83 dhclient[19887]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4e4ba432) Nov 9 04:25:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.228 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51360 DPT=45020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:25:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30357 PROTO=TCP SPT=47263 DPT=6311 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:25:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.168.150.174 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=11066 Nov 9 04:25:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=63621 DF PROTO=ICMP TYPE=8 CODE=0 ID=60099 SEQ=11008 Nov 9 04:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.183.65.49 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=11534 Nov 9 04:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.183.65.49 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=12939 Nov 9 04:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5296 SEQ=1 Nov 9 04:25:50 server83 dhclient[19887]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4e4ba432) Nov 9 04:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50849 SEQ=1 Nov 9 04:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52163 SEQ=1 Nov 9 04:25:55 server83 dhclient[19887]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x4e4ba432) Nov 9 04:25:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:25:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=10912 PROTO=TCP SPT=61234 DPT=5995 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:26:00 server83 letsencrypt.live.cgi: time="2025-11-09T04:26:00+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=cresttagcapital WantedNames="[]" error="Account is suspended" Nov 9 04:26:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.98.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=48343 DPT=5349 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:26:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:26:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:26:01 server83 systemd: Started Session 306290 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306292 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306295 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306296 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306291 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306293 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306294 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306297 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306298 of user root. Nov 9 04:26:01 server83 systemd: Started Session 306299 of user root. Nov 9 04:26:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:26:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:26:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.39.249 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=18104 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:26:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.168.172.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=1682 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=6099 Nov 9 04:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54512 PROTO=TCP SPT=49956 DPT=26729 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35539 PROTO=TCP SPT=53814 DPT=5491 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:26:05 server83 dhclient[19887]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4e4ba432) Nov 9 04:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44276 SEQ=1 Nov 9 04:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.40.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=41171 DPT=5349 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7151 SEQ=1 Nov 9 04:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44276 SEQ=1 Nov 9 04:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59443 SEQ=1 Nov 9 04:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22790 SEQ=1 Nov 9 04:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22435 SEQ=1 Nov 9 04:26:12 server83 dhclient[19887]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4e4ba432) Nov 9 04:26:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50917 PROTO=TCP SPT=43457 DPT=2778 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:26:15 server83 letsencrypt.live.cgi: time="2025-11-09T04:26:15+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=redwellsoft WantedNames="[]" error="Account is suspended" Nov 9 04:26:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28691 PROTO=TCP SPT=59508 DPT=7210 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28042 SEQ=1 Nov 9 04:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10905 SEQ=1 Nov 9 04:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19618 SEQ=1 Nov 9 04:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49020 SEQ=1 Nov 9 04:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19618 SEQ=1 Nov 9 04:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28042 SEQ=1 Nov 9 04:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58622 SEQ=1 Nov 9 04:26:24 server83 dhclient[19887]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4e4ba432) Nov 9 04:26:25 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 04:26:25 server83 systemd: Stopped Status Update Service. Nov 9 04:26:25 server83 systemd: Started Status Update Service. Nov 9 04:26:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.155.94.28 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=32253 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=17685 Nov 9 04:26:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:26:30 server83 NetworkManager[922]: <warn> [1762642590.0907] dhcp4 (eth1): request timed out Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.0907] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.0987] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19887 Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.0987] dhcp4 (eth1): state changed timeout -> done Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.0989] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:26:30 server83 NetworkManager[922]: <warn> [1762642590.0993] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.0995] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1027] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1031] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1032] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1035] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1045] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1048] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:26:30 server83 NetworkManager[922]: <info> [1762642590.1059] dhcp4 (eth1): dhclient started with pid 21109 Nov 9 04:26:30 server83 dhclient[21109]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x457abffc) Nov 9 04:26:30 server83 letsencrypt.live.cgi: time="2025-11-09T04:26:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nbxyz WantedNames="[]" Nov 9 04:26:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61262 SEQ=1 Nov 9 04:26:33 server83 dhclient[21109]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x457abffc) Nov 9 04:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21707 SEQ=1 Nov 9 04:26:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35547 SEQ=1 Nov 9 04:26:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63789 SEQ=1 Nov 9 04:26:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34628 SEQ=1 Nov 9 04:26:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63789 SEQ=1 Nov 9 04:26:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34781 SEQ=1 Nov 9 04:26:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.163.205.133 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=57654 DF PROTO=TCP SPT=60702 DPT=21 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:26:40 server83 dhclient[21109]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x457abffc) Nov 9 04:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.74.58.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57001 DPT=41800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:26:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.90.19 DST=51.210.113.204 LEN=30 TOS=0x14 PREC=0x00 TTL=49 ID=13519 PROTO=UDP SPT=14543 DPT=5351 LEN=10 Nov 9 04:26:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.163.205.133 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=57655 DF PROTO=TCP SPT=60702 DPT=21 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 04:26:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.90.19 DST=51.210.113.204 LEN=49 TOS=0x14 PREC=0x00 TTL=49 ID=16808 PROTO=UDP SPT=17832 DPT=5351 LEN=29 Nov 9 04:26:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.130 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=47028 PROTO=TCP SPT=40414 DPT=20223 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:26:46 server83 letsencrypt.live.cgi: time="2025-11-09T04:26:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ucuxponline WantedNames="[]" Nov 9 04:26:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31634 SEQ=1 Nov 9 04:26:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10557 SEQ=1 Nov 9 04:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27354 SEQ=1 Nov 9 04:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=5512 DF PROTO=ICMP TYPE=8 CODE=0 ID=56168 SEQ=63117 Nov 9 04:26:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:26:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3327 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:26:51 server83 dhclient[21109]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x457abffc) Nov 9 04:26:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=63212 PROTO=TCP SPT=56114 DPT=7804 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:26:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.105.182 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58034 DPT=41800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:26:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54797 SEQ=1 Nov 9 04:26:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.68 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=22628 PROTO=TCP SPT=46520 DPT=44099 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:27:01 server83 letsencrypt.live.cgi: time="2025-11-09T04:27:01+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=monikalakeside WantedNames="[]" error="Account is suspended" Nov 9 04:27:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:27:01 server83 imunify-auditd-log-reader[15193]: lost 2 message sequences Nov 9 04:27:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:27:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:27:01 server83 systemd: Started Session 306301 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306300 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306302 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306303 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306304 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306305 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306306 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306307 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306308 of user root. Nov 9 04:27:01 server83 systemd: Started Session 306309 of user root. Nov 9 04:27:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:27:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:27:02 server83 dhclient[21109]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x457abffc) Nov 9 04:27:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=24206 PROTO=TCP SPT=21459 DPT=1299 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24878 SEQ=1 Nov 9 04:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.155.32.88 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=29061 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:27:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.216.238 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=58482 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=6099 Nov 9 04:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15776 SEQ=1 Nov 9 04:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43311 SEQ=1 Nov 9 04:27:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23126 PROTO=TCP SPT=43457 DPT=2421 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37082 SEQ=1 Nov 9 04:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27857 SEQ=1 Nov 9 04:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15776 SEQ=1 Nov 9 04:27:13 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.128.253.94 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=50 ID=37183 DF PROTO=UDP SPT=8000 DPT=8083 LEN=45 Nov 9 04:27:15 server83 NetworkManager[922]: <warn> [1762642635.0837] dhcp4 (eth1): request timed out Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.0837] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.0997] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21109 Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.0997] dhcp4 (eth1): state changed timeout -> done Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.0999] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:27:15 server83 NetworkManager[922]: <warn> [1762642635.1004] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1007] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1040] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1044] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1045] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1049] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1059] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1062] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:27:15 server83 NetworkManager[922]: <info> [1762642635.1079] dhcp4 (eth1): dhclient started with pid 22333 Nov 9 04:27:15 server83 dhclient[22333]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x1a80e79) Nov 9 04:27:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.78.77 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=16483 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=17685 Nov 9 04:27:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17278 SEQ=1 Nov 9 04:27:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.244.10.216 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=235 ID=52580 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=8183 Nov 9 04:27:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26434 SEQ=1 Nov 9 04:27:16 server83 letsencrypt.live.cgi: time="2025-11-09T04:27:16+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vakratundakrushi WantedNames="[]" error="Account is suspended" Nov 9 04:27:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11708 SEQ=1 Nov 9 04:27:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.211 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52202 DPT=8818 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:27:20 server83 dhclient[22333]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1a80e79) Nov 9 04:27:22 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=203.55.131.5 DST=51.210.113.204 LEN=48 TOS=0x08 PREC=0x20 TTL=48 ID=45656 PROTO=UDP SPT=52838 DPT=2152 LEN=28 Nov 9 04:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21034 SEQ=1 Nov 9 04:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57171 SEQ=1 Nov 9 04:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24001 SEQ=1 Nov 9 04:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11708 SEQ=1 Nov 9 04:27:27 server83 dhclient[22333]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x1a80e79) Nov 9 04:27:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.233.157.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x40 TTL=237 ID=6902 PROTO=TCP SPT=50552 DPT=9401 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:27:32 server83 letsencrypt.live.cgi: time="2025-11-09T04:27:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=greenchillyz WantedNames="[]" Nov 9 04:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9870 SEQ=1 Nov 9 04:27:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9870 SEQ=1 Nov 9 04:27:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10967 SEQ=1 Nov 9 04:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13202 SEQ=1 Nov 9 04:27:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3326 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20051 SEQ=1 Nov 9 04:27:42 server83 dhclient[22333]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1a80e79) Nov 9 04:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23609 SEQ=1 Nov 9 04:27:49 server83 dhclient[22333]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1a80e79) Nov 9 04:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2920 SEQ=1 Nov 9 04:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8276 SEQ=1 Nov 9 04:27:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23609 SEQ=1 Nov 9 04:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41549 SEQ=1 Nov 9 04:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17362 SEQ=1 Nov 9 04:27:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54303 SEQ=1 Nov 9 04:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5359 PROTO=TCP SPT=43739 DPT=2660 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:27:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.100 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=46132 PROTO=TCP SPT=33828 DPT=24619 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:27:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20290 PROTO=TCP SPT=36994 DPT=8687 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:27:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.159 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51784 DPT=48119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:27:57 server83 letsencrypt.live.cgi: time="2025-11-09T04:27:57+05:30" level=error msg="Failed to process AutoSSL" Username=adssm error="Experienced fatal pre-flight error for adssm: User is over quota: adssm (<nil>)" Nov 9 04:27:58 server83 dhclient[22333]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x1a80e79) Nov 9 04:27:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43861 PROTO=TCP SPT=47557 DPT=4607 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:28:00 server83 NetworkManager[922]: <warn> [1762642680.0857] dhcp4 (eth1): request timed out Nov 9 04:28:00 server83 NetworkManager[922]: <info> [1762642680.0857] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:28:00 server83 NetworkManager[922]: <info> [1762642680.1016] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22333 Nov 9 04:28:00 server83 NetworkManager[922]: <info> [1762642680.1016] dhcp4 (eth1): state changed timeout -> done Nov 9 04:28:00 server83 NetworkManager[922]: <info> [1762642680.1018] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:28:00 server83 NetworkManager[922]: <warn> [1762642680.1022] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:28:00 server83 NetworkManager[922]: <info> [1762642680.1023] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:28:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10559 SEQ=1 Nov 9 04:28:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:28:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:28:01 server83 systemd: Started Session 306311 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306310 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306314 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306312 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306316 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306315 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306313 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306317 of user root. Nov 9 04:28:01 server83 systemd: Started Session 306318 of user root. Nov 9 04:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 04:28:01 server83 systemd: Started Session 306319 of user metalarts. Nov 9 04:28:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60489 SEQ=1 Nov 9 04:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 04:28:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=56641 PROTO=TCP SPT=55975 DPT=7609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57857 SEQ=1 Nov 9 04:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10559 SEQ=1 Nov 9 04:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49594 PROTO=TCP SPT=49956 DPT=29781 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.208.229.230 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=33544 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=6099 Nov 9 04:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57857 SEQ=1 Nov 9 04:28:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7370 DF PROTO=TCP SPT=60356 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7371 DF PROTO=TCP SPT=60385 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7372 DF PROTO=TCP SPT=60356 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7373 DF PROTO=TCP SPT=60385 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7374 DF PROTO=TCP SPT=60356 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7375 DF PROTO=TCP SPT=60385 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:13 server83 letsencrypt.live.cgi: time="2025-11-09T04:28:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=park WantedNames="[]" Nov 9 04:28:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.83.167.20 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=50105 DPT=161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:28:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7376 DF PROTO=TCP SPT=60356 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10585 SEQ=1 Nov 9 04:28:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10585 SEQ=1 Nov 9 04:28:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.224 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54532 DPT=9393 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:28:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37750 PROTO=TCP SPT=61234 DPT=5955 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7378 DF PROTO=TCP SPT=60356 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7379 DF PROTO=TCP SPT=60385 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20729 SEQ=1 Nov 9 04:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2820 SEQ=1 Nov 9 04:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7600 SEQ=1 Nov 9 04:28:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.217.117.37 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=234 ID=44861 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=7763 Nov 9 04:28:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.155.94.28 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=49899 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=17685 Nov 9 04:28:27 server83 pam_imunify_daemon.bin: time="2025-11-09T04:28:27+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 04:28:28 server83 letsencrypt.live.cgi: time="2025-11-09T04:28:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=thehonestingredi WantedNames="[]" Nov 9 04:28:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:28:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.230 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56990 DPT=8800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56943 SEQ=1 Nov 9 04:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.29.13.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65534 DPT=44444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.29.13.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65534 DPT=44443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.29.13.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65534 DPT=8444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.29.13.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65534 DPT=10000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32108 SEQ=1 Nov 9 04:28:33 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 04:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56943 SEQ=1 Nov 9 04:28:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39605 SEQ=1 Nov 9 04:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5657 SEQ=1 Nov 9 04:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36965 SEQ=1 Nov 9 04:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26154 SEQ=1 Nov 9 04:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12860 SEQ=1 Nov 9 04:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28165 SEQ=1 Nov 9 04:28:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.16 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=13238 PROTO=TCP SPT=49272 DPT=10019 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=46789 PROTO=TCP SPT=56033 DPT=7720 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17310 PROTO=TCP SPT=49956 DPT=25434 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:44 server83 letsencrypt.live.cgi: time="2025-11-09T04:28:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=swisscreditonlin WantedNames="[]" Nov 9 04:28:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2318 SEQ=1 Nov 9 04:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62037 SEQ=1 Nov 9 04:28:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55231 PROTO=TCP SPT=46370 DPT=3193 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14874 SEQ=1 Nov 9 04:28:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63300 SEQ=1 Nov 9 04:28:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63300 SEQ=1 Nov 9 04:28:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54062 DPT=19595 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:28:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1967 PROTO=TCP SPT=55290 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:28:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1968 PROTO=TCP SPT=55290 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:28:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=5787 PROTO=TCP SPT=45771 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:28:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1969 PROTO=TCP SPT=55290 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:28:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=35895 PROTO=TCP SPT=47279 DPT=34149 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:29:00 server83 letsencrypt.live.cgi: time="2025-11-09T04:29:00+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=servicestore WantedNames="[]" error="Account is suspended" Nov 9 04:29:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=5788 PROTO=TCP SPT=45771 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:01 server83 systemd: Started Session 306320 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306321 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306324 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306322 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306323 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306325 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306327 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306326 of user root. Nov 9 04:29:01 server83 systemd: Started Session 306328 of user root. Nov 9 04:29:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=5789 PROTO=TCP SPT=45771 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=657 SEQ=1 Nov 9 04:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=14287 DF PROTO=ICMP TYPE=8 CODE=0 ID=32807 SEQ=42919 Nov 9 04:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53435 SEQ=1 Nov 9 04:29:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=5791 PROTO=TCP SPT=45771 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50686 SEQ=1 Nov 9 04:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40566 SEQ=1 Nov 9 04:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32011 SEQ=1 Nov 9 04:29:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3324 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=49255 PROTO=TCP SPT=59492 DPT=33249 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:29:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:29:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.92.32 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=46 ID=49546 DF PROTO=TCP SPT=50570 DPT=8188 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 04:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22242 SEQ=1 Nov 9 04:29:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37783 SEQ=1 Nov 9 04:29:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7365 SEQ=1 Nov 9 04:29:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48852 SEQ=1 Nov 9 04:29:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21531 PROTO=TCP SPT=41356 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:29:15 server83 letsencrypt.live.cgi: time="2025-11-09T04:29:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=netcenterco WantedNames="[]" Nov 9 04:29:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38973 SEQ=1 Nov 9 04:29:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44461 SEQ=1 Nov 9 04:29:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16022 SEQ=1 Nov 9 04:29:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38973 SEQ=1 Nov 9 04:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19384 SEQ=1 Nov 9 04:29:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8052 PROTO=TCP SPT=49536 DPT=4486 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:29:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.105.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=35134 DPT=1270 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44235 SEQ=1 Nov 9 04:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64801 SEQ=1 Nov 9 04:29:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.42.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49231 DPT=10052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50506 SEQ=1 Nov 9 04:29:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25026 PROTO=TCP SPT=49956 DPT=27262 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:29:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7380 DF PROTO=TCP SPT=62042 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:29:30 server83 letsencrypt.live.cgi: time="2025-11-09T04:29:30+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=drmanekarhospita WantedNames="[]" error="Account is suspended" Nov 9 04:29:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7381 DF PROTO=TCP SPT=62042 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:29:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7382 DF PROTO=TCP SPT=62042 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:29:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26893 SEQ=1 Nov 9 04:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2997 SEQ=1 Nov 9 04:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51022 SEQ=1 Nov 9 04:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43062 SEQ=1 Nov 9 04:29:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7383 DF PROTO=TCP SPT=62042 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:29:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.97 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=50844 DF PROTO=TCP SPT=23910 DPT=6699 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57446 SEQ=1 Nov 9 04:29:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24235 PROTO=TCP SPT=43473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24236 PROTO=TCP SPT=43473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:40 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.98.58.108 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=UDP SPT=53426 DPT=123 LEN=200 Nov 9 04:29:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54936 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24237 PROTO=TCP SPT=43473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54937 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=128.1.33.94 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=34 ID=0 DF PROTO=TCP SPT=46520 DPT=8051 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:29:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54938 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24239 PROTO=TCP SPT=43473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40044 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:29:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54939 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54940 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:29:46 server83 letsencrypt.live.cgi: time="2025-11-09T04:29:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=the100indianmus WantedNames="[]" Nov 9 04:29:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:29:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40639 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:29:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.73.94 DST=145.239.177.179 LEN=72 TOS=0x00 PREC=0x00 TTL=45 ID=25830 PROTO=UDP SPT=26854 DPT=30311 LEN=52 Nov 9 04:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64870 SEQ=1 Nov 9 04:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37983 SEQ=1 Nov 9 04:29:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4806 PROTO=TCP SPT=61234 DPT=5947 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18043 SEQ=1 Nov 9 04:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2205 SEQ=1 Nov 9 04:29:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24806 PROTO=TCP SPT=36117 DPT=9892 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:29:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31756 PROTO=TCP SPT=61234 DPT=5977 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:01 server83 systemd: Started Session 306331 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306329 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306332 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306330 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306335 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306336 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306334 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306333 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306338 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306339 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306340 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306337 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306341 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306342 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306343 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306346 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306347 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306344 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306345 of user root. Nov 9 04:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 04:30:01 server83 systemd: Started Session 306348 of user sanatanhinduvahi. Nov 9 04:30:01 server83 systemd: Started Session 306349 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306350 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306352 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306351 of user root. Nov 9 04:30:01 server83 systemd: Started Session 306353 of user root. Nov 9 04:30:01 server83 systemd: Created slice User Slice of mailman. Nov 9 04:30:01 server83 systemd: Started Session 306354 of user mailman. Nov 9 04:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 04:30:01 server83 systemd: Removed slice User Slice of mailman. Nov 9 04:30:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:02 server83 letsencrypt.live.cgi: time="2025-11-09T04:30:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wellito WantedNames="[]" Nov 9 04:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15598 SEQ=1 Nov 9 04:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7416 SEQ=1 Nov 9 04:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13756 SEQ=1 Nov 9 04:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15598 SEQ=1 Nov 9 04:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.155.32.88 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=46590 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:30:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34867 SEQ=1 Nov 9 04:30:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=359 SEQ=1 Nov 9 04:30:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=59580 DF PROTO=ICMP TYPE=8 CODE=0 ID=44182 SEQ=5605 Nov 9 04:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34792 SEQ=1 Nov 9 04:30:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31152 SEQ=1 Nov 9 04:30:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15156 SEQ=1 Nov 9 04:30:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3332 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:11 server83 imunify-auditd-log-reader[15193]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 04:30:11 server83 imunify-auditd-log-reader[15193]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 04:30:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:13 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:13 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=45422 PROTO=TCP SPT=56185 DPT=7911 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=47093 PROTO=TCP SPT=21459 DPT=23270 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:30:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32969 PROTO=TCP SPT=49956 DPT=29721 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:16 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:16 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:30:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.165.134 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33782 DPT=45785 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:30:16 server83 imunify-auditd-log-reader[15193]: error messages suppressed: 15 Nov 9 04:30:16 server83 imunify-auditd-log-reader[15193]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:30:17 server83 letsencrypt.live.cgi: time="2025-11-09T04:30:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aricaoil WantedNames="[]" Nov 9 04:30:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17255 PROTO=TCP SPT=49120 DPT=3390 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6159 SEQ=1 Nov 9 04:30:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.183.65.49 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=13206 Nov 9 04:30:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.183.65.49 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=22 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=13772 Nov 9 04:30:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.183.65.49 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=14161 Nov 9 04:30:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28435 SEQ=1 Nov 9 04:30:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=870 SEQ=1 Nov 9 04:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43493 SEQ=1 Nov 9 04:30:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61458 PROTO=TCP SPT=49956 DPT=28525 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.86.15 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=20034 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=17685 Nov 9 04:30:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.151 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=41063 PROTO=TCP SPT=49961 DPT=48336 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:30:30 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:30:30 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:30:30 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:30:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=35712 PROTO=TCP SPT=56506 DPT=3392 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:30:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.151 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55426 DPT=192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:30:33 server83 letsencrypt.live.cgi: time="2025-11-09T04:30:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vikramfoundation WantedNames="[]" Nov 9 04:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39858 SEQ=1 Nov 9 04:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56077 SEQ=1 Nov 9 04:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.231.186.25 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=20 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=5327 Nov 9 04:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.231.186.25 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=18 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=5698 Nov 9 04:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40127 SEQ=1 Nov 9 04:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17168 SEQ=1 Nov 9 04:30:40 server83 scripts.sh: Sun Nov 9 04:30:40 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 04:30:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=6145 PROTO=TCP SPT=47263 DPT=39449 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:30:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11178 SEQ=1 Nov 9 04:30:47 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39144 SEQ=1 Nov 9 04:30:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31166 SEQ=1 Nov 9 04:30:49 server83 letsencrypt.live.cgi: time="2025-11-09T04:30:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tonitednaticom WantedNames="[]" Nov 9 04:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.207.232.10 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=11534 Nov 9 04:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28998 SEQ=1 Nov 9 04:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.207.232.10 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=12939 Nov 9 04:30:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7385 DF PROTO=TCP SPT=63912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6184 SEQ=1 Nov 9 04:30:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7386 DF PROTO=TCP SPT=63912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27156 SEQ=1 Nov 9 04:30:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7387 DF PROTO=TCP SPT=63912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55381 SEQ=1 Nov 9 04:30:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49177 DPT=10997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:30:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:30:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7388 DF PROTO=TCP SPT=63912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:31:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.123 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54322 DPT=48299 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:31:01 server83 systemd: Started Session 306355 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306359 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306357 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306356 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306358 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306360 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306362 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306361 of user root. Nov 9 04:31:01 server83 systemd: Started Session 306363 of user root. Nov 9 04:31:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:31:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:31:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.186 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=18770 DF PROTO=TCP SPT=22286 DPT=9998 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:31:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=65505 PROTO=TCP SPT=53762 DPT=10000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.155.112.151 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=7111 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3964 SEQ=1 Nov 9 04:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.216.238 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=18867 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=6099 Nov 9 04:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=556 SEQ=1 Nov 9 04:31:04 server83 letsencrypt.live.cgi: time="2025-11-09T04:31:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rbcrmail WantedNames="[]" Nov 9 04:31:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16136 SEQ=1 Nov 9 04:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31476 SEQ=1 Nov 9 04:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7389 DF PROTO=TCP SPT=63912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=97.107.133.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37188 DPT=21119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16639 SEQ=1 Nov 9 04:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59483 SEQ=1 Nov 9 04:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16136 SEQ=1 Nov 9 04:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=556 SEQ=1 Nov 9 04:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31476 SEQ=1 Nov 9 04:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25938 PROTO=TCP SPT=42323 DPT=6067 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:31:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41795 SEQ=1 Nov 9 04:31:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51867 SEQ=1 Nov 9 04:31:20 server83 letsencrypt.live.cgi: time="2025-11-09T04:31:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fastlinkexpress WantedNames="[]" Nov 9 04:31:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.89.88.128 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=235 ID=41679 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=7763 Nov 9 04:31:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45329 SEQ=1 Nov 9 04:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43825 SEQ=1 Nov 9 04:31:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=39.104.134.58 DST=145.239.177.179 LEN=40 TOS=0x18 PREC=0xA0 TTL=234 ID=47409 PROTO=TCP SPT=58401 DPT=2375 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45329 SEQ=1 Nov 9 04:31:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4536 PROTO=TCP SPT=61303 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3121 SEQ=1 Nov 9 04:31:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54302 PROTO=TCP SPT=59599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4537 PROTO=TCP SPT=61303 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27363 PROTO=TCP SPT=51210 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37689 DPT=21119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:31:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59086 PROTO=TCP SPT=46438 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59088 PROTO=TCP SPT=46438 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59090 PROTO=TCP SPT=46438 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:31:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17896 SEQ=1 Nov 9 04:31:35 server83 letsencrypt.live.cgi: time="2025-11-09T04:31:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cdmail WantedNames="[]" Nov 9 04:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62631 SEQ=1 Nov 9 04:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63227 SEQ=1 Nov 9 04:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60698 SEQ=1 Nov 9 04:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22285 SEQ=1 Nov 9 04:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29329 SEQ=1 Nov 9 04:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9250 SEQ=1 Nov 9 04:31:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.233 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9101 DF PROTO=TCP SPT=16803 DPT=4734 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:31:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16384 PROTO=TCP SPT=61234 DPT=5936 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41087 PROTO=TCP SPT=49956 DPT=25209 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.176 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55554 DPT=28015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:31:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12497 SEQ=1 Nov 9 04:31:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=40334 PROTO=TCP SPT=56185 DPT=7917 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11299 SEQ=1 Nov 9 04:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53099 SEQ=1 Nov 9 04:31:51 server83 letsencrypt.live.cgi: time="2025-11-09T04:31:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=chopraandsonsrec WantedNames="[]" Nov 9 04:31:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=602 PROTO=TCP SPT=43457 DPT=2484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=19351 DF PROTO=ICMP TYPE=8 CODE=0 ID=46122 SEQ=14421 Nov 9 04:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.106 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=32217 DF PROTO=ICMP TYPE=8 CODE=0 ID=41461 SEQ=38408 Nov 9 04:31:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=25825 PROTO=TCP SPT=56033 DPT=7708 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12497 SEQ=1 Nov 9 04:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=433 SEQ=1 Nov 9 04:31:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.55 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52078 DPT=9591 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:32:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.66.75.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3764 PROTO=TCP SPT=65257 DPT=32787 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:32:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17286 SEQ=1 Nov 9 04:32:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:32:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:32:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:32:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:32:01 server83 systemd: Started Session 306365 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306364 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306366 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306368 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306367 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306369 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306370 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306371 of user root. Nov 9 04:32:01 server83 systemd: Started Session 306372 of user root. Nov 9 04:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27441 SEQ=1 Nov 9 04:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22257 SEQ=1 Nov 9 04:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41589 SEQ=1 Nov 9 04:32:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.155.32.88 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=64430 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:32:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54885 SEQ=1 Nov 9 04:32:07 server83 letsencrypt.live.cgi: time="2025-11-09T04:32:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=goldblue WantedNames="[]" Nov 9 04:32:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13261 SEQ=1 Nov 9 04:32:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44128 SEQ=1 Nov 9 04:32:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.143.152.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46840 DPT=8001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:32:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:32:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26602 SEQ=1 Nov 9 04:32:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35545 SEQ=1 Nov 9 04:32:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18504 SEQ=1 Nov 9 04:32:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18504 SEQ=1 Nov 9 04:32:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49008 SEQ=1 Nov 9 04:32:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60490 SEQ=1 Nov 9 04:32:22 server83 letsencrypt.live.cgi: time="2025-11-09T04:32:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=farooqlhusain WantedNames="[]" Nov 9 04:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45095 SEQ=1 Nov 9 04:32:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.235.176.50 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=49787 DPT=123 LEN=200 Nov 9 04:32:30 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:32:30 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.25 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1055 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2782 PROTO=TCP SPT=56949 DPT=8501 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:32:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.217.194.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57005 DPT=8020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:32:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3113 PROTO=TCP SPT=58996 DPT=5548 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:32:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36382 SEQ=1 Nov 9 04:32:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23767 SEQ=1 Nov 9 04:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27090 SEQ=1 Nov 9 04:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=22423 DF PROTO=ICMP TYPE=8 CODE=0 ID=45856 SEQ=56413 Nov 9 04:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17143 SEQ=1 Nov 9 04:32:38 server83 letsencrypt.live.cgi: time="2025-11-09T04:32:38+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=grreenlandintern WantedNames="[]" error="Account is suspended" Nov 9 04:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48115 SEQ=1 Nov 9 04:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34681 PROTO=TCP SPT=57056 DPT=7626 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33282 PROTO=TCP SPT=48052 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33283 PROTO=TCP SPT=48052 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44843 PROTO=TCP SPT=47824 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33284 PROTO=TCP SPT=48052 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44844 PROTO=TCP SPT=47824 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44845 PROTO=TCP SPT=47824 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44846 PROTO=TCP SPT=47824 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44847 PROTO=TCP SPT=47824 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:32:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=25357 PROTO=TCP SPT=53762 DPT=30443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:32:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60 SEQ=1 Nov 9 04:32:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9949 SEQ=1 Nov 9 04:32:48 server83 aibolit_wrapper[15994]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626429681020212.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626429681021760.txt --log=/tmp/malware_cleaner_log_17626429681023178.txt --progress=/tmp/malware_cleaner_progress_17626429681022802.json --csv_result=/tmp/revisium_csvfile_17626429681022978.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:32:48 server83 systemd: Started Session c2829 of user root. Nov 9 04:32:48 server83 scripts.sh: Load Average: 3.80 , 4.45 Nov 9 04:32:48 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 04:32:48 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 04:32:48 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 04:32:48 server83 scripts.sh: HTTPD Status: inactive Nov 9 04:32:48 server83 scripts.sh: MySQL Status: active Nov 9 04:32:48 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 04:32:48 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 04:32:48 server83 scripts.sh: SSHD Status: active Nov 9 04:32:48 server83 scripts.sh: FTP Status: active Nov 9 04:32:48 server83 scripts.sh: LiteSpeed Status: Active Nov 9 04:32:48 server83 scripts.sh: Imunify Status: Active Nov 9 04:32:48 server83 scripts.sh: cPanel Status: active Nov 9 04:32:48 server83 scripts.sh: Memory Status: 11/31 GB - 36.94% Nov 9 04:32:48 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 04:32:48 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 04:32:48 server83 scripts.sh: Local Version: 4.4.5 Nov 9 04:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60273 SEQ=1 Nov 9 04:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59930 SEQ=1 Nov 9 04:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60273 SEQ=1 Nov 9 04:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58550 SEQ=1 Nov 9 04:32:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39311 PROTO=TCP SPT=46370 DPT=1590 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:32:53 server83 letsencrypt.live.cgi: time="2025-11-09T04:32:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ibnsecure WantedNames="[]" Nov 9 04:32:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3331 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:32:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57358 DPT=9021 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:32:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3323 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:32:59 server83 aibolit_wrapper[17355]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626429792991902.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626429792992780.txt --log=/tmp/malware_cleaner_log_17626429792993566.txt --progress=/tmp/malware_cleaner_progress_17626429792993352.json --csv_result=/tmp/revisium_csvfile_17626429792993448.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0897] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0901] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0902] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0904] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0914] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0916] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:33:00 server83 NetworkManager[922]: <info> [1762642980.0926] dhcp4 (eth1): dhclient started with pid 17452 Nov 9 04:33:00 server83 dhclient[17452]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x72a90172) Nov 9 04:33:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:33:01 server83 imunify-auditd-log-reader[15193]: lost 2 message sequences Nov 9 04:33:01 server83 imunify-auditd-log-reader[15193]: lost 2 message sequences Nov 9 04:33:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:33:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:33:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:33:01 server83 systemd: Started Session 306376 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306373 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306374 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306377 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306378 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306375 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306379 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306381 of user root. Nov 9 04:33:01 server83 systemd: Started Session 306380 of user root. Nov 9 04:33:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=40.124.174.245 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=13162 PROTO=TCP SPT=45604 DPT=1931 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13119 SEQ=1 Nov 9 04:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1003 SEQ=1 Nov 9 04:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13490 SEQ=1 Nov 9 04:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=40914 DF PROTO=ICMP TYPE=8 CODE=0 ID=45619 SEQ=6645 Nov 9 04:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2191 SEQ=1 Nov 9 04:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57300 DPT=9021 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:33:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43387 SEQ=1 Nov 9 04:33:06 server83 dhclient[17452]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x72a90172) Nov 9 04:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17613 SEQ=1 Nov 9 04:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45088 SEQ=1 Nov 9 04:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16507 SEQ=1 Nov 9 04:33:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3330 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:33:09 server83 letsencrypt.live.cgi: time="2025-11-09T04:33:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=genenralsecurity WantedNames="[]" Nov 9 04:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13490 SEQ=1 Nov 9 04:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2981 PROTO=TCP SPT=47263 DPT=6253 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:33:12 server83 dhclient[17452]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x72a90172) Nov 9 04:33:16 server83 aibolit_wrapper[19529]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626429966332070.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626429966334562.txt --log=/tmp/malware_cleaner_log_17626429966337106.txt --progress=/tmp/malware_cleaner_progress_17626429966336294.json --csv_result=/tmp/revisium_csvfile_17626429966336600.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:33:16 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 04:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=24842 DF PROTO=ICMP TYPE=8 CODE=0 ID=29238 SEQ=28268 Nov 9 04:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53501 SEQ=1 Nov 9 04:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8573 SEQ=1 Nov 9 04:33:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5908 SEQ=1 Nov 9 04:33:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16661 SEQ=1 Nov 9 04:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38557 SEQ=1 Nov 9 04:33:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.104 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=4310 PROTO=TCP SPT=49556 DPT=9200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:33:23 server83 dhclient[17452]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x72a90172) Nov 9 04:33:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8573 SEQ=1 Nov 9 04:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53501 SEQ=1 Nov 9 04:33:24 server83 letsencrypt.live.cgi: time="2025-11-09T04:33:24+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sanviagro WantedNames="[]" error="Account is suspended" Nov 9 04:33:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.17 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=45943 PROTO=TCP SPT=26200 DPT=5229 WINDOW=28079 RES=0x00 SYN URGP=0 Nov 9 04:33:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.252 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=35900 DF PROTO=TCP SPT=34210 DPT=9534 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:33:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:33:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32218 PROTO=TCP SPT=48085 DPT=6751 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:33:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.84.58.231 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=46569 DPT=1270 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43899 SEQ=1 Nov 9 04:33:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63847 SEQ=1 Nov 9 04:33:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34835 SEQ=1 Nov 9 04:33:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51860 SEQ=1 Nov 9 04:33:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34835 SEQ=1 Nov 9 04:33:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5100 SEQ=1 Nov 9 04:33:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=62423 PROTO=TCP SPT=21459 DPT=9092 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:33:39 server83 letsencrypt.live.cgi: time="2025-11-09T04:33:39+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vishwaskikiran WantedNames="[]" error="Account is suspended" Nov 9 04:33:40 server83 dhclient[17452]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x72a90172) Nov 9 04:33:45 server83 NetworkManager[922]: <warn> [1762643025.0858] dhcp4 (eth1): request timed out Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.0858] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1018] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17452 Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1018] dhcp4 (eth1): state changed timeout -> done Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1020] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:33:45 server83 NetworkManager[922]: <warn> [1762643025.1023] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1024] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1052] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1055] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1055] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1057] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1066] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1068] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:33:45 server83 NetworkManager[922]: <info> [1762643025.1077] dhcp4 (eth1): dhclient started with pid 23003 Nov 9 04:33:45 server83 dhclient[23003]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x68e21b24) Nov 9 04:33:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=46616 PROTO=TCP SPT=56114 DPT=7808 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47427 SEQ=1 Nov 9 04:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37318 SEQ=1 Nov 9 04:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17187 SEQ=1 Nov 9 04:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12144 SEQ=1 Nov 9 04:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21314 SEQ=1 Nov 9 04:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=49.0.254.76 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=53875 DF PROTO=ICMP TYPE=8 CODE=0 ID=34546 SEQ=56349 Nov 9 04:33:53 server83 dhclient[23003]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x68e21b24) Nov 9 04:33:54 server83 letsencrypt.live.cgi: time="2025-11-09T04:33:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=kamlaprint WantedNames="[]" error="Account is suspended" Nov 9 04:34:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:34:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:34:01 server83 systemd: Started Session 306382 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306384 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306383 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306386 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306385 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306390 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306388 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306389 of user root. Nov 9 04:34:01 server83 systemd: Started Session 306387 of user root. Nov 9 04:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1192 SEQ=1 Nov 9 04:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=27499 DF PROTO=ICMP TYPE=8 CODE=0 ID=5937 SEQ=39804 Nov 9 04:34:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.155.112.151 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=23998 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:34:04 server83 dhclient[23003]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x68e21b24) Nov 9 04:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45106 SEQ=1 Nov 9 04:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50094 SEQ=1 Nov 9 04:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39623 SEQ=1 Nov 9 04:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33733 SEQ=1 Nov 9 04:34:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1192 SEQ=1 Nov 9 04:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38823 SEQ=1 Nov 9 04:34:10 server83 letsencrypt.live.cgi: time="2025-11-09T04:34:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=zebnux WantedNames="[]" Nov 9 04:34:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=203.55.131.5 DST=51.210.113.204 LEN=52 TOS=0x08 PREC=0x20 TTL=48 ID=61802 PROTO=TCP SPT=42923 DPT=8085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:34:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=22581 PROTO=TCP SPT=56753 DPT=8118 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:34:19 server83 dhclient[23003]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x68e21b24) Nov 9 04:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23721 SEQ=1 Nov 9 04:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24282 SEQ=1 Nov 9 04:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24091 SEQ=1 Nov 9 04:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14368 SEQ=1 Nov 9 04:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23721 SEQ=1 Nov 9 04:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14368 SEQ=1 Nov 9 04:34:26 server83 letsencrypt.live.cgi: time="2025-11-09T04:34:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=stbonlineco WantedNames="[]" Nov 9 04:34:30 server83 NetworkManager[922]: <warn> [1762643070.0812] dhcp4 (eth1): request timed out Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.0813] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.0972] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23003 Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.0973] dhcp4 (eth1): state changed timeout -> done Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.0974] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:34:30 server83 NetworkManager[922]: <warn> [1762643070.0978] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.0979] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1007] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1010] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1010] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1013] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1021] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1023] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:34:30 server83 NetworkManager[922]: <info> [1762643070.1031] dhcp4 (eth1): dhclient started with pid 28369 Nov 9 04:34:30 server83 dhclient[28369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x35a0db8a) Nov 9 04:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20202 SEQ=1 Nov 9 04:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31282 SEQ=1 Nov 9 04:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32972 SEQ=1 Nov 9 04:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.232.236.91 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=42 ID=13181 DF PROTO=ICMP TYPE=8 CODE=0 ID=33364 SEQ=29589 Nov 9 04:34:36 server83 dhclient[28369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x35a0db8a) Nov 9 04:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18241 SEQ=1 Nov 9 04:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19031 SEQ=1 Nov 9 04:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3322 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19031 SEQ=1 Nov 9 04:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20202 SEQ=1 Nov 9 04:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16124 SEQ=1 Nov 9 04:34:41 server83 letsencrypt.live.cgi: time="2025-11-09T04:34:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mcuberec WantedNames="[]" Nov 9 04:34:42 server83 dhclient[28369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x35a0db8a) Nov 9 04:34:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1672 PROTO=TCP SPT=54759 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:34:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1673 PROTO=TCP SPT=54759 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15918 PROTO=TCP SPT=51181 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1674 PROTO=TCP SPT=54759 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15919 PROTO=TCP SPT=51181 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1675 PROTO=TCP SPT=54759 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15920 PROTO=TCP SPT=51181 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.141.34.20 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=11463 PROTO=TCP SPT=49015 DPT=10060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:34:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15921 PROTO=TCP SPT=51181 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58712 SEQ=1 Nov 9 04:34:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.134.19 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7221 DF PROTO=TCP SPT=44326 DPT=31949 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:34:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15922 PROTO=TCP SPT=51181 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:34:56 server83 dhclient[28369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x35a0db8a) Nov 9 04:34:57 server83 letsencrypt.live.cgi: time="2025-11-09T04:34:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sumatifacilityma WantedNames="[]" error="Account is suspended" Nov 9 04:35:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:35:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:35:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:35:01 server83 imunify-auditd-log-reader[15193]: lost 2 message sequences Nov 9 04:35:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:35:01 server83 systemd: Started Session 306391 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306393 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306392 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306395 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306397 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306394 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306396 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306398 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306399 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306400 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306401 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306403 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306404 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306405 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306406 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306402 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306407 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306408 of user root. Nov 9 04:35:01 server83 systemd: Started Session 306409 of user root. Nov 9 04:35:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3329 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:35:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65469 PROTO=TCP SPT=46370 DPT=1862 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:35:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4421 PROTO=TCP SPT=49956 DPT=28279 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:35:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=42954 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29496 PROTO=TCP SPT=37251 DPT=7414 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.208.229.230 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=14799 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=6099 Nov 9 04:35:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.38.230.202 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=61326 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=10395 Nov 9 04:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47199 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.191.234.170 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=235 ID=8412 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=9824 Nov 9 04:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=28702 DF PROTO=ICMP TYPE=8 CODE=0 ID=10504 SEQ=30964 Nov 9 04:35:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16146 SEQ=1 Nov 9 04:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.130 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51819 DPT=5172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40116 SEQ=1 Nov 9 04:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12196 SEQ=1 Nov 9 04:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56767 SEQ=1 Nov 9 04:35:12 server83 letsencrypt.live.cgi: time="2025-11-09T04:35:12+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sonavermafoundat WantedNames="[]" error="Account is suspended" Nov 9 04:35:13 server83 pam_imunify_daemon.bin: time="2025-11-09T04:35:13+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 04:35:14 server83 dhclient[28369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x35a0db8a) Nov 9 04:35:15 server83 NetworkManager[922]: <warn> [1762643115.0877] dhcp4 (eth1): request timed out Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.0877] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1197] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28369 Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1197] dhcp4 (eth1): state changed timeout -> done Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1199] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:35:15 server83 NetworkManager[922]: <warn> [1762643115.1202] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1204] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1232] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1235] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1235] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1238] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1247] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1248] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:35:15 server83 NetworkManager[922]: <info> [1762643115.1260] dhcp4 (eth1): dhclient started with pid 2035 Nov 9 04:35:15 server83 dhclient[2035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x71155d13) Nov 9 04:35:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34399 SEQ=1 Nov 9 04:35:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33443 SEQ=1 Nov 9 04:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34399 SEQ=1 Nov 9 04:35:17 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.253 DST=145.239.177.179 LEN=154 TOS=0x00 PREC=0x00 TTL=35 ID=55693 PROTO=UDP SPT=30945 DPT=33229 LEN=134 Nov 9 04:35:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.74 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24870 PROTO=TCP SPT=42963 DPT=3307 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:35:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.168.150.174 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=13206 Nov 9 04:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58736 SEQ=1 Nov 9 04:35:20 server83 dhclient[2035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x71155d13) Nov 9 04:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58736 SEQ=1 Nov 9 04:35:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12913 SEQ=1 Nov 9 04:35:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=24539 PROTO=TCP SPT=41222 DPT=6002 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:35:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33883 DPT=5172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3328 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:35:27 server83 letsencrypt.live.cgi: time="2025-11-09T04:35:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=moanubhav WantedNames="[]" Nov 9 04:35:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22888 PROTO=TCP SPT=54739 DPT=2698 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:35:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8476 SEQ=1 Nov 9 04:35:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31054 SEQ=1 Nov 9 04:35:31 server83 dhclient[2035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x71155d13) Nov 9 04:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15730 SEQ=1 Nov 9 04:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9196 SEQ=1 Nov 9 04:35:32 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:35:32 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:35:32 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.231.167.210 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=19 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=5698 Nov 9 04:35:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54065 DPT=16000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.98 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56694 DPT=23929 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:35:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=5299 PROTO=TCP SPT=56185 DPT=7905 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:35:43 server83 letsencrypt.live.cgi: time="2025-11-09T04:35:43+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sndiatourbypriva WantedNames="[]" error="Account is suspended" Nov 9 04:35:44 server83 dhclient[2035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x71155d13) Nov 9 04:35:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.181.179.52 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=11066 Nov 9 04:35:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1152 SEQ=1 Nov 9 04:35:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50745 SEQ=1 Nov 9 04:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40558 SEQ=1 Nov 9 04:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15622 SEQ=1 Nov 9 04:35:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.217.0.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=43339 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38445 SEQ=1 Nov 9 04:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49155 SEQ=1 Nov 9 04:35:54 server83 dhclient[2035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x71155d13) Nov 9 04:35:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.42 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57036 DPT=14141 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.50.16.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=39924 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:35:56 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 04:35:56 server83 systemd: Stopped Status Update Service. Nov 9 04:35:56 server83 systemd: Started Status Update Service. Nov 9 04:35:58 server83 letsencrypt.live.cgi: time="2025-11-09T04:35:58+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=gayatri WantedNames="[]" error="Account is suspended" Nov 9 04:36:00 server83 NetworkManager[922]: <warn> [1762643160.0897] dhcp4 (eth1): request timed out Nov 9 04:36:00 server83 NetworkManager[922]: <info> [1762643160.0897] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:36:00 server83 NetworkManager[922]: <info> [1762643160.1057] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2035 Nov 9 04:36:00 server83 NetworkManager[922]: <info> [1762643160.1057] dhcp4 (eth1): state changed timeout -> done Nov 9 04:36:00 server83 NetworkManager[922]: <info> [1762643160.1060] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:36:00 server83 NetworkManager[922]: <warn> [1762643160.1064] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:36:00 server83 NetworkManager[922]: <info> [1762643160.1066] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:36:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:36:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:36:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:36:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:36:01 server83 systemd: Started Session 306411 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306415 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306413 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306410 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306417 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306414 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306416 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306418 of user root. Nov 9 04:36:01 server83 systemd: Started Session 306412 of user root. Nov 9 04:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58424 SEQ=1 Nov 9 04:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54488 SEQ=1 Nov 9 04:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61728 SEQ=1 Nov 9 04:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2483 SEQ=1 Nov 9 04:36:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.87.199.42 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=234 ID=57827 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=9824 Nov 9 04:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61728 SEQ=1 Nov 9 04:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48328 SEQ=1 Nov 9 04:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2483 SEQ=1 Nov 9 04:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8112 SEQ=1 Nov 9 04:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65289 SEQ=1 Nov 9 04:36:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.40.10 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=4647 DF PROTO=TCP SPT=40152 DPT=14145 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:36:13 server83 letsencrypt.live.cgi: time="2025-11-09T04:36:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=miv WantedNames="[]" Nov 9 04:36:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:36:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36615 SEQ=1 Nov 9 04:36:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33078 SEQ=1 Nov 9 04:36:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57908 PROTO=TCP SPT=41835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57909 PROTO=TCP SPT=41835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42246 PROTO=TCP SPT=53751 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57910 PROTO=TCP SPT=41835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48604 SEQ=1 Nov 9 04:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33078 SEQ=1 Nov 9 04:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7840 SEQ=1 Nov 9 04:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42247 PROTO=TCP SPT=53751 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57911 PROTO=TCP SPT=41835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42248 PROTO=TCP SPT=53751 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42250 PROTO=TCP SPT=53751 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:36:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.44.83.102 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=20364 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=2055 Nov 9 04:36:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.150 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=108 ID=1685 DF PROTO=ICMP TYPE=8 CODE=0 ID=53578 SEQ=15136 Nov 9 04:36:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.94.38.22 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=15124 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=8434 Nov 9 04:36:29 server83 letsencrypt.live.cgi: time="2025-11-09T04:36:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=commehrotra WantedNames="[]" Nov 9 04:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39875 SEQ=1 Nov 9 04:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46517 SEQ=1 Nov 9 04:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13664 SEQ=1 Nov 9 04:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35677 DPT=1003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14939 SEQ=1 Nov 9 04:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43025 SEQ=1 Nov 9 04:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3976 SEQ=1 Nov 9 04:36:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:36:45 server83 letsencrypt.live.cgi: time="2025-11-09T04:36:45+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=itwarene WantedNames="[]" error="Account is suspended" Nov 9 04:36:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:36:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60145 SEQ=1 Nov 9 04:36:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40881 PROTO=TCP SPT=40878 DPT=11970 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:36:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=48200 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3124 SEQ=1 Nov 9 04:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30116 SEQ=1 Nov 9 04:36:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7390 DF PROTO=TCP SPT=36489 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:36:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=49261 PROTO=TCP SPT=55503 DPT=6544 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:36:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7391 DF PROTO=TCP SPT=36489 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:36:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55221 DPT=13909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:36:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7392 DF PROTO=TCP SPT=36489 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:37:00 server83 letsencrypt.live.cgi: time="2025-11-09T04:37:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nbconline WantedNames="[]" Nov 9 04:37:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48927 PROTO=TCP SPT=46370 DPT=3054 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:37:01 server83 systemd: Started Session 306419 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306421 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306420 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306423 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306424 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306426 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306427 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306422 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306428 of user root. Nov 9 04:37:01 server83 systemd: Started Session 306425 of user root. Nov 9 04:37:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7393 DF PROTO=TCP SPT=36489 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:37:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:37:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64483 SEQ=1 Nov 9 04:37:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60447 SEQ=1 Nov 9 04:37:04 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.172 DST=145.239.177.179 LEN=36 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=50813 DPT=4798 LEN=16 Nov 9 04:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29524 DF PROTO=TCP SPT=44612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24754 PROTO=TCP SPT=47293 DPT=5941 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.19.160 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51005 DPT=1003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.88 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=11608 PROTO=TCP SPT=28387 DPT=20547 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:37:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29525 DF PROTO=TCP SPT=44612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64428 SEQ=1 Nov 9 04:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2672 SEQ=1 Nov 9 04:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64794 SEQ=1 Nov 9 04:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=49002 DF PROTO=ICMP TYPE=8 CODE=0 ID=27864 SEQ=40227 Nov 9 04:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25050 SEQ=1 Nov 9 04:37:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29526 DF PROTO=TCP SPT=44612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2672 SEQ=1 Nov 9 04:37:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.12.222 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=106 ID=40964 PROTO=TCP SPT=35761 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.12.219 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=105 ID=17448 PROTO=TCP SPT=45500 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:37:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.12.219 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=105 ID=17450 PROTO=TCP SPT=45500 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:37:15 server83 letsencrypt.live.cgi: time="2025-11-09T04:37:15+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=aceentnsk WantedNames="[]" error="Account is suspended" Nov 9 04:37:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18596 SEQ=1 Nov 9 04:37:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=198 SEQ=1 Nov 9 04:37:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14233 SEQ=1 Nov 9 04:37:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3321 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:37:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35683 DPT=2332 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18596 SEQ=1 Nov 9 04:37:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.183 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49560 DPT=1244 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54912 SEQ=1 Nov 9 04:37:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=19428 PROTO=TCP SPT=35803 DPT=9876 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:37:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19525 PROTO=TCP SPT=47443 DPT=4165 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:31 server83 letsencrypt.live.cgi: time="2025-11-09T04:37:31+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=dayaldesign WantedNames="[]" error="Account is suspended" Nov 9 04:37:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21616 SEQ=1 Nov 9 04:37:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55981 SEQ=1 Nov 9 04:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38142 SEQ=1 Nov 9 04:37:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18013 SEQ=1 Nov 9 04:37:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:37:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3320 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:37:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15549 SEQ=1 Nov 9 04:37:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.90 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=34311 PROTO=TCP SPT=43093 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:37:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37360 PROTO=TCP SPT=49980 DPT=7974 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.128.163.195 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=41 ID=63986 DF PROTO=ICMP TYPE=8 CODE=0 ID=62233 SEQ=619 Nov 9 04:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29529 DF PROTO=TCP SPT=44612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40847 SEQ=1 Nov 9 04:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37992 SEQ=1 Nov 9 04:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17464 SEQ=1 Nov 9 04:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64696 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50953 DPT=23388 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64697 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:42 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:37:42 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64698 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:46 server83 letsencrypt.live.cgi: time="2025-11-09T04:37:46+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ismailtrading WantedNames="[]" error="Account is suspended" Nov 9 04:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64699 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=23684 PROTO=TCP SPT=21459 DPT=13001 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38677 SEQ=1 Nov 9 04:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14410 SEQ=1 Nov 9 04:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59942 SEQ=1 Nov 9 04:37:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64700 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:37:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.65 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=50002 PROTO=TCP SPT=56675 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:38:01 server83 systemd: Started Session 306429 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306430 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306432 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306433 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306434 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306436 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306435 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306437 of user root. Nov 9 04:38:01 server83 systemd: Started Session 306431 of user root. Nov 9 04:38:01 server83 letsencrypt.live.cgi: time="2025-11-09T04:38:01+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=dvntrust WantedNames="[]" error="Account is suspended" Nov 9 04:38:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3327 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:38:03 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 04:38:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39367 SEQ=1 Nov 9 04:38:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18407 SEQ=1 Nov 9 04:38:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.38.100.70 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=7350 DF PROTO=ICMP TYPE=8 CODE=0 ID=11 SEQ=11729 Nov 9 04:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8258 SEQ=1 Nov 9 04:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49176 SEQ=1 Nov 9 04:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8098 SEQ=1 Nov 9 04:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19356 SEQ=1 Nov 9 04:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31938 SEQ=1 Nov 9 04:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6064 SEQ=1 Nov 9 04:38:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.3 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53553 DPT=48132 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:38:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29530 DF PROTO=TCP SPT=44612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64701 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22160 SEQ=1 Nov 9 04:38:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48170 SEQ=1 Nov 9 04:38:16 server83 letsencrypt.live.cgi: time="2025-11-09T04:38:16+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sandhanvalleytre WantedNames="[]" error="Account is suspended" Nov 9 04:38:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36474 SEQ=1 Nov 9 04:38:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49242 SEQ=1 Nov 9 04:38:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.128 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37014 DPT=2332 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.17 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42577 PROTO=TCP SPT=18772 DPT=103 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13825 DF PROTO=TCP SPT=59558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35871 SEQ=1 Nov 9 04:38:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13826 DF PROTO=TCP SPT=59558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13827 DF PROTO=TCP SPT=59558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.27 DST=145.239.177.179 LEN=76 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=53012 DPT=2123 LEN=56 Nov 9 04:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5562 SEQ=1 Nov 9 04:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56072 SEQ=1 Nov 9 04:38:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:38:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=34858 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:38:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.251.135.235 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=49243 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=8434 Nov 9 04:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13828 DF PROTO=TCP SPT=59558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:31 server83 letsencrypt.live.cgi: time="2025-11-09T04:38:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shopiton WantedNames="[]" Nov 9 04:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30928 SEQ=1 Nov 9 04:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36213 SEQ=1 Nov 9 04:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34284 SEQ=1 Nov 9 04:38:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56769 SEQ=1 Nov 9 04:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13829 DF PROTO=TCP SPT=59558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16484 SEQ=1 Nov 9 04:38:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7395 DF PROTO=TCP SPT=57355 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:38:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34087 PROTO=TCP SPT=35377 DPT=9718 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=20086 DF PROTO=ICMP TYPE=8 CODE=0 ID=25108 SEQ=19792 Nov 9 04:38:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7396 DF PROTO=TCP SPT=57355 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7741 SEQ=1 Nov 9 04:38:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7397 DF PROTO=TCP SPT=57355 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64702 DF PROTO=TCP SPT=58166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7398 DF PROTO=TCP SPT=57355 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:38:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:38:47 server83 letsencrypt.live.cgi: time="2025-11-09T04:38:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=belwailswimandfo WantedNames="[]" Nov 9 04:38:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3326 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:38:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13830 DF PROTO=TCP SPT=59558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:38:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45630 PROTO=TCP SPT=51464 DPT=8862 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25485 SEQ=1 Nov 9 04:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39573 SEQ=1 Nov 9 04:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25485 SEQ=1 Nov 9 04:38:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7399 DF PROTO=TCP SPT=57355 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62368 SEQ=1 Nov 9 04:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39573 SEQ=1 Nov 9 04:39:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:39:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:39:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:39:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:39:01 server83 systemd: Started Session 306438 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306439 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306440 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306444 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306443 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306441 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306442 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306445 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306446 of user root. Nov 9 04:39:01 server83 systemd: Started Session 306447 of user root. Nov 9 04:39:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:39:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:39:03 server83 letsencrypt.live.cgi: time="2025-11-09T04:39:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=eastbengalclub WantedNames="[]" Nov 9 04:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3576 SEQ=1 Nov 9 04:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16433 SEQ=1 Nov 9 04:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45028 SEQ=1 Nov 9 04:39:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=27637 DF PROTO=ICMP TYPE=8 CODE=0 ID=34673 SEQ=12842 Nov 9 04:39:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22536 SEQ=1 Nov 9 04:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.156.128.179 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=34514 PROTO=TCP SPT=18945 DPT=2003 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9701 DF PROTO=TCP SPT=37158 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=401 SEQ=1 Nov 9 04:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25618 SEQ=1 Nov 9 04:39:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9702 DF PROTO=TCP SPT=37158 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59870 SEQ=1 Nov 9 04:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41591 SEQ=1 Nov 9 04:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57097 SEQ=1 Nov 9 04:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9703 DF PROTO=TCP SPT=37158 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54534 PROTO=TCP SPT=42680 DPT=6776 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:39:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.52.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35373 DPT=5473 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:39:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.52.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43169 DPT=5473 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9704 DF PROTO=TCP SPT=37158 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=57226 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:39:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7401 DF PROTO=TCP SPT=58367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:39:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12560 SEQ=1 Nov 9 04:39:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7402 DF PROTO=TCP SPT=58367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:39:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34634 SEQ=1 Nov 9 04:39:19 server83 letsencrypt.live.cgi: time="2025-11-09T04:39:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=globalhospitalal WantedNames="[]" Nov 9 04:39:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28111 SEQ=1 Nov 9 04:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49863 SEQ=1 Nov 9 04:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11883 SEQ=1 Nov 9 04:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12560 SEQ=1 Nov 9 04:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7403 DF PROTO=TCP SPT=58367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:39:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11883 SEQ=1 Nov 9 04:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3325 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:39:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3319 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:39:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=117.72.191.0 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=107 ID=0 DF PROTO=TCP SPT=44950 DPT=2222 WINDOW=9372 RES=0x00 SYN URGP=0 Nov 9 04:39:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34306 PROTO=TCP SPT=48855 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:39:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40627 PROTO=TCP SPT=53269 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:39:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40629 PROTO=TCP SPT=53269 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=46071 DF PROTO=ICMP TYPE=8 CODE=0 ID=60049 SEQ=55843 Nov 9 04:39:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40631 PROTO=TCP SPT=53269 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58123 SEQ=1 Nov 9 04:39:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49962 SEQ=1 Nov 9 04:39:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45216 SEQ=1 Nov 9 04:39:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47636 SEQ=1 Nov 9 04:39:34 server83 letsencrypt.live.cgi: time="2025-11-09T04:39:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=jaisalmerdeserts WantedNames="[]" error="Account is suspended" Nov 9 04:39:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7408 DF PROTO=TCP SPT=58735 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:39:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9706 DF PROTO=TCP SPT=37158 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63563 SEQ=1 Nov 9 04:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61739 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61740 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7409 DF PROTO=TCP SPT=58735 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:39:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61741 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46378 SEQ=1 Nov 9 04:39:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46378 SEQ=1 Nov 9 04:39:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41805 SEQ=1 Nov 9 04:39:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21378 SEQ=1 Nov 9 04:39:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=163.181.60.252 DST=145.239.177.179 LEN=84 TOS=0x08 PREC=0x20 TTL=46 ID=39660 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=6 Nov 9 04:39:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24662 SEQ=1 Nov 9 04:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61742 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:49 server83 letsencrypt.live.cgi: time="2025-11-09T04:39:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=smtjpdsmv WantedNames="[]" Nov 9 04:39:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3318 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:39:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54173 PROTO=TCP SPT=61234 DPT=1984 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:39:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26797 PROTO=TCP SPT=45006 DPT=7585 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41805 SEQ=1 Nov 9 04:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61743 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:39:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=13867 PROTO=TCP SPT=47254 DPT=6354 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:40:01 server83 systemd: Started Session 306450 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306449 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306448 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306451 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306453 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306454 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306455 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306452 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306456 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306457 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306460 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306458 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306461 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306459 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306462 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306464 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306463 of user root. Nov 9 04:40:01 server83 systemd: Started Session 306465 of user root. Nov 9 04:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30294 SEQ=1 Nov 9 04:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.155.112.151 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=1368 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:40:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13753 SEQ=1 Nov 9 04:40:05 server83 letsencrypt.live.cgi: time="2025-11-09T04:40:05+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=khabarhindustan WantedNames="[]" error="Account is suspended" Nov 9 04:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15773 SEQ=1 Nov 9 04:40:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25286 SEQ=1 Nov 9 04:40:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30294 SEQ=1 Nov 9 04:40:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.164.107.4 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=24295 PROTO=TCP SPT=56874 DPT=5000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64715 SEQ=1 Nov 9 04:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23949 SEQ=1 Nov 9 04:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61308 SEQ=1 Nov 9 04:40:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54276 PROTO=TCP SPT=60041 DPT=5615 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:40:10 server83 scripts.sh: Sun Nov 9 04:40:10 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 04:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9707 DF PROTO=TCP SPT=37158 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:11 server83 imunify-auditd-log-reader[15193]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 04:40:11 server83 imunify-auditd-log-reader[15193]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 04:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61744 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54033 DPT=40843 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:40:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32722 SEQ=1 Nov 9 04:40:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3324 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:40:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.201.115.86 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=767 Nov 9 04:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.238.231.94 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=13206 Nov 9 04:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.238.231.94 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=22 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=13772 Nov 9 04:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.238.231.94 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=15 SEQ=14161 Nov 9 04:40:20 server83 letsencrypt.live.cgi: time="2025-11-09T04:40:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dummytest WantedNames="[]" Nov 9 04:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18561 SEQ=1 Nov 9 04:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43555 DF PROTO=TCP SPT=44948 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43556 DF PROTO=TCP SPT=44948 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30586 SEQ=1 Nov 9 04:40:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=154.38.165.139 DST=51.210.113.204 LEN=447 TOS=0x08 PREC=0x20 TTL=45 ID=10464 DF PROTO=UDP SPT=37745 DPT=5060 LEN=427 Nov 9 04:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43557 DF PROTO=TCP SPT=44948 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=57245 PROTO=TCP SPT=40664 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:40:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.152.78.77 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=50938 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=17685 Nov 9 04:40:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=57246 PROTO=TCP SPT=40664 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:40:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44582 PROTO=TCP SPT=61060 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:40:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=57247 PROTO=TCP SPT=40664 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:40:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44583 PROTO=TCP SPT=61060 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:40:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44585 PROTO=TCP SPT=61060 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:40:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.168.150.174 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=19 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=5698 Nov 9 04:40:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34605 SEQ=1 Nov 9 04:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37095 SEQ=1 Nov 9 04:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25401 SEQ=1 Nov 9 04:40:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5609 PROTO=TCP SPT=48984 DPT=9441 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:40:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1061 SEQ=1 Nov 9 04:40:36 server83 letsencrypt.live.cgi: time="2025-11-09T04:40:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hnbpgcol WantedNames="[]" Nov 9 04:40:36 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:40:36 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:40:36 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43559 DF PROTO=TCP SPT=44948 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19496 SEQ=1 Nov 9 04:40:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25117 SEQ=1 Nov 9 04:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49239 SEQ=1 Nov 9 04:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14090 SEQ=1 Nov 9 04:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25401 SEQ=1 Nov 9 04:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34605 SEQ=1 Nov 9 04:40:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61745 DF PROTO=TCP SPT=55942 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:47 server83 imunify360-php-daemon[734]: error while sending daemon stats: too many requests Nov 9 04:40:47 server83 imunify360-php-daemon[734]: connections: {total = 21392, closed_as_old = 0, dropped = 1},#012messages: {total_received = 40032, blamer_received = 40028, blamer_filtered = 519, aggregated = 398, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 121, send = 0, send_failed = 124, stored = 3, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 2961, fevents_total = 11657,#012#011#011#011#011 fevents_filtered = {total = 28375, wrong_id = 130507, wrong_function_name = 8487460, match_file_false = 5959155, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 3156, fevents_stored_updated = 451, fevents_send_success = 0, fevents_send_failure = 20 } Nov 9 04:40:47 server83 imunify360-php-daemon[734]: memory: alloc = 25705320 B, totalAlloc = 787363663968 B, sys = 68965640 B, rss = 203702272 B Nov 9 04:40:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.207.232.10 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=11534 Nov 9 04:40:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.207.232.10 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=12939 Nov 9 04:40:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.207.232.10 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=23 SEQ=13251 Nov 9 04:40:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30945 SEQ=1 Nov 9 04:40:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=222.186.13.133 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=39370 PROTO=UDP SPT=37157 DPT=123 LEN=20 Nov 9 04:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63232 SEQ=1 Nov 9 04:40:51 server83 letsencrypt.live.cgi: time="2025-11-09T04:40:51+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=shreenirvighnam WantedNames="[]" error="Account is suspended" Nov 9 04:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4861 SEQ=1 Nov 9 04:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43560 DF PROTO=TCP SPT=44948 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48355 SEQ=1 Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0898] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0902] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0903] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0907] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0917] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0920] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:41:00 server83 NetworkManager[922]: <info> [1762643460.0931] dhcp4 (eth1): dhclient started with pid 9566 Nov 9 04:41:00 server83 dhclient[9566]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x69807a42) Nov 9 04:41:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:41:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:41:01 server83 systemd: Started Session 306469 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306467 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306466 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306470 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306471 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306468 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306472 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306473 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306474 of user root. Nov 9 04:41:01 server83 systemd: Started Session 306475 of user root. Nov 9 04:41:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35938 SEQ=1 Nov 9 04:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62984 SEQ=1 Nov 9 04:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9219 SEQ=1 Nov 9 04:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.95 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51098 DPT=1441 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.155.112.151 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=8908 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=3436 Nov 9 04:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35938 SEQ=1 Nov 9 04:41:05 server83 dhclient[9566]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x69807a42) Nov 9 04:41:06 server83 letsencrypt.live.cgi: time="2025-11-09T04:41:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=suchitanandanmah WantedNames="[]" Nov 9 04:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20105 SEQ=1 Nov 9 04:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31696 SEQ=1 Nov 9 04:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23454 SEQ=1 Nov 9 04:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44105 PROTO=TCP SPT=43448 DPT=2401 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37932 SEQ=1 Nov 9 04:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7970 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7971 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7972 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.19.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56827 DPT=1928 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:41:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7973 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47031 SEQ=1 Nov 9 04:41:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=34401 PROTO=TCP SPT=21459 DPT=100 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46401 SEQ=1 Nov 9 04:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51908 SEQ=1 Nov 9 04:41:19 server83 dhclient[9566]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x69807a42) Nov 9 04:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50996 SEQ=1 Nov 9 04:41:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.114.25 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1070 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50996 SEQ=1 Nov 9 04:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12465 SEQ=1 Nov 9 04:41:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46401 SEQ=1 Nov 9 04:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7974 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.144.212.221 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10722 PROTO=TCP SPT=41955 DPT=10022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:41:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.251.135.235 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=64760 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=8434 Nov 9 04:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43561 DF PROTO=TCP SPT=44948 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:32 server83 letsencrypt.live.cgi: time="2025-11-09T04:41:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=optionstradeloan WantedNames="[]" Nov 9 04:41:33 server83 dhclient[9566]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x69807a42) Nov 9 04:41:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31756 PROTO=TCP SPT=46370 DPT=3008 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58287 SEQ=1 Nov 9 04:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54287 SEQ=1 Nov 9 04:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29178 SEQ=1 Nov 9 04:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14027 SEQ=1 Nov 9 04:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25670 SEQ=1 Nov 9 04:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52654 SEQ=1 Nov 9 04:41:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60127 DPT=16000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7975 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14611 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14612 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:45 server83 NetworkManager[922]: <warn> [1762643505.0827] dhcp4 (eth1): request timed out Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.0827] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.0986] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 9566 Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.0986] dhcp4 (eth1): state changed timeout -> done Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.0987] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:41:45 server83 NetworkManager[922]: <warn> [1762643505.0991] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.0992] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1220] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1224] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1225] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1229] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1238] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1240] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:41:45 server83 NetworkManager[922]: <info> [1762643505.1251] dhcp4 (eth1): dhclient started with pid 12784 Nov 9 04:41:45 server83 dhclient[12784]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4171ad14) Nov 9 04:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14613 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:41:48 server83 letsencrypt.live.cgi: time="2025-11-09T04:41:48+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=subidhaworld WantedNames="[]" error="Account is suspended" Nov 9 04:41:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14614 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56954 SEQ=1 Nov 9 04:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62767 SEQ=1 Nov 9 04:41:52 server83 dhclient[12784]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x4171ad14) Nov 9 04:41:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50427 PROTO=TCP SPT=47734 DPT=8740 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:41:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50611 PROTO=TCP SPT=46370 DPT=1554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14615 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:41:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10042 PROTO=TCP SPT=49956 DPT=29616 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:42:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:42:01 server83 systemd: Started Session 306476 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306479 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306478 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306480 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306481 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306477 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306483 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306484 of user root. Nov 9 04:42:01 server83 systemd: Started Session 306482 of user root. Nov 9 04:42:03 server83 letsencrypt.live.cgi: time="2025-11-09T04:42:03+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=webmpsoft WantedNames="[]" error="Account is suspended" Nov 9 04:42:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7556 SEQ=1 Nov 9 04:42:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59275 SEQ=1 Nov 9 04:42:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.44.100.178 DST=145.239.177.179 LEN=525 TOS=0x00 PREC=0x00 TTL=107 ID=59458 PROTO=UDP SPT=16091 DPT=5060 LEN=505 Nov 9 04:42:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.44.100.178 DST=145.239.177.179 LEN=525 TOS=0x00 PREC=0x00 TTL=107 ID=59459 PROTO=UDP SPT=16091 DPT=5062 LEN=505 Nov 9 04:42:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.44.100.178 DST=145.239.177.179 LEN=525 TOS=0x00 PREC=0x00 TTL=107 ID=59460 PROTO=UDP SPT=16091 DPT=5080 LEN=505 Nov 9 04:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59275 SEQ=1 Nov 9 04:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37413 SEQ=1 Nov 9 04:42:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34042 SEQ=1 Nov 9 04:42:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36967 SEQ=1 Nov 9 04:42:10 server83 pam_imunify_daemon.bin: time="2025-11-09T04:42:10+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 04:42:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.235.36 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7735 DF PROTO=TCP SPT=37752 DPT=25463 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:42:11 server83 dhclient[12784]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x4171ad14) Nov 9 04:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7976 DF PROTO=TCP SPT=56432 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14616 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:18 server83 letsencrypt.live.cgi: time="2025-11-09T04:42:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cnfingroup WantedNames="[]" Nov 9 04:42:19 server83 systemd: Started Session c2830 of user root. Nov 9 04:42:19 server83 scripts.sh: Load Average: 2.82 , 3.46 Nov 9 04:42:19 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 04:42:19 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 04:42:19 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 04:42:19 server83 scripts.sh: HTTPD Status: inactive Nov 9 04:42:19 server83 scripts.sh: MySQL Status: active Nov 9 04:42:19 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 04:42:19 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 04:42:19 server83 scripts.sh: SSHD Status: active Nov 9 04:42:19 server83 scripts.sh: FTP Status: active Nov 9 04:42:19 server83 scripts.sh: LiteSpeed Status: Active Nov 9 04:42:19 server83 scripts.sh: Imunify Status: Active Nov 9 04:42:19 server83 scripts.sh: cPanel Status: active Nov 9 04:42:19 server83 scripts.sh: Memory Status: 12/31 GB - 38.76% Nov 9 04:42:19 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 04:42:19 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 04:42:19 server83 scripts.sh: Local Version: 4.4.5 Nov 9 04:42:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41424 PROTO=TCP SPT=43536 DPT=8118 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.7 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55236 DPT=48210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:42:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16994 PROTO=TCP SPT=43536 DPT=4145 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36434 SEQ=1 Nov 9 04:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10480 SEQ=1 Nov 9 04:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63360 SEQ=1 Nov 9 04:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57673 DF PROTO=TCP SPT=50004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1690 PROTO=TCP SPT=43536 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58767 PROTO=TCP SPT=43536 DPT=8989 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32411 SEQ=1 Nov 9 04:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57674 DF PROTO=TCP SPT=50004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57675 DF PROTO=TCP SPT=50004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3317 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:28 server83 dhclient[12784]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4171ad14) Nov 9 04:42:30 server83 NetworkManager[922]: <warn> [1762643550.0890] dhcp4 (eth1): request timed out Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.0891] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1050] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12784 Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1050] dhcp4 (eth1): state changed timeout -> done Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1053] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:42:30 server83 NetworkManager[922]: <warn> [1762643550.1060] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1062] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1096] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1100] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1101] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1105] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1116] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1119] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:42:30 server83 NetworkManager[922]: <info> [1762643550.1131] dhcp4 (eth1): dhclient started with pid 14538 Nov 9 04:42:30 server83 dhclient[14538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x5f4e9c09) Nov 9 04:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34027 PROTO=TCP SPT=43536 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45818 SEQ=1 Nov 9 04:42:34 server83 letsencrypt.live.cgi: time="2025-11-09T04:42:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rnsdcsah WantedNames="[]" Nov 9 04:42:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.105.155 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=50406 PROTO=TCP SPT=34132 DPT=9060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:42:36 server83 dhclient[14538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x5f4e9c09) Nov 9 04:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57677 DF PROTO=TCP SPT=50004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40836 SEQ=1 Nov 9 04:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.9.168.250 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=51 ID=55202 DF PROTO=ICMP TYPE=8 CODE=0 ID=3218 SEQ=22221 Nov 9 04:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47216 SEQ=1 Nov 9 04:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15423 SEQ=1 Nov 9 04:42:40 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=63304 DF PROTO=ICMP TYPE=8 CODE=0 ID=40797 SEQ=22337 Nov 9 04:42:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33124 PROTO=TCP SPT=43536 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:43 server83 dhclient[14538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x5f4e9c09) Nov 9 04:42:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64526 PROTO=TCP SPT=43536 DPT=1080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20864 PROTO=TCP SPT=43536 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:42:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43919 SEQ=1 Nov 9 04:42:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43919 SEQ=1 Nov 9 04:42:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14617 DF PROTO=TCP SPT=55166 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41206 SEQ=1 Nov 9 04:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25198 SEQ=1 Nov 9 04:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13364 SEQ=1 Nov 9 04:42:49 server83 letsencrypt.live.cgi: time="2025-11-09T04:42:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sntpublicschool WantedNames="[]" Nov 9 04:42:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12388 PROTO=TCP SPT=59508 DPT=41921 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:42:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7410 DF PROTO=TCP SPT=62486 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:42:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7411 DF PROTO=TCP SPT=62486 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7412 DF PROTO=TCP SPT=62486 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57678 DF PROTO=TCP SPT=50004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:42:55 server83 dhclient[14538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x5f4e9c09) Nov 9 04:42:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7413 DF PROTO=TCP SPT=62486 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:43:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=61.143.45.59 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=2155 DF PROTO=TCP SPT=52998 DPT=1433 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 04:43:01 server83 systemd: Started Session 306485 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306486 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306489 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306490 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306488 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306487 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306491 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306492 of user root. Nov 9 04:43:01 server83 systemd: Started Session 306493 of user root. Nov 9 04:43:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=45510 DPT=45786 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46610 SEQ=1 Nov 9 04:43:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30092 PROTO=TCP SPT=43536 DPT=5678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40210 PROTO=TCP SPT=43536 DPT=4153 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37298 SEQ=1 Nov 9 04:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21414 SEQ=1 Nov 9 04:43:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7414 DF PROTO=TCP SPT=62486 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:43:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19454 SEQ=1 Nov 9 04:43:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.36.97.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=3727 DF PROTO=TCP SPT=41013 DPT=8612 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25154 SEQ=1 Nov 9 04:43:07 server83 dhclient[14538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x5f4e9c09) Nov 9 04:43:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50263 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:43:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7415 DF PROTO=TCP SPT=37480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:43:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7416 DF PROTO=TCP SPT=37480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35200 DF PROTO=TCP SPT=48192 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:15 server83 NetworkManager[922]: <warn> [1762643595.0911] dhcp4 (eth1): request timed out Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.0912] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1071] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 14538 Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1071] dhcp4 (eth1): state changed timeout -> done Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1074] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:43:15 server83 NetworkManager[922]: <warn> [1762643595.1080] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1081] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1113] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1116] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1117] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1120] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1130] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1132] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:43:15 server83 NetworkManager[922]: <info> [1762643595.1144] dhcp4 (eth1): dhclient started with pid 16091 Nov 9 04:43:15 server83 dhclient[16091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4d0fa78d) Nov 9 04:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35202 DF PROTO=TCP SPT=48192 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:15 server83 letsencrypt.live.cgi: time="2025-11-09T04:43:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=expressbk WantedNames="[]" Nov 9 04:43:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7418 DF PROTO=TCP SPT=37480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:43:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64287 SEQ=1 Nov 9 04:43:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37692 SEQ=1 Nov 9 04:43:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46226 SEQ=1 Nov 9 04:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35203 DF PROTO=TCP SPT=48192 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22566 SEQ=1 Nov 9 04:43:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4810 PROTO=TCP SPT=43536 DPT=8082 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:20 server83 dhclient[16091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4d0fa78d) Nov 9 04:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=117 SEQ=1 Nov 9 04:43:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59648 PROTO=TCP SPT=43536 DPT=1111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=49.12.66.195 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=5098 DF PROTO=ICMP TYPE=8 CODE=0 ID=36559 SEQ=38147 Nov 9 04:43:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7419 DF PROTO=TCP SPT=37480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35204 DF PROTO=TCP SPT=48192 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57679 DF PROTO=TCP SPT=50004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=35846 PROTO=TCP SPT=47254 DPT=17540 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:43:31 server83 letsencrypt.live.cgi: time="2025-11-09T04:43:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=khalifacoastalre WantedNames="[]" Nov 9 04:43:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58444 PROTO=TCP SPT=43448 DPT=2541 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:32 server83 dhclient[16091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4d0fa78d) Nov 9 04:43:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46881 PROTO=TCP SPT=54739 DPT=2699 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23186 SEQ=1 Nov 9 04:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39312 SEQ=1 Nov 9 04:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23265 SEQ=1 Nov 9 04:43:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=31265 PROTO=TCP SPT=59508 DPT=14920 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48446 SEQ=1 Nov 9 04:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58359 SEQ=1 Nov 9 04:43:39 server83 dhclient[16091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4d0fa78d) Nov 9 04:43:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.123 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=29114 DF PROTO=TCP SPT=40552 DPT=9613 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35205 DF PROTO=TCP SPT=48192 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.225 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=50915 DF PROTO=TCP SPT=44638 DPT=5006 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31948 DF PROTO=TCP SPT=43588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:46 server83 letsencrypt.live.cgi: time="2025-11-09T04:43:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mlboa WantedNames="[]" Nov 9 04:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3315 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31949 DF PROTO=TCP SPT=43588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56708 SEQ=1 Nov 9 04:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56607 SEQ=1 Nov 9 04:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21688 SEQ=1 Nov 9 04:43:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31950 DF PROTO=TCP SPT=43588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1721 PROTO=TCP SPT=45793 DPT=9478 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:43:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3698 SEQ=1 Nov 9 04:43:50 server83 dhclient[16091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4d0fa78d) Nov 9 04:43:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.250.81.130 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=35320 DF PROTO=TCP SPT=36344 DPT=8191 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 04:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31951 DF PROTO=TCP SPT=43588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:43:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:43:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.163.117 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33465 DPT=4003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:00 server83 NetworkManager[922]: <warn> [1762643640.0907] dhcp4 (eth1): request timed out Nov 9 04:44:00 server83 NetworkManager[922]: <info> [1762643640.0907] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:44:00 server83 NetworkManager[922]: <info> [1762643640.0986] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16091 Nov 9 04:44:00 server83 NetworkManager[922]: <info> [1762643640.0986] dhcp4 (eth1): state changed timeout -> done Nov 9 04:44:00 server83 NetworkManager[922]: <info> [1762643640.0989] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:44:00 server83 NetworkManager[922]: <warn> [1762643640.0993] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:44:00 server83 NetworkManager[922]: <info> [1762643640.0995] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:44:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44826 PROTO=TCP SPT=44110 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=57111 DPT=47844 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44827 PROTO=TCP SPT=44110 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31952 DF PROTO=TCP SPT=43588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:44:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:44:01 server83 systemd: Started Session 306494 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306496 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306498 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306495 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306499 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306501 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306500 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306497 of user root. Nov 9 04:44:01 server83 systemd: Started Session 306502 of user root. Nov 9 04:44:02 server83 letsencrypt.live.cgi: time="2025-11-09T04:44:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=trustwalletteam WantedNames="[]" Nov 9 04:44:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22187 PROTO=TCP SPT=53141 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44828 PROTO=TCP SPT=44110 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22189 PROTO=TCP SPT=53141 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34752 SEQ=1 Nov 9 04:44:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22190 PROTO=TCP SPT=53141 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22191 PROTO=TCP SPT=53141 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.225.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34015 DPT=4003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.79 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=788 DF PROTO=TCP SPT=9417 DPT=3310 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:44:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3323 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58950 SEQ=1 Nov 9 04:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39935 SEQ=1 Nov 9 04:44:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.205.206 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=3951 DF PROTO=TCP SPT=47493 DPT=9486 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57346 SEQ=1 Nov 9 04:44:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23256 PROTO=TCP SPT=46370 DPT=2037 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:44:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=41140 PROTO=TCP SPT=47238 DPT=16510 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7420 DF PROTO=TCP SPT=64776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35206 DF PROTO=TCP SPT=48192 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37700 PROTO=TCP SPT=56949 DPT=8514 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:44:17 server83 letsencrypt.live.cgi: time="2025-11-09T04:44:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=intexpressdelive WantedNames="[]" Nov 9 04:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11167 SEQ=1 Nov 9 04:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7422 DF PROTO=TCP SPT=64776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=58081 DF PROTO=ICMP TYPE=8 CODE=0 ID=30595 SEQ=20108 Nov 9 04:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56303 SEQ=1 Nov 9 04:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5199 SEQ=1 Nov 9 04:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60152 SEQ=1 Nov 9 04:44:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7423 DF PROTO=TCP SPT=64776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47217 SEQ=1 Nov 9 04:44:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57123 SEQ=1 Nov 9 04:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54749 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25589 PROTO=TCP SPT=40355 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.248 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=35 ID=40152 PROTO=UDP SPT=7978 DPT=28055 LEN=9 Nov 9 04:44:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54750 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54751 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25593 PROTO=TCP SPT=40355 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:44:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55498 SEQ=1 Nov 9 04:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.140 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=108 ID=62868 DF PROTO=ICMP TYPE=8 CODE=0 ID=48098 SEQ=55570 Nov 9 04:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9541 SEQ=1 Nov 9 04:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55498 SEQ=1 Nov 9 04:44:33 server83 letsencrypt.live.cgi: time="2025-11-09T04:44:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=optionemail WantedNames="[]" Nov 9 04:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54752 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:44:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16982 SEQ=1 Nov 9 04:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.239.216.2 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=36751 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7427 DF PROTO=TCP SPT=65182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:44:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3314 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:44:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7428 DF PROTO=TCP SPT=65182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54753 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.159 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60760 DF PROTO=TCP SPT=1223 DPT=9459 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52248 PROTO=TCP SPT=61000 DPT=29027 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:44:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.172.244 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=3907 DF PROTO=TCP SPT=42453 DPT=20013 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:44:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=64443 PROTO=TCP SPT=21459 DPT=1000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:44:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:44:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:44:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64943 PROTO=TCP SPT=46370 DPT=2982 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:44:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7429 DF PROTO=TCP SPT=65182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:44:48 server83 letsencrypt.live.cgi: time="2025-11-09T04:44:48+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sreedharanigroup WantedNames="[]" error="Account is suspended" Nov 9 04:44:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10948 SEQ=1 Nov 9 04:44:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60189 PROTO=TCP SPT=41638 DPT=4089 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15946 SEQ=1 Nov 9 04:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9104 SEQ=1 Nov 9 04:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9104 SEQ=1 Nov 9 04:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6852 SEQ=1 Nov 9 04:44:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=141.82.3.32 DST=51.210.113.204 LEN=46 TOS=0x00 PREC=0x00 TTL=34 ID=62608 PROTO=UDP SPT=49919 DPT=12333 LEN=26 Nov 9 04:44:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=1006 DF PROTO=TCP SPT=19937 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=1007 DF PROTO=TCP SPT=19937 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54754 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:44:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.250 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=38106 DF PROTO=TCP SPT=32748 DPT=9740 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:44:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=1008 DF PROTO=TCP SPT=19937 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:44:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=144.48.4.124 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=34921 DF PROTO=TCP SPT=53247 DPT=8080 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 04:45:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=985 SEQ=1 Nov 9 04:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52673 SEQ=1 Nov 9 04:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47317 SEQ=1 Nov 9 04:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=608 SEQ=1 Nov 9 04:45:02 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:45:02 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:45:02 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:45:02 server83 imunify-auditd-log-reader[15193]: lost 3 message sequences Nov 9 04:45:02 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:45:02 server83 systemd: Started Session 306505 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306504 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306507 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306503 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306506 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306508 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306511 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306510 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306509 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306512 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306515 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306517 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306516 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306513 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306518 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306514 of user root. Nov 9 04:45:02 server83 systemd: Started Session 306520 of user root. Nov 9 04:45:02 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 04:45:02 server83 systemd: Started Session 306521 of user sanatanhinduvahi. Nov 9 04:45:02 server83 systemd: Started Session 306519 of user root. Nov 9 04:45:02 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 04:45:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=1009 DF PROTO=TCP SPT=19937 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22808 SEQ=1 Nov 9 04:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24376 SEQ=1 Nov 9 04:45:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:45:04 server83 letsencrypt.live.cgi: time="2025-11-09T04:45:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=parakhchhattisga WantedNames="[]" Nov 9 04:45:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4420 SEQ=1 Nov 9 04:45:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=62084 PROTO=TCP SPT=47238 DPT=38577 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:45:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=71.6.147.254 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=109 ID=31589 PROTO=TCP SPT=26200 DPT=9022 WINDOW=52122 RES=0x00 SYN URGP=0 Nov 9 04:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29021 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29022 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65450 SEQ=1 Nov 9 04:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2764 PROTO=TCP SPT=61234 DPT=1971 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:45:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62172 SEQ=1 Nov 9 04:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29023 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:19 server83 letsencrypt.live.cgi: time="2025-11-09T04:45:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=marcohennies WantedNames="[]" Nov 9 04:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62172 SEQ=1 Nov 9 04:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55613 SEQ=1 Nov 9 04:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.231 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52080 DPT=9287 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23169 SEQ=1 Nov 9 04:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23169 SEQ=1 Nov 9 04:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29024 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4252 SEQ=1 Nov 9 04:45:27 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 04:45:27 server83 systemd: Stopped Status Update Service. Nov 9 04:45:27 server83 systemd: Started Status Update Service. Nov 9 04:45:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.243.63 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59695 DPT=5435 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:30 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.204.255.106 DST=145.239.177.179 LEN=522 TOS=0x00 PREC=0x00 TTL=50 ID=7702 DF PROTO=UDP SPT=5080 DPT=5060 LEN=502 Nov 9 04:45:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16669 SEQ=1 Nov 9 04:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54755 DF PROTO=TCP SPT=58142 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38928 PROTO=TCP SPT=59821 DPT=5044 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29025 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19360 PROTO=TCP SPT=61234 DPT=5930 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.104 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=49752 PROTO=TCP SPT=47650 DPT=1228 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27569 SEQ=1 Nov 9 04:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47583 SEQ=1 Nov 9 04:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47583 SEQ=1 Nov 9 04:45:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27569 SEQ=1 Nov 9 04:45:34 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:45:34 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:45:35 server83 letsencrypt.live.cgi: time="2025-11-09T04:45:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=springgroupinc WantedNames="[]" Nov 9 04:45:35 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:45:35 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:45:35 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:45:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5724 PROTO=TCP SPT=46370 DPT=2056 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:45:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.87 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=11784 DF PROTO=TCP SPT=50565 DPT=2121 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:45:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46322 SEQ=1 Nov 9 04:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47433 SEQ=1 Nov 9 04:45:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.124.185.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=9701 PROTO=TCP SPT=55386 DPT=5938 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.40.217.42 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=47862 PROTO=TCP SPT=55476 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21221 SEQ=1 Nov 9 04:45:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55795 SEQ=1 Nov 9 04:45:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13225 SEQ=1 Nov 9 04:45:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22521 SEQ=1 Nov 9 04:45:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:45:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25958 SEQ=1 Nov 9 04:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29026 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3322 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=446 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:51 server83 letsencrypt.live.cgi: time="2025-11-09T04:45:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jindal WantedNames="[]" Nov 9 04:45:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=447 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5770 SEQ=1 Nov 9 04:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14851 SEQ=1 Nov 9 04:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.201.166.123 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=19913 Nov 9 04:45:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12614 PROTO=TCP SPT=6615 DPT=9300 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:45:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=448 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.83.167.28 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=59440 PROTO=TCP SPT=38590 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13225 SEQ=1 Nov 9 04:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=449 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:45:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.250.81.129 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=12791 DF PROTO=TCP SPT=13815 DPT=8065 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 04:45:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4854 PROTO=TCP SPT=50527 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:45:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4855 PROTO=TCP SPT=50527 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:46:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54931 PROTO=TCP SPT=55438 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:46:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4856 PROTO=TCP SPT=50527 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:46:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:46:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:46:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:46:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:46:01 server83 systemd: Started Session 306523 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306524 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306522 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306526 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306528 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306529 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306525 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306527 of user root. Nov 9 04:46:01 server83 systemd: Started Session 306530 of user root. Nov 9 04:46:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54932 PROTO=TCP SPT=55438 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:46:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54934 PROTO=TCP SPT=55438 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60477 SEQ=1 Nov 9 04:46:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41452 SEQ=1 Nov 9 04:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=450 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:06 server83 letsencrypt.live.cgi: time="2025-11-09T04:46:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=camayur WantedNames="[]" Nov 9 04:46:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60409 SEQ=1 Nov 9 04:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60409 SEQ=1 Nov 9 04:46:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59072 PROTO=TCP SPT=49956 DPT=26114 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:46:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=57820 PROTO=TCP SPT=47254 DPT=19742 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:46:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.74 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42993 PROTO=TCP SPT=40469 DPT=34500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:46:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5932 SEQ=1 Nov 9 04:46:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45283 SEQ=1 Nov 9 04:46:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=203.55.131.5 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=48 ID=36098 PROTO=UDP SPT=45623 DPT=2152 LEN=20 Nov 9 04:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9129 SEQ=1 Nov 9 04:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53704 SEQ=1 Nov 9 04:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29027 DF PROTO=TCP SPT=53372 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=451 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40600 SEQ=1 Nov 9 04:46:22 server83 letsencrypt.live.cgi: time="2025-11-09T04:46:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=braxxonindia WantedNames="[]" Nov 9 04:46:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21232 SEQ=1 Nov 9 04:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.43 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=27499 PROTO=TCP SPT=20335 DPT=18027 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5537 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5538 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5539 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41063 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:46:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.83 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55003 DPT=9993 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:46:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=1 Nov 9 04:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5540 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61523 SEQ=1 Nov 9 04:46:38 server83 letsencrypt.live.cgi: time="2025-11-09T04:46:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ujuhggdomains WantedNames="[]" Nov 9 04:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42871 SEQ=1 Nov 9 04:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=1 Nov 9 04:46:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=148.153.188.246 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=17844 PROTO=TCP SPT=34774 DPT=6998 WINDOW=64557 RES=0x00 SYN URGP=0 Nov 9 04:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25095 SEQ=1 Nov 9 04:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50873 SEQ=1 Nov 9 04:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.239 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=11567 PROTO=TCP SPT=18981 DPT=45509 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.163.117 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=35171 DPT=40403 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5541 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:46:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.59.56.121 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=233 ID=36592 PROTO=TCP SPT=60000 DPT=27422 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:46:48 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.131.129.223 DST=51.210.113.204 LEN=318 TOS=0x00 PREC=0x00 TTL=47 ID=13223 DF PROTO=UDP SPT=56831 DPT=19132 LEN=298 Nov 9 04:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18003 SEQ=1 Nov 9 04:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63781 SEQ=1 Nov 9 04:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50675 SEQ=1 Nov 9 04:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.96 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55472 DPT=45117 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19125 SEQ=1 Nov 9 04:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.197 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53567 DPT=9657 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:46:53 server83 letsencrypt.live.cgi: time="2025-11-09T04:46:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=etraffreightexpr WantedNames="[]" Nov 9 04:46:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13516 SEQ=1 Nov 9 04:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=452 DF PROTO=TCP SPT=55448 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:46:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35558 PROTO=TCP SPT=53849 DPT=6005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:46:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=34271 PROTO=TCP SPT=61234 DPT=2065 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:47:01 server83 systemd: Started Session 306531 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306533 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306534 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306535 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306532 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306536 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306537 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306538 of user root. Nov 9 04:47:01 server83 systemd: Started Session 306539 of user root. Nov 9 04:47:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:47:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:47:01 server83 systemd: Started Session 306540 of user root. Nov 9 04:47:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5542 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:47:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4471 PROTO=TCP SPT=58603 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32076 SEQ=1 Nov 9 04:47:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58332 SEQ=1 Nov 9 04:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28460 SEQ=1 Nov 9 04:47:09 server83 letsencrypt.live.cgi: time="2025-11-09T04:47:09+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=srijjan WantedNames="[]" error="Account is suspended" Nov 9 04:47:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43040 SEQ=1 Nov 9 04:47:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.239.15 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=6499 DF PROTO=TCP SPT=45580 DPT=4067 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:47:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16004 PROTO=TCP SPT=49956 DPT=26110 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:47:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17330 PROTO=TCP SPT=44482 DPT=13722 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14581 SEQ=1 Nov 9 04:47:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26631 SEQ=1 Nov 9 04:47:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16390 SEQ=1 Nov 9 04:47:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19834 SEQ=1 Nov 9 04:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29124 SEQ=1 Nov 9 04:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3475 SEQ=1 Nov 9 04:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60216 SEQ=1 Nov 9 04:47:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=59080 PROTO=TCP SPT=55975 DPT=7609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:47:24 server83 letsencrypt.live.cgi: time="2025-11-09T04:47:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=osiedservice WantedNames="[]" Nov 9 04:47:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=23417 PROTO=TCP SPT=56033 DPT=7723 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:47:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44137 DPT=40403 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:47:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38497 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:47:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38107 SEQ=1 Nov 9 04:47:31 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.38 DST=145.239.177.179 LEN=76 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=UDP SPT=53807 DPT=123 LEN=56 Nov 9 04:47:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31879 SEQ=1 Nov 9 04:47:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44878 SEQ=1 Nov 9 04:47:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40916 SEQ=1 Nov 9 04:47:34 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 04:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=25078 PROTO=TCP SPT=47858 DPT=17877 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:47:35 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:47:35 server83 imunify-auditd-log-reader[15193]: lost 3 message sequences Nov 9 04:47:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5543 DF PROTO=TCP SPT=57788 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 04:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25888 SEQ=1 Nov 9 04:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23032 SEQ=1 Nov 9 04:47:40 server83 letsencrypt.live.cgi: time="2025-11-09T04:47:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=swiftcargoint WantedNames="[]" Nov 9 04:47:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:47:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.7 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=38564 DF PROTO=TCP SPT=57969 DPT=8108 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39260 SEQ=1 Nov 9 04:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38372 SEQ=1 Nov 9 04:47:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.18 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=9546 PROTO=TCP SPT=26200 DPT=9315 WINDOW=45964 RES=0x00 SYN URGP=0 Nov 9 04:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55922 SEQ=1 Nov 9 04:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56954 SEQ=1 Nov 9 04:47:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56954 SEQ=1 Nov 9 04:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41872 SEQ=1 Nov 9 04:47:56 server83 letsencrypt.live.cgi: time="2025-11-09T04:47:56+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=greentech WantedNames="[]" error="Account is suspended" Nov 9 04:47:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14924 PROTO=TCP SPT=40445 DPT=8998 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:47:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.167 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=41568 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64514 SEQ=1 Nov 9 04:48:01 server83 systemd: Started Session 306541 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306543 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306544 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306545 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306542 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306546 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306547 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306548 of user root. Nov 9 04:48:01 server83 systemd: Started Session 306549 of user root. Nov 9 04:48:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:48:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:48:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31927 SEQ=1 Nov 9 04:48:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47598 SEQ=1 Nov 9 04:48:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64307 SEQ=1 Nov 9 04:48:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53226 SEQ=1 Nov 9 04:48:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=64929 PROTO=TCP SPT=37944 DPT=25105 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18996 SEQ=1 Nov 9 04:48:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.72.206.178 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=28442 PROTO=TCP SPT=44851 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:48:11 server83 letsencrypt.live.cgi: time="2025-11-09T04:48:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=oloriblock WantedNames="[]" Nov 9 04:48:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57658 DPT=16080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.26 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51443 DPT=19999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:16 server83 aibolit_wrapper[25433]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626438960044134.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626438960046212.txt --progress=/tmp/malware_cleaner_progress_17626438960045952.json --csv_result=/tmp/revisium_csvfile_17626438960046076.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:48:17 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:48:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34987 SEQ=1 Nov 9 04:48:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13638 SEQ=1 Nov 9 04:48:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60409 SEQ=1 Nov 9 04:48:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1430 PROTO=TCP SPT=40878 DPT=41052 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:48:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.130 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=1131 DF PROTO=TCP SPT=56649 DPT=22096 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53014 SEQ=1 Nov 9 04:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=13692 DF PROTO=ICMP TYPE=8 CODE=0 ID=51627 SEQ=28790 Nov 9 04:48:24 server83 aibolit_wrapper[25813]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439046876040.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439046879298.txt --progress=/tmp/malware_cleaner_progress_17626439046878882.json --csv_result=/tmp/revisium_csvfile_17626439046879076.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18448 SEQ=1 Nov 9 04:48:27 server83 letsencrypt.live.cgi: time="2025-11-09T04:48:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cyprus WantedNames="[]" Nov 9 04:48:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:48:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.58.148 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60665 DPT=25105 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.201 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53764 DPT=9832 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3321 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39610 SEQ=1 Nov 9 04:48:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.36.119.146 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5212 DF PROTO=TCP SPT=45020 DPT=1116 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:48:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3313 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=49.12.66.195 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=53180 DF PROTO=ICMP TYPE=8 CODE=0 ID=36559 SEQ=6663 Nov 9 04:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22241 SEQ=1 Nov 9 04:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61840 SEQ=1 Nov 9 04:48:35 server83 aibolit_wrapper[26322]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439150275550.txt --input-fn-b64-encoded --username=lucky --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439150277168.txt --log=/tmp/malware_cleaner_log_17626439150279108.txt --progress=/tmp/malware_cleaner_progress_17626439150278632.json --csv_result=/tmp/revisium_csvfile_17626439150278860.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:48:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14923 SEQ=1 Nov 9 04:48:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61543 SEQ=1 Nov 9 04:48:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=61382 DF PROTO=TCP SPT=42900 DPT=30120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:48:42 server83 letsencrypt.live.cgi: time="2025-11-09T04:48:42+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=diamondfortress WantedNames="[]" error="Account is suspended" Nov 9 04:48:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=61383 DF PROTO=TCP SPT=42900 DPT=30120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:48:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=20607 DF PROTO=TCP SPT=40558 DPT=30120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:48:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=20608 DF PROTO=TCP SPT=40558 DPT=30120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:48:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=23226 DF PROTO=TCP SPT=40572 DPT=30120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:48:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=23227 DF PROTO=TCP SPT=40572 DPT=30120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:48:46 server83 aibolit_wrapper[26752]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439268650272.txt --input-fn-b64-encoded --username=lucky --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439268652012.txt --log=/tmp/malware_cleaner_log_17626439268653798.txt --progress=/tmp/malware_cleaner_progress_17626439268653354.json --csv_result=/tmp/revisium_csvfile_17626439268653574.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:48:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.4 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=58182 DF PROTO=TCP SPT=41889 DPT=21243 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.lock: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.mb_convert: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.classes: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.sys: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.center: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.db2_convert: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.internal: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.config: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.rjust: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.rfind: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.accepted: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.reset: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.requests: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.class: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.request: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.created: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.system: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.cache: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.ob_iconv_handle: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.uconvert: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.partition: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.ibase_pconnection: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.locked: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.accept: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.post: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.content: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: /home2/lucky/public_html/wp-content/themes/mavix-marketing/.rindex: ProactiveModel.Host should not be empty Nov 9 04:48:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38610 SEQ=1 Nov 9 04:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21509 SEQ=1 Nov 9 04:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46219 SEQ=1 Nov 9 04:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27048 SEQ=1 Nov 9 04:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65256 SEQ=1 Nov 9 04:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38610 SEQ=1 Nov 9 04:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46219 SEQ=1 Nov 9 04:48:54 server83 aibolit_wrapper[26887]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439348787300.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439348790550.txt --progress=/tmp/malware_cleaner_progress_17626439348790126.json --csv_result=/tmp/revisium_csvfile_17626439348790350.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:48:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58316 PROTO=TCP SPT=56724 DPT=8600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:48:58 server83 letsencrypt.live.cgi: time="2025-11-09T04:48:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=divinesranchi WantedNames="[]" Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1368] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1374] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1375] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1381] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1392] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1397] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:49:00 server83 NetworkManager[922]: <info> [1762643940.1410] dhcp4 (eth1): dhclient started with pid 27073 Nov 9 04:49:00 server83 dhclient[27073]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x217a6b29) Nov 9 04:49:00 server83 aibolit_wrapper[27080]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439403027604.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439403028502.txt --log=/tmp/malware_cleaner_log_17626439403029404.txt --progress=/tmp/malware_cleaner_progress_17626439403029166.json --csv_result=/tmp/revisium_csvfile_17626439403029290.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:49:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:49:01 server83 systemd: Started Session 306550 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306551 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306552 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306555 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306554 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306553 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306557 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306556 of user root. Nov 9 04:49:01 server83 systemd: Started Session 306558 of user root. Nov 9 04:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52417 SEQ=1 Nov 9 04:49:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.202 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=64175 DF PROTO=TCP SPT=44800 DPT=3333 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:49:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.202 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=55606 DF PROTO=TCP SPT=44822 DPT=3333 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:49:03 server83 dhclient[27073]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x217a6b29) Nov 9 04:49:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.202 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=55607 DF PROTO=TCP SPT=44822 DPT=3333 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11893 SEQ=1 Nov 9 04:49:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.202 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=36256 DF PROTO=TCP SPT=44836 DPT=3333 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60119 SEQ=1 Nov 9 04:49:04 server83 aibolit_wrapper[27271]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439446488240.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439446489646.txt --log=/tmp/malware_cleaner_log_17626439446491072.txt --progress=/tmp/malware_cleaner_progress_17626439446490674.json --csv_result=/tmp/revisium_csvfile_17626439446490868.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=871 SEQ=1 Nov 9 04:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60398 SEQ=1 Nov 9 04:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.202 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=36257 DF PROTO=TCP SPT=44836 DPT=3333 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=51780 PROTO=TCP SPT=43944 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11893 SEQ=1 Nov 9 04:49:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=49796 PROTO=TCP SPT=43944 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:49:10 server83 aibolit_wrapper[27430]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439507006314.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439507008110.txt --log=/tmp/malware_cleaner_log_17626439507009894.txt --progress=/tmp/malware_cleaner_progress_17626439507009480.json --csv_result=/tmp/revisium_csvfile_17626439507009682.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:10 server83 dhclient[27073]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x217a6b29) Nov 9 04:49:12 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:49:12 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=55747 PROTO=TCP SPT=43944 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27569 PROTO=TCP SPT=61234 DPT=5963 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:49:13 server83 letsencrypt.live.cgi: time="2025-11-09T04:49:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=imsarfaraz WantedNames="[]" Nov 9 04:49:16 server83 aibolit_wrapper[27630]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439566246132.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439566247130.txt --log=/tmp/malware_cleaner_log_17626439566248164.txt --progress=/tmp/malware_cleaner_progress_17626439566247930.json --csv_result=/tmp/revisium_csvfile_17626439566248028.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:17 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:49:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:49:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.37 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=25969 PROTO=TCP SPT=49316 DPT=8530 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65286 SEQ=1 Nov 9 04:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65286 SEQ=1 Nov 9 04:49:22 server83 aibolit_wrapper[27814]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439623542444.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626439623543942.txt --log=/tmp/malware_cleaner_log_17626439623545784.txt --progress=/tmp/malware_cleaner_progress_17626439623545416.json --csv_result=/tmp/revisium_csvfile_17626439623545582.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:23 server83 dhclient[27073]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x217a6b29) Nov 9 04:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16517 SEQ=1 Nov 9 04:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54810 SEQ=1 Nov 9 04:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7890 SEQ=1 Nov 9 04:49:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53821 DPT=7547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:49:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=35587 PROTO=TCP SPT=47238 DPT=44705 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:49:26 server83 aibolit_wrapper[27990]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439665864182.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439665865984.txt --progress=/tmp/malware_cleaner_progress_17626439665865708.json --csv_result=/tmp/revisium_csvfile_17626439665865814.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=71.6.135.131 DST=145.239.177.179 LEN=257 TOS=0x08 PREC=0x20 TTL=109 ID=31545 PROTO=UDP SPT=26810 DPT=5060 LEN=237 Nov 9 04:49:29 server83 letsencrypt.live.cgi: time="2025-11-09T04:49:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ftreasurellc WantedNames="[]" Nov 9 04:49:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.168.34 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=4693 DF PROTO=TCP SPT=38486 DPT=11624 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:49:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.94.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55643 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:49:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37317 SEQ=1 Nov 9 04:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9587 SEQ=1 Nov 9 04:49:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55162 SEQ=1 Nov 9 04:49:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6302 SEQ=1 Nov 9 04:49:34 server83 aibolit_wrapper[28241]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439747963288.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439747967004.txt --progress=/tmp/malware_cleaner_progress_17626439747966408.json --csv_result=/tmp/revisium_csvfile_17626439747966652.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27877 SEQ=1 Nov 9 04:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51984 SEQ=1 Nov 9 04:49:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=39305 PROTO=TCP SPT=7457 DPT=36775 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:49:40 server83 aibolit_wrapper[28355]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439801453822.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439801456886.txt --progress=/tmp/malware_cleaner_progress_17626439801456310.json --csv_result=/tmp/revisium_csvfile_17626439801456518.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:41 server83 scripts.sh: Sun Nov 9 04:49:41 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 04:49:41 server83 dhclient[27073]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x217a6b29) Nov 9 04:49:45 server83 NetworkManager[922]: <warn> [1762643985.0917] dhcp4 (eth1): request timed out Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.0917] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1077] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27073 Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1078] dhcp4 (eth1): state changed timeout -> done Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1080] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:49:45 server83 NetworkManager[922]: <warn> [1762643985.1084] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1087] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1120] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1124] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1125] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1136] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1146] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1149] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:49:45 server83 NetworkManager[922]: <info> [1762643985.1164] dhcp4 (eth1): dhclient started with pid 28593 Nov 9 04:49:45 server83 letsencrypt.live.cgi: time="2025-11-09T04:49:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=greenlineservice WantedNames="[]" Nov 9 04:49:45 server83 dhclient[28593]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x366ef9a0) Nov 9 04:49:46 server83 aibolit_wrapper[28681]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439868670548.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439868672082.txt --progress=/tmp/malware_cleaner_progress_17626439868671894.json --csv_result=/tmp/revisium_csvfile_17626439868671970.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:49:47 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.center: ProactiveModel.Host should not be empty Nov 9 04:49:47 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.created: ProactiveModel.Host should not be empty Nov 9 04:49:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:49:49 server83 dhclient[28593]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x366ef9a0) Nov 9 04:49:49 server83 pam_imunify_daemon.bin: time="2025-11-09T04:49:49+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 04:49:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=17421 PROTO=TCP SPT=60573 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:49:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63647 SEQ=1 Nov 9 04:49:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37734 SEQ=1 Nov 9 04:49:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.92 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57034 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33288 SEQ=1 Nov 9 04:49:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49521 SEQ=1 Nov 9 04:49:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5502 SEQ=1 Nov 9 04:49:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:49:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24009 SEQ=1 Nov 9 04:49:57 server83 dhclient[28593]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x366ef9a0) Nov 9 04:49:57 server83 aibolit_wrapper[28922]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626439975945490.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626439975948766.txt --progress=/tmp/malware_cleaner_progress_17626439975948388.json --csv_result=/tmp/revisium_csvfile_17626439975948566.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:00 server83 letsencrypt.live.cgi: time="2025-11-09T04:50:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tekbitonline WantedNames="[]" Nov 9 04:50:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:50:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:50:01 server83 systemd: Started Session 306561 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306563 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306559 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306566 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306564 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306562 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306565 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306560 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306567 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306568 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306569 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306571 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306572 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306573 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306570 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306575 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306576 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306574 of user root. Nov 9 04:50:01 server83 systemd: Started Session 306577 of user root. Nov 9 04:50:03 server83 aibolit_wrapper[29256]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440030666242.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440030668090.txt --progress=/tmp/malware_cleaner_progress_17626440030667902.json --csv_result=/tmp/revisium_csvfile_17626440030667990.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37712 SEQ=1 Nov 9 04:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37712 SEQ=1 Nov 9 04:50:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=218.17.184.95 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=64166 PROTO=TCP SPT=46243 DPT=40022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:50:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46431 SEQ=1 Nov 9 04:50:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=200.9.154.79 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55832 DPT=9094 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=59841 PROTO=TCP SPT=44968 DPT=481 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:50:08 server83 aibolit_wrapper[29378]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440083266356.txt --input-fn-b64-encoded --username=lucky --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626440083267730.txt --log=/tmp/malware_cleaner_log_17626440083269388.txt --progress=/tmp/malware_cleaner_progress_17626440083268966.json --csv_result=/tmp/revisium_csvfile_17626440083269160.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3261 SEQ=1 Nov 9 04:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20261 SEQ=1 Nov 9 04:50:11 server83 imunify-auditd-log-reader[15193]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 04:50:11 server83 imunify-auditd-log-reader[15193]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 04:50:13 server83 dhclient[28593]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x366ef9a0) Nov 9 04:50:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3312 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:50:16 server83 letsencrypt.live.cgi: time="2025-11-09T04:50:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pjhrfranchi WantedNames="[]" Nov 9 04:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2389 Nov 9 04:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2489 Nov 9 04:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2589 Nov 9 04:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2689 Nov 9 04:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2789 Nov 9 04:50:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63790 SEQ=1 Nov 9 04:50:18 server83 aibolit_wrapper[29580]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440189169068.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440189172946.txt --progress=/tmp/malware_cleaner_progress_17626440189172480.json --csv_result=/tmp/revisium_csvfile_17626440189172700.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9577 PROTO=TCP SPT=42633 DPT=8985 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10802 SEQ=1 Nov 9 04:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.226.99 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=22 Nov 9 04:50:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61604 SEQ=1 Nov 9 04:50:27 server83 aibolit_wrapper[29741]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440276992658.txt --input-fn-b64-encoded --username=lucky --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626440276993508.txt --log=/tmp/malware_cleaner_log_17626440276994472.txt --progress=/tmp/malware_cleaner_progress_17626440276994276.json --csv_result=/tmp/revisium_csvfile_17626440276994362.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:27 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.62.226.99 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=25 SEQ=22879 Nov 9 04:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60844 PROTO=TCP SPT=46370 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:50:30 server83 NetworkManager[922]: <warn> [1762644030.0907] dhcp4 (eth1): request timed out Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.0908] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.0988] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28593 Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.0988] dhcp4 (eth1): state changed timeout -> done Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.0991] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:50:30 server83 NetworkManager[922]: <warn> [1762644030.0999] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1001] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1037] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1042] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1043] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1048] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1058] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1061] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:50:30 server83 NetworkManager[922]: <info> [1762644030.1074] dhcp4 (eth1): dhclient started with pid 29790 Nov 9 04:50:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7430 DF PROTO=TCP SPT=55903 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:50:30 server83 dhclient[29790]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x50578ae1) Nov 9 04:50:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7431 DF PROTO=TCP SPT=55903 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:50:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60798 SEQ=1 Nov 9 04:50:31 server83 letsencrypt.live.cgi: time="2025-11-09T04:50:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dklp WantedNames="[]" Nov 9 04:50:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5588 SEQ=1 Nov 9 04:50:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7432 DF PROTO=TCP SPT=55903 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:50:33 server83 aibolit_wrapper[29902]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440333379378.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440333382428.txt --progress=/tmp/malware_cleaner_progress_17626440333382096.json --csv_result=/tmp/revisium_csvfile_17626440333382236.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54104 SEQ=1 Nov 9 04:50:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.171.25.224 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=34871 DPT=8945 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3319 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.132 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=52795 PROTO=TCP SPT=48253 DPT=4567 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:50:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7433 DF PROTO=TCP SPT=55903 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:50:38 server83 dhclient[29790]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x50578ae1) Nov 9 04:50:38 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:50:38 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:50:38 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10822 SEQ=1 Nov 9 04:50:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49994 SEQ=1 Nov 9 04:50:41 server83 aibolit_wrapper[30265]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440410472072.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440410475668.txt --progress=/tmp/malware_cleaner_progress_17626440410475202.json --csv_result=/tmp/revisium_csvfile_17626440410475398.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39599 PROTO=TCP SPT=40091 DPT=8140 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46253 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.35 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50630 DPT=8899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.212.149 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5194 DF PROTO=TCP SPT=47877 DPT=1467 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 04:50:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=50968 PROTO=TCP SPT=55975 DPT=7605 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:50:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=48076 DPT=8008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:50:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7670 PROTO=TCP SPT=58134 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:50:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4492 PROTO=TCP SPT=40055 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:50:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3332 SEQ=1 Nov 9 04:50:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3332 SEQ=1 Nov 9 04:50:48 server83 aibolit_wrapper[30421]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440488316420.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440488318552.txt --progress=/tmp/malware_cleaner_progress_17626440488318298.json --csv_result=/tmp/revisium_csvfile_17626440488318412.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:49 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:50:49 server83 imunify-auditd-log-reader[15193]: lost 2 message sequences Nov 9 04:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38060 SEQ=1 Nov 9 04:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23594 SEQ=1 Nov 9 04:50:49 server83 letsencrypt.live.cgi: time="2025-11-09T04:50:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pmatrix WantedNames="[]" Nov 9 04:50:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4494 PROTO=TCP SPT=40055 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 04:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27647 SEQ=1 Nov 9 04:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25831 SEQ=1 Nov 9 04:50:52 server83 dhclient[29790]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x50578ae1) Nov 9 04:50:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22658 PROTO=TCP SPT=46370 DPT=2133 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:50:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.3 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=64154 PROTO=TCP SPT=47009 DPT=6390 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:50:56 server83 aibolit_wrapper[30660]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440567597022.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440567601330.txt --progress=/tmp/malware_cleaner_progress_17626440567600820.json --csv_result=/tmp/revisium_csvfile_17626440567601040.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:50:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14871 PROTO=TCP SPT=57389 DPT=9704 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:51:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3318 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:51:02 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:51:02 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:51:02 server83 systemd: Started Session 306581 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306582 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306583 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306578 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306584 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306585 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306580 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306579 of user root. Nov 9 04:51:02 server83 systemd: Started Session 306586 of user root. Nov 9 04:51:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7594 SEQ=1 Nov 9 04:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42810 SEQ=1 Nov 9 04:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42810 SEQ=1 Nov 9 04:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7594 SEQ=1 Nov 9 04:51:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27080 SEQ=1 Nov 9 04:51:04 server83 letsencrypt.live.cgi: time="2025-11-09T04:51:04+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=zedofinance WantedNames="[]" error="Account is suspended" Nov 9 04:51:05 server83 aibolit_wrapper[31089]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440658138626.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440658140742.txt --progress=/tmp/malware_cleaner_progress_17626440658140456.json --csv_result=/tmp/revisium_csvfile_17626440658140584.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:06 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:51:06 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:51:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:51:11 server83 aibolit_wrapper[31240]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440714365742.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440714367294.txt --progress=/tmp/malware_cleaner_progress_17626440714367120.json --csv_result=/tmp/revisium_csvfile_17626440714367194.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57027 PROTO=TCP SPT=33495 DPT=4212 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:51:13 server83 dhclient[29790]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x50578ae1) Nov 9 04:51:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59295 DPT=16080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:51:15 server83 NetworkManager[922]: <warn> [1762644075.0907] dhcp4 (eth1): request timed out Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.0907] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1066] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29790 Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1066] dhcp4 (eth1): state changed timeout -> done Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1069] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:51:15 server83 NetworkManager[922]: <warn> [1762644075.1074] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1075] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1107] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1110] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1111] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1113] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1122] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1124] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:51:15 server83 NetworkManager[922]: <info> [1762644075.1135] dhcp4 (eth1): dhclient started with pid 31314 Nov 9 04:51:15 server83 dhclient[31314]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x5607d228) Nov 9 04:51:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=59296 DPT=8008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:51:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22432 SEQ=1 Nov 9 04:51:18 server83 aibolit_wrapper[31383]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440784042162.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440784045382.txt --progress=/tmp/malware_cleaner_progress_17626440784044936.json --csv_result=/tmp/revisium_csvfile_17626440784045132.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:20 server83 letsencrypt.live.cgi: time="2025-11-09T04:51:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=freedomfinanceco WantedNames="[]" Nov 9 04:51:21 server83 dhclient[31314]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5607d228) Nov 9 04:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9327 SEQ=1 Nov 9 04:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29403 SEQ=1 Nov 9 04:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23545 SEQ=1 Nov 9 04:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48334 SEQ=1 Nov 9 04:51:25 server83 aibolit_wrapper[31535]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440852071838.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440852073400.txt --progress=/tmp/malware_cleaner_progress_17626440852073228.json --csv_result=/tmp/revisium_csvfile_17626440852073304.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:29 server83 dhclient[31314]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x5607d228) Nov 9 04:51:30 server83 aibolit_wrapper[31660]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440908627980.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440908630328.txt --progress=/tmp/malware_cleaner_progress_17626440908630042.json --csv_result=/tmp/revisium_csvfile_17626440908630166.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30222 SEQ=1 Nov 9 04:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53147 SEQ=1 Nov 9 04:51:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1160 SEQ=1 Nov 9 04:51:35 server83 letsencrypt.live.cgi: time="2025-11-09T04:51:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=adarshpvtiti WantedNames="[]" Nov 9 04:51:36 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:51:36 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:51:38 server83 aibolit_wrapper[31895]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626440986259276.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626440986262136.txt --progress=/tmp/malware_cleaner_progress_17626440986261728.json --csv_result=/tmp/revisium_csvfile_17626440986261910.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:38 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2090 SEQ=1 Nov 9 04:51:39 server83 dhclient[31314]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x5607d228) Nov 9 04:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26732 SEQ=1 Nov 9 04:51:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.221.141.186 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=10857 DF PROTO=TCP SPT=11881 DPT=9811 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 04:51:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=42494 PROTO=TCP SPT=21459 DPT=1521 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:51:46 server83 aibolit_wrapper[32108]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626441067022218.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626441067025902.txt --progress=/tmp/malware_cleaner_progress_17626441067025446.json --csv_result=/tmp/revisium_csvfile_17626441067025636.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50502 SEQ=1 Nov 9 04:51:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11602 SEQ=1 Nov 9 04:51:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41527 SEQ=1 Nov 9 04:51:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:51:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46571 SEQ=1 Nov 9 04:51:50 server83 systemd: Started Session c2831 of user root. Nov 9 04:51:50 server83 scripts.sh: Load Average: 5.14 , 3.89 Nov 9 04:51:50 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 04:51:50 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 04:51:50 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 04:51:50 server83 scripts.sh: HTTPD Status: inactive Nov 9 04:51:50 server83 scripts.sh: MySQL Status: active Nov 9 04:51:50 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 04:51:50 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 04:51:50 server83 scripts.sh: SSHD Status: active Nov 9 04:51:50 server83 scripts.sh: FTP Status: active Nov 9 04:51:50 server83 scripts.sh: LiteSpeed Status: Active Nov 9 04:51:50 server83 scripts.sh: Imunify Status: Active Nov 9 04:51:50 server83 scripts.sh: cPanel Status: active Nov 9 04:51:50 server83 scripts.sh: Memory Status: 12/31 GB - 40.81% Nov 9 04:51:50 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 04:51:50 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 04:51:50 server83 scripts.sh: Local Version: 4.4.5 Nov 9 04:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58150 SEQ=1 Nov 9 04:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43390 SEQ=1 Nov 9 04:51:51 server83 letsencrypt.live.cgi: time="2025-11-09T04:51:51+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=insidefo WantedNames="[]" error="Account is suspended" Nov 9 04:51:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24535 SEQ=1 Nov 9 04:51:54 server83 aibolit_wrapper[32355]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626441146534290.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626441146535790.txt --progress=/tmp/malware_cleaner_progress_17626441146535616.json --csv_result=/tmp/revisium_csvfile_17626441146535694.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:51:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7435 DF PROTO=TCP SPT=58165 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:51:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7436 DF PROTO=TCP SPT=58165 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:51:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=3954 PROTO=TCP SPT=59508 DPT=39846 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:51:57 server83 dhclient[31314]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5607d228) Nov 9 04:51:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7437 DF PROTO=TCP SPT=58165 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:51:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.21 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51974 DPT=8798 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:52:00 server83 NetworkManager[922]: <warn> [1762644120.0877] dhcp4 (eth1): request timed out Nov 9 04:52:00 server83 NetworkManager[922]: <info> [1762644120.0877] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:52:00 server83 NetworkManager[922]: <info> [1762644120.1037] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31314 Nov 9 04:52:00 server83 NetworkManager[922]: <info> [1762644120.1038] dhcp4 (eth1): state changed timeout -> done Nov 9 04:52:00 server83 NetworkManager[922]: <info> [1762644120.1040] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:52:00 server83 NetworkManager[922]: <warn> [1762644120.1043] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:52:00 server83 NetworkManager[922]: <info> [1762644120.1044] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:52:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.119 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=10673 DF PROTO=TCP SPT=37320 DPT=9123 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:52:00 server83 aibolit_wrapper[32520]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626441203713012.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626441203714940.txt --progress=/tmp/malware_cleaner_progress_17626441203714724.json --csv_result=/tmp/revisium_csvfile_17626441203714836.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:52:01 server83 systemd: Started Session 306587 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306589 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306588 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306590 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306592 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306593 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306591 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306595 of user root. Nov 9 04:52:01 server83 systemd: Started Session 306594 of user root. Nov 9 04:52:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.119 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45993 DF PROTO=TCP SPT=37378 DPT=9123 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:52:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.119 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32456 DF PROTO=TCP SPT=37400 DPT=9123 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:52:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7438 DF PROTO=TCP SPT=58165 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31793 SEQ=1 Nov 9 04:52:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50605 SEQ=1 Nov 9 04:52:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64164 SEQ=1 Nov 9 04:52:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50077 SEQ=1 Nov 9 04:52:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64164 SEQ=1 Nov 9 04:52:05 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:52:05 server83 imunify-auditd-log-reader[15193]: lost 2 message sequences Nov 9 04:52:06 server83 aibolit_wrapper[32735]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626441262697108.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626441262699204.txt --progress=/tmp/malware_cleaner_progress_17626441262698936.json --csv_result=/tmp/revisium_csvfile_17626441262699042.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:52:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:52:06 server83 letsencrypt.live.cgi: time="2025-11-09T04:52:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pksofte85 WantedNames="[]" Nov 9 04:52:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7439 DF PROTO=TCP SPT=58165 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:12 server83 aibolit_wrapper[418]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626441320155568.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626441320158524.txt --progress=/tmp/malware_cleaner_progress_17626441320158164.json --csv_result=/tmp/revisium_csvfile_17626441320158340.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:52:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.130 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=32967 PROTO=TCP SPT=37107 DPT=999 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:52:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5193 SEQ=1 Nov 9 04:52:18 server83 aibolit_wrapper[564]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626441387900534.txt --input-fn-b64-encoded --username=lucky --report-hashes --log=/tmp/malware_cleaner_log_17626441387903970.txt --progress=/tmp/malware_cleaner_progress_17626441387903614.json --csv_result=/tmp/revisium_csvfile_17626441387903746.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 04:52:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.185 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39834 DPT=9303 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:52:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54746 SEQ=1 Nov 9 04:52:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38379 SEQ=1 Nov 9 04:52:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23113 SEQ=1 Nov 9 04:52:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3748 SEQ=1 Nov 9 04:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=619 SEQ=1 Nov 9 04:52:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7440 DF PROTO=TCP SPT=58912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7441 DF PROTO=TCP SPT=58912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7442 DF PROTO=TCP SPT=58912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7443 DF PROTO=TCP SPT=58912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36931 PROTO=TCP SPT=32959 DPT=5961 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:52:31 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:52:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:52:32 server83 letsencrypt.live.cgi: time="2025-11-09T04:52:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=courierplus WantedNames="[]" Nov 9 04:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50842 SEQ=1 Nov 9 04:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42983 SEQ=1 Nov 9 04:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4074 SEQ=1 Nov 9 04:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4074 SEQ=1 Nov 9 04:52:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38625 SEQ=1 Nov 9 04:52:36 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:52:36 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:52:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7444 DF PROTO=TCP SPT=58912 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16224 SEQ=1 Nov 9 04:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37594 SEQ=1 Nov 9 04:52:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.95.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50292 DPT=9303 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:52:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27495 PROTO=TCP SPT=61234 DPT=5927 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:52:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.86.246 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1070 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:52:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.67 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55678 DPT=1717 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:52:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16608 PROTO=TCP SPT=40878 DPT=41052 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:52:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29641 SEQ=1 Nov 9 04:52:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14942 SEQ=1 Nov 9 04:52:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29641 SEQ=1 Nov 9 04:52:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61386 SEQ=1 Nov 9 04:52:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:52:48 server83 letsencrypt.live.cgi: time="2025-11-09T04:52:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jeevankalyansami WantedNames="[]" Nov 9 04:52:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56856 SEQ=1 Nov 9 04:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20262 SEQ=1 Nov 9 04:52:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3311 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:52:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13637 PROTO=TCP SPT=56698 DPT=8215 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54916 PROTO=TCP SPT=46370 DPT=1840 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=60186 PROTO=TCP SPT=43437 DPT=2601 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.43 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=25787 PROTO=TCP SPT=50310 DPT=21340 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:53:01 server83 systemd: Started Session 306597 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306596 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306598 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306602 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306601 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306599 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306600 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306604 of user root. Nov 9 04:53:01 server83 systemd: Started Session 306603 of user root. Nov 9 04:53:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:53:01 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:53:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.143 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=43695 PROTO=TCP SPT=24325 DPT=4786 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:53:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54942 SEQ=1 Nov 9 04:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9969 SEQ=1 Nov 9 04:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59130 SEQ=1 Nov 9 04:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.48 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50377 DPT=21443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.143 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51924 DPT=9617 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.114 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=3850 PROTO=TCP SPT=54744 DPT=8306 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:53:13 server83 letsencrypt.live.cgi: time="2025-11-09T04:53:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mmf WantedNames="[]" Nov 9 04:53:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:53:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3310 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41752 SEQ=1 Nov 9 04:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34306 SEQ=1 Nov 9 04:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=663 SEQ=1 Nov 9 04:53:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.254 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=23547 DF PROTO=TCP SPT=59196 DPT=9585 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28691 SEQ=1 Nov 9 04:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28691 SEQ=1 Nov 9 04:53:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=663 SEQ=1 Nov 9 04:53:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.102.115.137 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=41227 PROTO=TCP SPT=36399 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=43557 PROTO=TCP SPT=61234 DPT=5928 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:53:29 server83 letsencrypt.live.cgi: time="2025-11-09T04:53:29+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bnxpress WantedNames="[]" error="Account is suspended" Nov 9 04:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44059 SEQ=1 Nov 9 04:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10948 SEQ=1 Nov 9 04:53:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17800 PROTO=TCP SPT=59492 DPT=48047 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4520 SEQ=1 Nov 9 04:53:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28807 SEQ=1 Nov 9 04:53:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58029 SEQ=1 Nov 9 04:53:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63746 PROTO=TCP SPT=54739 DPT=2746 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:53:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3317 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14022 SEQ=1 Nov 9 04:53:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.16 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51644 DPT=3000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:40 server83 pam_imunify_daemon.bin: time="2025-11-09T04:53:40+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 04:53:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7445 DF PROTO=TCP SPT=60892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:53:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7446 DF PROTO=TCP SPT=60892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:53:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7447 DF PROTO=TCP SPT=60892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:53:44 server83 letsencrypt.live.cgi: time="2025-11-09T04:53:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=advjauto WantedNames="[]" error="Account is suspended" Nov 9 04:53:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51249 DPT=614 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32886 SEQ=1 Nov 9 04:53:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32886 SEQ=1 Nov 9 04:53:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39487 SEQ=1 Nov 9 04:53:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:53:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 04:53:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7448 DF PROTO=TCP SPT=60892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:53:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34035 PROTO=TCP SPT=55176 DPT=5943 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12579 SEQ=1 Nov 9 04:53:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45547 SEQ=1 Nov 9 04:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5702 SEQ=1 Nov 9 04:53:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=28525 PROTO=TCP SPT=60199 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7449 DF PROTO=TCP SPT=60892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 04:53:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.82 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52042 DF PROTO=TCP SPT=11009 DPT=22044 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:53:59 server83 letsencrypt.live.cgi: time="2025-11-09T04:53:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nfcdindia WantedNames="[]" Nov 9 04:54:01 server83 systemd: Started Session 306608 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306607 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306609 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306610 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306606 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306605 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306611 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306612 of user root. Nov 9 04:54:01 server83 systemd: Started Session 306613 of user root. Nov 9 04:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54475 SEQ=1 Nov 9 04:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.29.13.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65531 DPT=44444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.29.13.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65531 DPT=44443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.29.13.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65531 DPT=8444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.29.13.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65531 DPT=10000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.29.13.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=123 PROTO=TCP SPT=65531 DPT=4444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50563 SEQ=1 Nov 9 04:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4435 SEQ=1 Nov 9 04:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12322 SEQ=1 Nov 9 04:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4435 SEQ=1 Nov 9 04:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15741 SEQ=1 Nov 9 04:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15741 SEQ=1 Nov 9 04:54:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=189.1.224.80 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=19089 DF PROTO=ICMP TYPE=8 CODE=0 ID=31805 SEQ=65167 Nov 9 04:54:15 server83 letsencrypt.live.cgi: time="2025-11-09T04:54:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ruthhandcock WantedNames="[]" Nov 9 04:54:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6191 PROTO=TCP SPT=49956 DPT=29924 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:54:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42752 PROTO=TCP SPT=46370 DPT=2595 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50773 SEQ=1 Nov 9 04:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38118 SEQ=1 Nov 9 04:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32512 SEQ=1 Nov 9 04:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21740 SEQ=1 Nov 9 04:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2908 SEQ=1 Nov 9 04:54:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3316 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.239.150.151 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=3675 DF PROTO=TCP SPT=64617 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:54:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60465 SEQ=1 Nov 9 04:54:31 server83 letsencrypt.live.cgi: time="2025-11-09T04:54:31+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bidasar WantedNames="[]" error="Account is suspended" Nov 9 04:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60465 SEQ=1 Nov 9 04:54:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34899 PROTO=TCP SPT=54025 DPT=4399 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:54:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31880 SEQ=1 Nov 9 04:54:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.148.147.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50415 DPT=9700 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:54:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40252 PROTO=TCP SPT=49956 DPT=26907 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1529 SEQ=1 Nov 9 04:54:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=123.145.22.9 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=8190 PROTO=TCP SPT=64412 DPT=1214 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9567 DF PROTO=TCP SPT=28625 DPT=9706 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:54:46 server83 letsencrypt.live.cgi: time="2025-11-09T04:54:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=legalarise WantedNames="[]" Nov 9 04:54:47 server83 imunify360-php-daemon[734]: error sending monitoring stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:54:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8218 SEQ=1 Nov 9 04:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21098 SEQ=1 Nov 9 04:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22588 SEQ=1 Nov 9 04:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11245 SEQ=1 Nov 9 04:54:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.242.196 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47857 DPT=10433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:54:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22254 SEQ=1 Nov 9 04:54:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57558 SEQ=1 Nov 9 04:54:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=120.205.80.210 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=18962 PROTO=TCP SPT=57024 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:54:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3315 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:54:57 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 04:54:57 server83 systemd: Stopped Status Update Service. Nov 9 04:54:57 server83 systemd: Started Status Update Service. Nov 9 04:54:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3309 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:55:01 server83 systemd: Started Session 306614 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306615 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306617 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306618 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306619 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306620 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306621 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306622 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306623 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306624 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306625 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306616 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306626 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306627 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306628 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306629 of user root. Nov 9 04:55:01 server83 systemd: Started Session 306630 of user root. Nov 9 04:55:02 server83 letsencrypt.live.cgi: time="2025-11-09T04:55:02+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=lrwirenail WantedNames="[]" error="Account is suspended" Nov 9 04:55:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49884 SEQ=1 Nov 9 04:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32302 SEQ=1 Nov 9 04:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13551 SEQ=1 Nov 9 04:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32442 SEQ=1 Nov 9 04:55:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=12766 PROTO=TCP SPT=21459 DPT=26257 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:55:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2289 Nov 9 04:55:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2389 Nov 9 04:55:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2489 Nov 9 04:55:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2589 Nov 9 04:55:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2689 Nov 9 04:55:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:55:17 server83 letsencrypt.live.cgi: time="2025-11-09T04:55:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mpnancom WantedNames="[]" Nov 9 04:55:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53630 SEQ=1 Nov 9 04:55:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17226 SEQ=1 Nov 9 04:55:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19651 SEQ=1 Nov 9 04:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4354 SEQ=1 Nov 9 04:55:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3308 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:55:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.127 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56892 DPT=10433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:55:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=50053 DPT=10086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:55:27 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.198.86 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=25 SEQ=22879 Nov 9 04:55:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.231 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=48518 PROTO=TCP SPT=57230 DPT=8333 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:55:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.46 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=46229 PROTO=TCP SPT=50864 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:55:33 server83 letsencrypt.live.cgi: time="2025-11-09T04:55:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=akavee WantedNames="[]" Nov 9 04:55:34 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:55:34 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:55:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56845 SEQ=1 Nov 9 04:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10474 SEQ=1 Nov 9 04:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52022 SEQ=1 Nov 9 04:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21436 SEQ=1 Nov 9 04:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39973 SEQ=1 Nov 9 04:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37711 SEQ=1 Nov 9 04:55:38 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 04:55:38 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 04:55:38 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 04:55:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63162 SEQ=1 Nov 9 04:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54986 PROTO=TCP SPT=41900 DPT=5111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:55:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=40867 SEQ=2516 Nov 9 04:55:44 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=19493 SEQ=5409 Nov 9 04:55:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19324 SEQ=1 Nov 9 04:55:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:55:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25676 PROTO=TCP SPT=54498 DPT=4678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5920 SEQ=1 Nov 9 04:55:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=27794 DF PROTO=TCP SPT=40404 DPT=8456 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:55:49 server83 letsencrypt.live.cgi: time="2025-11-09T04:55:49+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=nikolaautomation WantedNames="[]" error="Account is suspended" Nov 9 04:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=27795 DF PROTO=TCP SPT=40404 DPT=8456 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=41226 DF PROTO=TCP SPT=38788 DPT=8456 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:55:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=23458 DPT=33434 LEN=48 Nov 9 04:55:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=45747 DPT=33434 LEN=48 Nov 9 04:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3314 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:55:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5920 SEQ=1 Nov 9 04:55:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48242 SEQ=1 Nov 9 04:55:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=41227 DF PROTO=TCP SPT=38788 DPT=8456 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 04:55:52 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=17023 DPT=33434 LEN=48 Nov 9 04:55:52 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=44925 DPT=33434 LEN=48 Nov 9 04:55:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22280 SEQ=1 Nov 9 04:55:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.74.50.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41281 DPT=10134 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:55:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=57363 DPT=33434 LEN=48 Nov 9 04:55:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.206 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=31248 DPT=33434 LEN=48 Nov 9 04:55:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.207 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=31853 DPT=33434 LEN=48 Nov 9 04:55:56 server83 imunify-auditd-log-reader[15193]: lost 1 message sequences Nov 9 04:55:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.211 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52306 DPT=9067 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:55:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=12072 DPT=33434 LEN=48 Nov 9 04:55:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.210 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=58749 DPT=33434 LEN=48 Nov 9 04:55:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.12 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=46250 PROTO=TCP SPT=48864 DPT=1521 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=4607 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=43114 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:01 server83 systemd: Started Session 306632 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306633 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306634 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306631 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306635 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306636 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306637 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306638 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306639 of user root. Nov 9 04:56:01 server83 systemd: Started Session 306640 of user root. Nov 9 04:56:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49473 SEQ=1 Nov 9 04:56:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=48847 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54055 SEQ=1 Nov 9 04:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x20 TTL=44 ID=0 DF PROTO=TCP SPT=36502 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.206 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=3776 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:04 server83 letsencrypt.live.cgi: time="2025-11-09T04:56:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shipmente WantedNames="[]" Nov 9 04:56:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51627 DPT=9311 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:56:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.207 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=22102 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.208 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=8692 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32468 SEQ=1 Nov 9 04:56:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=4041 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.210 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=13932 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54055 SEQ=1 Nov 9 04:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52677 SEQ=1 Nov 9 04:56:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13962 PROTO=TCP SPT=40878 DPT=41775 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:56:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50308 PROTO=TCP SPT=49956 DPT=28841 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:56:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56710 DPT=9191 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:56:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.191 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53688 DPT=35561 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52437 SEQ=1 Nov 9 04:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12484 SEQ=1 Nov 9 04:56:20 server83 letsencrypt.live.cgi: time="2025-11-09T04:56:20+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=harshitp WantedNames="[]" error="Account is suspended" Nov 9 04:56:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28954 SEQ=1 Nov 9 04:56:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.121.45 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=36543 DPT=8945 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:56:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=5325 PROTO=TCP SPT=44375 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29834 SEQ=1 Nov 9 04:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42863 SEQ=1 Nov 9 04:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59871 SEQ=1 Nov 9 04:56:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.92.27.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50744 DPT=10134 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:56:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57051 PROTO=TCP SPT=58603 DPT=33891 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:56:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=26528 PROTO=TCP SPT=44375 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:56:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=41598 PROTO=TCP SPT=44375 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:56:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57004 SEQ=1 Nov 9 04:56:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:56:35 server83 letsencrypt.live.cgi: time="2025-11-09T04:56:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=merdiangfm WantedNames="[]" Nov 9 04:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57004 SEQ=1 Nov 9 04:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14108 SEQ=1 Nov 9 04:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36212 SEQ=1 Nov 9 04:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60633 SEQ=1 Nov 9 04:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5128 SEQ=1 Nov 9 04:56:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.145 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=31 ID=19073 PROTO=UDP SPT=19849 DPT=1194 LEN=22 Nov 9 04:56:47 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 04:56:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17823 SEQ=1 Nov 9 04:56:51 server83 letsencrypt.live.cgi: time="2025-11-09T04:56:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=almadeen WantedNames="[]" Nov 9 04:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48799 SEQ=1 Nov 9 04:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61841 SEQ=1 Nov 9 04:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22093 SEQ=1 Nov 9 04:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53091 SEQ=1 Nov 9 04:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39904 SEQ=1 Nov 9 04:56:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.157 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49469 DPT=33699 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:56:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.117.57.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=32959 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1198] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1204] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1206] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1211] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1222] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1226] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:57:00 server83 NetworkManager[922]: <info> [1762644420.1242] dhcp4 (eth1): dhclient started with pid 7025 Nov 9 04:57:00 server83 dhclient[7025]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x14822b7b) Nov 9 04:57:01 server83 systemd: Started Session 306642 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306641 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306643 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306646 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306644 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306647 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306648 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306649 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306645 of user root. Nov 9 04:57:01 server83 systemd: Started Session 306650 of user root. Nov 9 04:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38018 SEQ=1 Nov 9 04:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47650 SEQ=1 Nov 9 04:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52161 SEQ=1 Nov 9 04:57:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:57:05 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 04:57:05 server83 dhclient[7025]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x14822b7b) Nov 9 04:57:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=33441 PROTO=TCP SPT=34475 DPT=11967 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:57:06 server83 letsencrypt.live.cgi: time="2025-11-09T04:57:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=zophixco WantedNames="[]" Nov 9 04:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45478 SEQ=1 Nov 9 04:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57377 SEQ=1 Nov 9 04:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13019 SEQ=1 Nov 9 04:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5333 SEQ=1 Nov 9 04:57:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.232 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52759 DPT=8132 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:57:14 server83 dhclient[7025]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x14822b7b) Nov 9 04:57:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.249 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=32328 PROTO=TCP SPT=49356 DPT=5902 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:57:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32134 PROTO=TCP SPT=40878 DPT=17137 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:57:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.65.212 DST=51.210.113.204 LEN=51 TOS=0x00 PREC=0x00 TTL=47 ID=14855 DF PROTO=UDP SPT=57161 DPT=623 LEN=31 Nov 9 04:57:21 server83 dhclient[7025]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x14822b7b) Nov 9 04:57:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40999 SEQ=1 Nov 9 04:57:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51823 SEQ=1 Nov 9 04:57:22 server83 letsencrypt.live.cgi: time="2025-11-09T04:57:22+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=elive WantedNames="[]" error="Account is suspended" Nov 9 04:57:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.55 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50007 DPT=45956 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:57:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51823 SEQ=1 Nov 9 04:57:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9505 SEQ=1 Nov 9 04:57:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19863 SEQ=1 Nov 9 04:57:36 server83 pam_imunify_daemon.bin: time="2025-11-09T04:57:36+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 04:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16191 SEQ=1 Nov 9 04:57:37 server83 dhclient[7025]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x14822b7b) Nov 9 04:57:37 server83 letsencrypt.live.cgi: time="2025-11-09T04:57:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pikespeakz WantedNames="[]" Nov 9 04:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16191 SEQ=1 Nov 9 04:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18723 SEQ=1 Nov 9 04:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63308 SEQ=1 Nov 9 04:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44738 SEQ=1 Nov 9 04:57:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.106 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50645 DPT=22011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:57:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.66.75.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57988 PROTO=TCP SPT=65257 DPT=32773 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:57:45 server83 NetworkManager[922]: <warn> [1762644465.0907] dhcp4 (eth1): request timed out Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.0907] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1067] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7025 Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1067] dhcp4 (eth1): state changed timeout -> done Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1069] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:57:45 server83 NetworkManager[922]: <warn> [1762644465.1074] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1076] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1108] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1111] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1112] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1116] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1126] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1128] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:57:45 server83 NetworkManager[922]: <info> [1762644465.1139] dhcp4 (eth1): dhclient started with pid 8401 Nov 9 04:57:45 server83 dhclient[8401]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5af54851) Nov 9 04:57:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3938 SEQ=1 Nov 9 04:57:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29508 SEQ=1 Nov 9 04:57:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61597 SEQ=1 Nov 9 04:57:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60605 PROTO=TCP SPT=57143 DPT=8624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:57:48 server83 dhclient[8401]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x5af54851) Nov 9 04:57:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32714 SEQ=1 Nov 9 04:57:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29508 SEQ=1 Nov 9 04:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55934 SEQ=1 Nov 9 04:57:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.163.2.151 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=10350 PROTO=TCP SPT=50890 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:57:53 server83 dhclient[8401]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5af54851) Nov 9 04:57:53 server83 letsencrypt.live.cgi: time="2025-11-09T04:57:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cvprofile WantedNames="[]" Nov 9 04:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51629 SEQ=1 Nov 9 04:58:01 server83 systemd: Started Session 306651 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306653 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306654 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306652 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306657 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306655 of user root. Nov 9 04:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 04:58:01 server83 systemd: Started Session 306656 of user metalarts. Nov 9 04:58:01 server83 systemd: Started Session 306658 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306660 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306659 of user root. Nov 9 04:58:01 server83 systemd: Started Session 306661 of user root. Nov 9 04:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 04:58:02 server83 systemd: Time has been changed Nov 9 04:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30376 SEQ=1 Nov 9 04:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=57285 PROTO=TCP SPT=47238 DPT=43713 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:58:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3307 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43271 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:58:06 server83 dhclient[8401]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x5af54851) Nov 9 04:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62033 SEQ=1 Nov 9 04:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1722 SEQ=1 Nov 9 04:58:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.149.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=0 DF PROTO=TCP SPT=34821 DPT=8051 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31370 SEQ=1 Nov 9 04:58:08 server83 letsencrypt.live.cgi: time="2025-11-09T04:58:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=llpfirstshipping WantedNames="[]" Nov 9 04:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30376 SEQ=1 Nov 9 04:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27336 SEQ=1 Nov 9 04:58:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=24995 PROTO=TCP SPT=55975 DPT=7617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:58:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.164 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50203 DPT=8009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:58:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.17 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=6775 PROTO=TCP SPT=40889 DPT=6663 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 04:58:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26681 SEQ=1 Nov 9 04:58:20 server83 systemd: Stopping Imunify360 auditd log reader... Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: filter routine finished Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: log reader failed to send statistics: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: exited Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: Operations: Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: #011get : 12696 Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: #011put : 9985116 Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: #011filter: : 10499457 Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: #011merge: : 9499621 Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: #011compact : 297 Nov 9 04:58:20 server83 imunify-auditd-log-reader[15193]: #011purge : 1484 Nov 9 04:58:20 server83 systemd: Stopped Imunify360 auditd log reader. Nov 9 04:58:20 server83 systemd: Started Imunify360 auditd log reader. Nov 9 04:58:20 server83 imunify-auditd-log-reader[9638]: starting Nov 9 04:58:20 server83 imunify-auditd-log-reader[9638]: starting log reader Nov 9 04:58:20 server83 imunify-auditd-log-reader[9638]: started log reader Nov 9 04:58:20 server83 systemd: Stopping OpenSSH server daemon... Nov 9 04:58:20 server83 systemd: Stopped OpenSSH server daemon. Nov 9 04:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 04:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 04:58:20 server83 systemd: Starting OpenSSH server daemon... Nov 9 04:58:20 server83 systemd: Started OpenSSH server daemon. Nov 9 04:58:20 server83 imunify-auditd-log-reader[9638]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:58:21 server83 imunify-auditd-log-reader[9638]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:58:21 server83 imunify-auditd-log-reader[9638]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:58:21 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 04:58:21 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 04:58:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.91 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34696 DF PROTO=TCP SPT=54860 DPT=8069 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:58:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50599 PROTO=TCP SPT=56783 DPT=4071 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9348 SEQ=1 Nov 9 04:58:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.91 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34697 DF PROTO=TCP SPT=54860 DPT=8069 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:58:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.91 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=1390 DF PROTO=TCP SPT=49102 DPT=8069 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21598 SEQ=1 Nov 9 04:58:23 server83 dhclient[8401]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5af54851) Nov 9 04:58:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.71.243.143 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=32229 PROTO=TCP SPT=53699 DPT=2222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:58:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=391 SEQ=1 Nov 9 04:58:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.91 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=1391 DF PROTO=TCP SPT=49102 DPT=8069 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:58:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10156 SEQ=1 Nov 9 04:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45319 SEQ=1 Nov 9 04:58:24 server83 letsencrypt.live.cgi: time="2025-11-09T04:58:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=westmail WantedNames="[]" Nov 9 04:58:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:58:29 server83 NetworkManager[922]: <warn> [1762644509.4421] dhcp4 (eth1): request timed out Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4421] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4580] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8401 Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4580] dhcp4 (eth1): state changed timeout -> done Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4582] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:58:29 server83 NetworkManager[922]: <warn> [1762644509.4585] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4587] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4617] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4620] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4621] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4623] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4632] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4634] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:58:29 server83 NetworkManager[922]: <info> [1762644509.4644] dhcp4 (eth1): dhclient started with pid 11979 Nov 9 04:58:29 server83 dhclient[11979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x2c27aba4) Nov 9 04:58:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62439 PROTO=TCP SPT=61234 DPT=5979 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3550 SEQ=1 Nov 9 04:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18389 SEQ=1 Nov 9 04:58:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.34 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=34961 DF PROTO=TCP SPT=27512 DPT=9992 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:58:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27872 SEQ=1 Nov 9 04:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.107 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=29158 DF PROTO=TCP SPT=10571 DPT=21275 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:58:33 server83 dhclient[11979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x2c27aba4) Nov 9 04:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27661 SEQ=1 Nov 9 04:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21661 SEQ=1 Nov 9 04:58:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:58:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:58:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.244 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55614 DPT=47830 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:58:38 server83 dhclient[11979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x2c27aba4) Nov 9 04:58:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=41837 PROTO=TCP SPT=21459 DPT=17000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:58:39 server83 imunify-realtime-av[6776]: failed to send stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 04:58:39 server83 letsencrypt.live.cgi: time="2025-11-09T04:58:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ssascoin WantedNames="[]" Nov 9 04:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:58:44 server83 dhclient[11979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x2c27aba4) Nov 9 04:58:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33676 SEQ=1 Nov 9 04:58:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.9 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=63379 DF PROTO=TCP SPT=17565 DPT=23192 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 04:58:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55895 SEQ=1 Nov 9 04:58:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:58:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27335 SEQ=1 Nov 9 04:58:48 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.235.176.50 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=37277 DPT=123 LEN=200 Nov 9 04:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27335 SEQ=1 Nov 9 04:58:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23425 SEQ=1 Nov 9 04:58:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55895 SEQ=1 Nov 9 04:58:54 server83 dhclient[11979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x2c27aba4) Nov 9 04:58:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:58:55 server83 letsencrypt.live.cgi: time="2025-11-09T04:58:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sardarjifones WantedNames="[]" Nov 9 04:58:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43774 PROTO=TCP SPT=33372 DPT=7525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:59:01 server83 systemd: Started Session 306662 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306664 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306665 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306666 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306663 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306667 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306668 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306669 of user root. Nov 9 04:59:01 server83 systemd: Started Session 306670 of user root. Nov 9 04:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:59:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 04:59:01 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 04:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 04:59:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9012 SEQ=1 Nov 9 04:59:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=63464 PROTO=TCP SPT=56185 DPT=7915 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=37327 PROTO=TCP SPT=47238 DPT=34129 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:59:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63427 SEQ=1 Nov 9 04:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44063 SEQ=1 Nov 9 04:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9012 SEQ=1 Nov 9 04:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11240 SEQ=1 Nov 9 04:59:11 server83 letsencrypt.live.cgi: time="2025-11-09T04:59:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sainathiti WantedNames="[]" Nov 9 04:59:11 server83 scripts.sh: Sun Nov 9 04:59:11 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 04:59:11 server83 dhclient[11979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x2c27aba4) Nov 9 04:59:14 server83 NetworkManager[922]: <warn> [1762644554.4503] dhcp4 (eth1): request timed out Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11979 Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:59:14 server83 NetworkManager[922]: <warn> [1762644554.4673] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4676] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4711] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4717] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4718] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4721] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4732] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4735] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 04:59:14 server83 NetworkManager[922]: <info> [1762644554.4747] dhcp4 (eth1): dhclient started with pid 13782 Nov 9 04:59:14 server83 dhclient[13782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x40c92e9e) Nov 9 04:59:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=53444 PROTO=TCP SPT=55975 DPT=7616 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:59:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34862 SEQ=1 Nov 9 04:59:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 04:59:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41366 SEQ=1 Nov 9 04:59:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=38665 DF PROTO=ICMP TYPE=8 CODE=0 ID=16306 SEQ=47849 Nov 9 04:59:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29212 SEQ=1 Nov 9 04:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14390 SEQ=1 Nov 9 04:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55066 SEQ=1 Nov 9 04:59:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3305 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41366 SEQ=1 Nov 9 04:59:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.230 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=32470 PROTO=TCP SPT=1160 DPT=32907 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:59:22 server83 dhclient[13782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x40c92e9e) Nov 9 04:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62967 SEQ=1 Nov 9 04:59:26 server83 letsencrypt.live.cgi: time="2025-11-09T04:59:26+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=narpatpagria WantedNames="[]" error="Account is suspended" Nov 9 04:59:31 server83 dhclient[13782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x40c92e9e) Nov 9 04:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7753 SEQ=1 Nov 9 04:59:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18409 SEQ=1 Nov 9 04:59:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28537 SEQ=1 Nov 9 04:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7753 SEQ=1 Nov 9 04:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6153 SEQ=1 Nov 9 04:59:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.137 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=57321 PROTO=TCP SPT=47112 DPT=8022 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 04:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3964 SEQ=1 Nov 9 04:59:41 server83 letsencrypt.live.cgi: time="2025-11-09T04:59:41+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ambianceinterior WantedNames="[]" error="Account is suspended" Nov 9 04:59:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3313 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:59:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.148.190.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=10619 PROTO=TCP SPT=45719 DPT=30689 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 04:59:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39453 PROTO=TCP SPT=49956 DPT=29444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7800 SEQ=1 Nov 9 04:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3688 SEQ=1 Nov 9 04:59:50 server83 dhclient[13782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x40c92e9e) Nov 9 04:59:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2137 SEQ=1 Nov 9 04:59:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.184 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=25106 PROTO=TCP SPT=53647 DPT=9002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 04:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7800 SEQ=1 Nov 9 04:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24155 SEQ=1 Nov 9 04:59:56 server83 letsencrypt.live.cgi: time="2025-11-09T04:59:56+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=nsconsultants WantedNames="[]" error="Account is suspended" Nov 9 04:59:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26472 PROTO=TCP SPT=59115 DPT=9972 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 04:59:59 server83 NetworkManager[922]: <warn> [1762644599.4503] dhcp4 (eth1): request timed out Nov 9 04:59:59 server83 NetworkManager[922]: <info> [1762644599.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 04:59:59 server83 NetworkManager[922]: <info> [1762644599.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13782 Nov 9 04:59:59 server83 NetworkManager[922]: <info> [1762644599.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 04:59:59 server83 NetworkManager[922]: <info> [1762644599.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 04:59:59 server83 NetworkManager[922]: <warn> [1762644599.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 04:59:59 server83 NetworkManager[922]: <info> [1762644599.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 04:59:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.128 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=57949 DF PROTO=TCP SPT=64821 DPT=4010 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:00:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.66.90 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30554 PROTO=TCP SPT=44562 DPT=5432 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:00:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38655 SEQ=1 Nov 9 05:00:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60741 SEQ=1 Nov 9 05:00:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:00:01 server83 systemd: Started Session 306674 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306673 of user root. Nov 9 05:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:00:01 server83 systemd: Started Session 306672 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306675 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306671 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306677 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306676 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306679 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306683 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306680 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306685 of user root. Nov 9 05:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 05:00:01 server83 systemd: Started Session 306682 of user sanatanhinduvahi. Nov 9 05:00:01 server83 systemd: Started Session 306681 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306678 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306686 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306688 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306687 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306690 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306684 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306689 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306692 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306693 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306694 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306691 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306695 of user root. Nov 9 05:00:01 server83 systemd: Started Session 306696 of user root. Nov 9 05:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 05:00:01 server83 systemd: Stopping Apache SpamAssassinâ„¢ deferral daemon... Nov 9 05:00:01 server83 systemd: Stopped Apache SpamAssassinâ„¢ deferral daemon. Nov 9 05:00:01 server83 systemd: Starting Apache SpamAssassinâ„¢ deferral daemon... Nov 9 05:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41407 SEQ=1 Nov 9 05:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30857 SEQ=1 Nov 9 05:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65221 SEQ=1 Nov 9 05:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=23994 DF PROTO=TCP SPT=44137 DPT=22059 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7450 DF PROTO=TCP SPT=47475 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:00:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7451 DF PROTO=TCP SPT=47475 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:06 server83 systemd: Started Apache SpamAssassinâ„¢ deferral daemon. Nov 9 05:00:06 server83 pam_imunify_daemon.bin: time="2025-11-09T05:00:06+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 05:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7452 DF PROTO=TCP SPT=47475 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43119 PROTO=TCP SPT=60326 DPT=8527 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18595 PROTO=TCP SPT=61234 DPT=5972 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:00:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7453 DF PROTO=TCP SPT=47475 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:12 server83 letsencrypt.live.cgi: time="2025-11-09T05:00:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=araratchildcarer WantedNames="[]" Nov 9 05:00:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3304 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:00:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.233.100 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2389 Nov 9 05:00:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.233.100 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2489 Nov 9 05:00:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.233.100 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2589 Nov 9 05:00:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.233.100 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2689 Nov 9 05:00:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.233.100 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2789 Nov 9 05:00:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.98 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=34872 PROTO=TCP SPT=58914 DPT=4444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:00:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22501 PROTO=TCP SPT=60376 DPT=8142 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7454 DF PROTO=TCP SPT=47475 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48828 SEQ=1 Nov 9 05:00:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55273 SEQ=1 Nov 9 05:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24624 SEQ=1 Nov 9 05:00:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=25 SEQ=23179 Nov 9 05:00:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.81.135 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=25 SEQ=22979 Nov 9 05:00:27 server83 letsencrypt.live.cgi: time="2025-11-09T05:00:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aurahomeopathicc WantedNames="[]" Nov 9 05:00:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43377 PROTO=TCP SPT=54361 DPT=7258 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28551 SEQ=1 Nov 9 05:00:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19857 SEQ=1 Nov 9 05:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38 SEQ=1 Nov 9 05:00:33 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:00:33 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:00:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26060 PROTO=TCP SPT=49956 DPT=25123 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:00:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.80.88.32 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=18618 PROTO=TCP SPT=58936 DPT=20547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52693 PROTO=TCP SPT=53107 DPT=9553 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37501 SEQ=1 Nov 9 05:00:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64824 SEQ=1 Nov 9 05:00:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35494 SEQ=1 Nov 9 05:00:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15362 PROTO=TCP SPT=34053 DPT=4607 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:40 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:00:40 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:00:40 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:00:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.38.134 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=6761 DF PROTO=TCP SPT=38605 DPT=582 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:00:43 server83 letsencrypt.live.cgi: time="2025-11-09T05:00:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=eliahuinvest WantedNames="[]" Nov 9 05:00:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28619 SEQ=1 Nov 9 05:00:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24925 SEQ=1 Nov 9 05:00:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:00:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13566 SEQ=1 Nov 9 05:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17331 SEQ=1 Nov 9 05:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17331 SEQ=1 Nov 9 05:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44230 SEQ=1 Nov 9 05:00:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.10 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=53764 PROTO=TCP SPT=58914 DPT=7547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24925 SEQ=1 Nov 9 05:00:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.183.149.228 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=38097 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:00:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7455 DF PROTO=TCP SPT=54245 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:00:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7456 DF PROTO=TCP SPT=54245 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10818 SEQ=1 Nov 9 05:00:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7457 DF PROTO=TCP SPT=54245 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7458 DF PROTO=TCP SPT=54245 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:00:59 server83 letsencrypt.live.cgi: time="2025-11-09T05:00:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=zenitharanoil WantedNames="[]" Nov 9 05:01:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:01:00 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:01:01 server83 systemd: Started Session 306697 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306699 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306700 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306702 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306704 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306701 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306703 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306698 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306705 of user root. Nov 9 05:01:01 server83 systemd: Started Session 306706 of user root. Nov 9 05:01:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.74.58.148 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45706 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40250 SEQ=1 Nov 9 05:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34368 SEQ=1 Nov 9 05:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47275 SEQ=1 Nov 9 05:01:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62788 SEQ=1 Nov 9 05:01:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=47785 DF PROTO=ICMP TYPE=8 CODE=0 ID=49036 SEQ=9478 Nov 9 05:01:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7459 DF PROTO=TCP SPT=54245 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:01:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.213 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18909 DF PROTO=TCP SPT=58608 DPT=3269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:01:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.213 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18910 DF PROTO=TCP SPT=58608 DPT=3269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:01:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.213 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31459 DF PROTO=TCP SPT=58620 DPT=3269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:01:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.213 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31460 DF PROTO=TCP SPT=58620 DPT=3269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:01:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.213 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=27119 DF PROTO=TCP SPT=58632 DPT=3269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:01:14 server83 letsencrypt.live.cgi: time="2025-11-09T05:01:14+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=swastikinterchem WantedNames="[]" error="Account is suspended" Nov 9 05:01:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:01:19 server83 systemd: Started Session c2832 of user root. Nov 9 05:01:20 server83 scripts.sh: Load Average: 3.76 , 3.41 Nov 9 05:01:20 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:01:20 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:01:20 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:01:20 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:01:20 server83 scripts.sh: MySQL Status: active Nov 9 05:01:20 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:01:20 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:01:20 server83 scripts.sh: SSHD Status: active Nov 9 05:01:20 server83 scripts.sh: FTP Status: active Nov 9 05:01:20 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:01:20 server83 scripts.sh: Imunify Status: Active Nov 9 05:01:20 server83 scripts.sh: cPanel Status: active Nov 9 05:01:20 server83 scripts.sh: Memory Status: 11/31 GB - 38.00% Nov 9 05:01:20 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:01:20 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:01:20 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53790 SEQ=1 Nov 9 05:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24620 SEQ=1 Nov 9 05:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24620 SEQ=1 Nov 9 05:01:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51367 SEQ=1 Nov 9 05:01:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23955 SEQ=1 Nov 9 05:01:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.141.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=59710 DPT=40005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:01:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3312 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:01:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.104.47 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42198 DPT=40005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:01:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.221.137.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56450 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:01:29 server83 letsencrypt.live.cgi: time="2025-11-09T05:01:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=globalship WantedNames="[]" Nov 9 05:01:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37301 SEQ=1 Nov 9 05:01:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21266 SEQ=1 Nov 9 05:01:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42325 SEQ=1 Nov 9 05:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37301 SEQ=1 Nov 9 05:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20675 SEQ=1 Nov 9 05:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19000 SEQ=1 Nov 9 05:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33870 SEQ=1 Nov 9 05:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58781 PROTO=TCP SPT=61234 DPT=5933 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.127 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=52331 DF PROTO=ICMP TYPE=8 CODE=0 ID=52167 SEQ=40158 Nov 9 05:01:45 server83 letsencrypt.live.cgi: time="2025-11-09T05:01:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gyananchaldaily WantedNames="[]" Nov 9 05:01:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=43719 PROTO=TCP SPT=56698 DPT=8204 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:01:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:01:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13610 SEQ=1 Nov 9 05:01:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38561 SEQ=1 Nov 9 05:01:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55092 SEQ=1 Nov 9 05:01:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14251 SEQ=1 Nov 9 05:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33108 SEQ=1 Nov 9 05:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13610 SEQ=1 Nov 9 05:01:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=30607 PROTO=TCP SPT=21459 DPT=880 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:01:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10669 PROTO=TCP SPT=56533 DPT=5952 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:01 server83 letsencrypt.live.cgi: time="2025-11-09T05:02:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gptofficialinter WantedNames="[]" Nov 9 05:02:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54004 SEQ=1 Nov 9 05:02:01 server83 systemd: Started Session 306707 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306708 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306709 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306710 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306711 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306712 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306713 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306715 of user root. Nov 9 05:02:01 server83 systemd: Started Session 306714 of user root. Nov 9 05:02:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15618 SEQ=1 Nov 9 05:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57593 SEQ=1 Nov 9 05:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.252.184.97 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=4872 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36779 SEQ=1 Nov 9 05:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40500 SEQ=1 Nov 9 05:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15766 SEQ=1 Nov 9 05:02:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15156 PROTO=TCP SPT=39073 DPT=6570 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45363 SEQ=1 Nov 9 05:02:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7460 DF PROTO=TCP SPT=56377 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7461 DF PROTO=TCP SPT=56377 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7462 DF PROTO=TCP SPT=56429 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1080 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7463 DF PROTO=TCP SPT=56429 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11793 PROTO=TCP SPT=38963 DPT=8047 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7465 DF PROTO=TCP SPT=56429 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7466 DF PROTO=TCP SPT=56377 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7467 DF PROTO=TCP SPT=56429 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:16 server83 letsencrypt.live.cgi: time="2025-11-09T05:02:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mszorthopedistce WantedNames="[]" Nov 9 05:02:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55282 SEQ=1 Nov 9 05:02:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25749 SEQ=1 Nov 9 05:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6025 SEQ=1 Nov 9 05:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47150 SEQ=1 Nov 9 05:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34302 SEQ=1 Nov 9 05:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=40589 DF PROTO=ICMP TYPE=8 CODE=0 ID=3495 SEQ=65147 Nov 9 05:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34302 SEQ=1 Nov 9 05:02:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7468 DF PROTO=TCP SPT=56377 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:02:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.242 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=34 ID=35490 PROTO=UDP SPT=27635 DPT=52802 LEN=32 Nov 9 05:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47150 SEQ=1 Nov 9 05:02:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7469 DF PROTO=TCP SPT=56429 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:02:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9277 PROTO=TCP SPT=49956 DPT=29701 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:02:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.24 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49895 DPT=9204 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:32 server83 pam_imunify_daemon.bin: time="2025-11-09T05:02:32+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 05:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4471 SEQ=1 Nov 9 05:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44628 SEQ=1 Nov 9 05:02:32 server83 letsencrypt.live.cgi: time="2025-11-09T05:02:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=uwbonline WantedNames="[]" Nov 9 05:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4228 SEQ=1 Nov 9 05:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44628 SEQ=1 Nov 9 05:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.40.216.95 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=44752 PROTO=TCP SPT=36868 DPT=20547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1876 SEQ=1 Nov 9 05:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38846 SEQ=1 Nov 9 05:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.157 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=34397 PROTO=TCP SPT=16709 DPT=12353 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:02:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62415 PROTO=TCP SPT=46370 DPT=2258 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:02:48 server83 letsencrypt.live.cgi: time="2025-11-09T05:02:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=autoint1 WantedNames="[]" Nov 9 05:02:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27744 PROTO=TCP SPT=50405 DPT=6894 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=905 SEQ=1 Nov 9 05:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54604 SEQ=1 Nov 9 05:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19790 SEQ=1 Nov 9 05:02:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28256 PROTO=TCP SPT=43008 DPT=1300 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40237 SEQ=1 Nov 9 05:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=49400 DF PROTO=ICMP TYPE=8 CODE=0 ID=35077 SEQ=58145 Nov 9 05:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45547 SEQ=1 Nov 9 05:02:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9229 PROTO=TCP SPT=43457 DPT=2747 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:02:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26117 PROTO=TCP SPT=36101 DPT=7952 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:02:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:03:01 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 05:03:01 server83 systemd: Started Session 306716 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306717 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306718 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306720 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306723 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306719 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306721 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306722 of user root. Nov 9 05:03:01 server83 systemd: Started Session 306724 of user root. Nov 9 05:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21509 SEQ=1 Nov 9 05:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15210 SEQ=1 Nov 9 05:03:03 server83 letsencrypt.live.cgi: time="2025-11-09T05:03:03+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=printportol WantedNames="[]" error="Account is suspended" Nov 9 05:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9088 SEQ=1 Nov 9 05:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15210 SEQ=1 Nov 9 05:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57166 SEQ=1 Nov 9 05:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48686 SEQ=1 Nov 9 05:03:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58512 PROTO=TCP SPT=57217 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.44 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=14620 PROTO=TCP SPT=60626 DPT=9660 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58513 PROTO=TCP SPT=57217 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40288 PROTO=TCP SPT=45942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58514 PROTO=TCP SPT=57217 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40289 PROTO=TCP SPT=45942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58515 PROTO=TCP SPT=57217 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40290 PROTO=TCP SPT=45942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58516 PROTO=TCP SPT=57217 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40292 PROTO=TCP SPT=45942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53278 SEQ=1 Nov 9 05:03:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.224.128.19 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=244 ID=60809 PROTO=TCP SPT=50176 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:03:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12436 SEQ=1 Nov 9 05:03:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.12 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=39022 PROTO=TCP SPT=26200 DPT=16091 WINDOW=38606 RES=0x00 SYN URGP=0 Nov 9 05:03:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54959 SEQ=1 Nov 9 05:03:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65401 SEQ=1 Nov 9 05:03:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20418 SEQ=1 Nov 9 05:03:18 server83 letsencrypt.live.cgi: time="2025-11-09T05:03:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=thefxtmtrade WantedNames="[]" Nov 9 05:03:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=35841 DF PROTO=TCP SPT=28373 DPT=22206 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:03:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12436 SEQ=1 Nov 9 05:03:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54959 SEQ=1 Nov 9 05:03:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=203.55.131.5 DST=51.210.113.204 LEN=36 TOS=0x08 PREC=0x20 TTL=48 ID=61443 PROTO=UDP SPT=36213 DPT=2152 LEN=16 Nov 9 05:03:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:03:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.85.254 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58059 DPT=2003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:03:34 server83 letsencrypt.live.cgi: time="2025-11-09T05:03:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aladdins WantedNames="[]" Nov 9 05:03:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44737 SEQ=1 Nov 9 05:03:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10262 SEQ=1 Nov 9 05:03:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10359 SEQ=1 Nov 9 05:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10262 SEQ=1 Nov 9 05:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44737 SEQ=1 Nov 9 05:03:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.155 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54329 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:03:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54843 PROTO=TCP SPT=37687 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54844 PROTO=TCP SPT=37687 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9673 PROTO=TCP SPT=55444 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54845 PROTO=TCP SPT=37687 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44283 PROTO=TCP SPT=49956 DPT=25393 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:03:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9674 PROTO=TCP SPT=55444 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:03:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.95.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=56439 DPT=2003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:03:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:03:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:03:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14812 SEQ=1 Nov 9 05:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41525 SEQ=1 Nov 9 05:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36699 SEQ=1 Nov 9 05:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36699 SEQ=1 Nov 9 05:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26366 SEQ=1 Nov 9 05:03:50 server83 letsencrypt.live.cgi: time="2025-11-09T05:03:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=paraskapoorji WantedNames="[]" Nov 9 05:03:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30651 SEQ=1 Nov 9 05:03:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.96 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=12656 PROTO=TCP SPT=18288 DPT=5698 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58872 SEQ=1 Nov 9 05:04:01 server83 systemd: Started Session 306725 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306728 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306726 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306729 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306727 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306731 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306732 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306730 of user root. Nov 9 05:04:01 server83 systemd: Started Session 306733 of user root. Nov 9 05:04:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50359 SEQ=1 Nov 9 05:04:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59525 SEQ=1 Nov 9 05:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6582 SEQ=1 Nov 9 05:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59525 SEQ=1 Nov 9 05:04:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3311 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:04:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36069 SEQ=1 Nov 9 05:04:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.251.247.153 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=19480 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:04:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47942 SEQ=1 Nov 9 05:04:05 server83 letsencrypt.live.cgi: time="2025-11-09T05:04:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=banklemassage WantedNames="[]" Nov 9 05:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.209 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=55828 DF PROTO=TCP SPT=44179 DPT=26 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:04:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25051 SEQ=1 Nov 9 05:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27890 SEQ=1 Nov 9 05:04:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3303 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:04:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.192 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53152 DPT=521 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:04:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62643 PROTO=TCP SPT=61234 DPT=5914 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:04:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.23 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50286 DPT=9455 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.19.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=58230 DPT=49145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.103 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=12697 PROTO=TCP SPT=43876 DPT=49145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:21 server83 letsencrypt.live.cgi: time="2025-11-09T05:04:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aarnabct WantedNames="[]" Nov 9 05:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36450 SEQ=1 Nov 9 05:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28027 SEQ=1 Nov 9 05:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56726 SEQ=1 Nov 9 05:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46081 SEQ=1 Nov 9 05:04:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61496 SEQ=1 Nov 9 05:04:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=1.0.0.1 DST=145.239.177.179 LEN=88 TOS=0x00 PREC=0x00 TTL=52 ID=475 DF PROTO=UDP SPT=53 DPT=41441 LEN=68 Nov 9 05:04:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49103 PROTO=TCP SPT=49872 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49104 PROTO=TCP SPT=49872 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3310 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:04:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22750 PROTO=TCP SPT=62337 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49105 PROTO=TCP SPT=49872 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:28 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 05:04:28 server83 systemd: Stopped Status Update Service. Nov 9 05:04:28 server83 systemd: Started Status Update Service. Nov 9 05:04:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22751 PROTO=TCP SPT=62337 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22752 PROTO=TCP SPT=62337 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27960 SEQ=1 Nov 9 05:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9801 SEQ=1 Nov 9 05:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27960 SEQ=1 Nov 9 05:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9801 SEQ=1 Nov 9 05:04:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22754 PROTO=TCP SPT=62337 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:04:34 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 05:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.163 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52117 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5111 PROTO=TCP SPT=55551 DPT=8622 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:36 server83 chronyd[800]: Can't synchronise: no majority Nov 9 05:04:36 server83 letsencrypt.live.cgi: time="2025-11-09T05:04:36+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=morrisasantiago WantedNames="[]" error="Account is suspended" Nov 9 05:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60932 SEQ=1 Nov 9 05:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2925 SEQ=1 Nov 9 05:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47031 SEQ=1 Nov 9 05:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21670 SEQ=1 Nov 9 05:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55656 SEQ=1 Nov 9 05:04:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:04:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37861 PROTO=TCP SPT=55410 DPT=4920 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.143 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=36655 PROTO=TCP SPT=62377 DPT=11103 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:04:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15066 SEQ=1 Nov 9 05:04:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13700 SEQ=1 Nov 9 05:04:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61233 SEQ=1 Nov 9 05:04:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.71 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=51916 PROTO=TCP SPT=41970 DPT=20006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:04:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45330 SEQ=1 Nov 9 05:04:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61233 SEQ=1 Nov 9 05:04:52 server83 letsencrypt.live.cgi: time="2025-11-09T05:04:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=scuintexpress WantedNames="[]" Nov 9 05:04:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50246 SEQ=1 Nov 9 05:04:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:04:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=200.9.154.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53826 DPT=9094 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.207.253.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42252 DPT=49145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4891] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4894] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4895] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4898] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4907] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4910] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:04:59 server83 NetworkManager[922]: <info> [1762644899.4933] dhcp4 (eth1): dhclient started with pid 22220 Nov 9 05:04:59 server83 dhclient[22220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x140d7ba9) Nov 9 05:05:01 server83 systemd: Started Session 306735 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306736 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306741 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306734 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306739 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306742 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306737 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306743 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306740 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306744 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306745 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306738 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306746 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306747 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306748 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306749 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306750 of user root. Nov 9 05:05:01 server83 systemd: Started Session 306751 of user root. Nov 9 05:05:02 server83 aibolit_wrapper[22718]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626449021722798.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626449021724720.txt --log=/tmp/malware_cleaner_log_17626449021726690.txt --progress=/tmp/malware_cleaner_progress_17626449021726156.json --csv_result=/tmp/revisium_csvfile_17626449021726382.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3537 SEQ=1 Nov 9 05:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23839 SEQ=1 Nov 9 05:05:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.246.17.53 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=24905 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:05:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.251.190.3 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=41356 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:05:05 server83 dhclient[22220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x140d7ba9) Nov 9 05:05:07 server83 letsencrypt.live.cgi: time="2025-11-09T05:05:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=santrealestate WantedNames="[]" Nov 9 05:05:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35597 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43801 SEQ=1 Nov 9 05:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21999 SEQ=1 Nov 9 05:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37090 SEQ=1 Nov 9 05:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24628 SEQ=1 Nov 9 05:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64017 SEQ=1 Nov 9 05:05:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:05:10 server83 chronyd[800]: Source 82.165.46.79 replaced with 79.143.250.33 Nov 9 05:05:13 server83 pam_imunify_daemon.bin: time="2025-11-09T05:05:13+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 05:05:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2389 Nov 9 05:05:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2489 Nov 9 05:05:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2589 Nov 9 05:05:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2689 Nov 9 05:05:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=2789 Nov 9 05:05:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.157 DST=51.210.113.204 LEN=30 TOS=0x00 PREC=0x00 TTL=35 ID=22765 PROTO=UDP SPT=20901 DPT=5632 LEN=10 Nov 9 05:05:16 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:05:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4304 SEQ=1 Nov 9 05:05:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=46774 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:19 server83 dhclient[22220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x140d7ba9) Nov 9 05:05:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.239 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52859 DPT=10006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35048 SEQ=1 Nov 9 05:05:20 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:05:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=26885 PROTO=TCP SPT=21459 DPT=5431 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:05:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.246 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54262 DPT=3333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.253.143 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=122 Nov 9 05:05:23 server83 letsencrypt.live.cgi: time="2025-11-09T05:05:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shrideviprasadma WantedNames="[]" Nov 9 05:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.159.164.125 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=11029 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=19394 Nov 9 05:05:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:05:27 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.253.143 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=25 SEQ=22979 Nov 9 05:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51775 DPT=21242 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:35 server83 aibolit_wrapper[27463]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626449355132010.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626449355133622.txt --log=/tmp/malware_cleaner_log_17626449355135362.txt --progress=/tmp/malware_cleaner_progress_17626449355134836.json --csv_result=/tmp/revisium_csvfile_17626449355135052.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:05:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14835 PROTO=TCP SPT=46904 DPT=4270 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57552 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63108 SEQ=1 Nov 9 05:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15784 SEQ=1 Nov 9 05:05:37 server83 chronyd[800]: Selected source 109.190.177.203 Nov 9 05:05:37 server83 dhclient[22220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x140d7ba9) Nov 9 05:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8199 SEQ=1 Nov 9 05:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50927 SEQ=1 Nov 9 05:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63108 SEQ=1 Nov 9 05:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50927 SEQ=1 Nov 9 05:05:39 server83 letsencrypt.live.cgi: time="2025-11-09T05:05:39+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=dreaming WantedNames="[]" error="Account is suspended" Nov 9 05:05:41 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:05:41 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:05:41 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:05:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5505 PROTO=TCP SPT=61234 DPT=5998 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:05:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:05:44 server83 NetworkManager[922]: <warn> [1762644944.4453] dhcp4 (eth1): request timed out Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4613] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22220 Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4613] dhcp4 (eth1): state changed timeout -> done Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4615] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:05:44 server83 NetworkManager[922]: <warn> [1762644944.4618] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4619] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4646] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4648] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4648] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4650] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4658] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4659] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:05:44 server83 NetworkManager[922]: <info> [1762644944.4667] dhcp4 (eth1): dhclient started with pid 28649 Nov 9 05:05:44 server83 dhclient[28649]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x64f6671f) Nov 9 05:05:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19999 PROTO=TCP SPT=57855 DPT=5498 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60919 PROTO=TCP SPT=43448 DPT=2685 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:05:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.sys: ProactiveModel.Host should not be empty Nov 9 05:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55734 SEQ=1 Nov 9 05:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26044 SEQ=1 Nov 9 05:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=286 SEQ=1 Nov 9 05:05:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54690 DPT=9050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:05:50 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 05:05:50 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 05:05:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:05:51 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:05:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:05:51 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 05:05:52 server83 dhclient[28649]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x64f6671f) Nov 9 05:05:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3302 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62569 SEQ=1 Nov 9 05:05:54 server83 letsencrypt.live.cgi: time="2025-11-09T05:05:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=justdigi WantedNames="[]" Nov 9 05:06:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12788 SEQ=1 Nov 9 05:06:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14807 SEQ=1 Nov 9 05:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:06:01 server83 systemd: Started Session 306752 of user root. Nov 9 05:06:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:06:01 server83 systemd: Started Session 306754 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306755 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306753 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306756 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306757 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306759 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306758 of user root. Nov 9 05:06:01 server83 systemd: Started Session 306760 of user root. Nov 9 05:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59203 SEQ=1 Nov 9 05:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63835 SEQ=1 Nov 9 05:06:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=48569 PROTO=TCP SPT=44628 DPT=34573 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:06:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64221 PROTO=TCP SPT=56949 DPT=8520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63835 SEQ=1 Nov 9 05:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=54939 DF PROTO=ICMP TYPE=8 CODE=0 ID=25592 SEQ=41992 Nov 9 05:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30593 SEQ=1 Nov 9 05:06:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.144.129.20 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=50545 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20740 Nov 9 05:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55975 SEQ=1 Nov 9 05:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5086 SEQ=1 Nov 9 05:06:07 server83 dhclient[28649]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x64f6671f) Nov 9 05:06:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3309 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:06:09 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 05:06:10 server83 letsencrypt.live.cgi: time="2025-11-09T05:06:10+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=adisonpower WantedNames="[]" error="Account is suspended" Nov 9 05:06:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.224.92.128 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33168 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=55327 PROTO=TCP SPT=40019 DPT=2006 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:06:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56139 SEQ=1 Nov 9 05:06:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33163 SEQ=1 Nov 9 05:06:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24126 SEQ=1 Nov 9 05:06:16 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:06:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1959 SEQ=1 Nov 9 05:06:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24126 SEQ=1 Nov 9 05:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=58677 DF PROTO=ICMP TYPE=8 CODE=0 ID=17741 SEQ=62796 Nov 9 05:06:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:06:20 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1959 SEQ=1 Nov 9 05:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16605 SEQ=1 Nov 9 05:06:25 server83 dhclient[28649]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x64f6671f) Nov 9 05:06:25 server83 letsencrypt.live.cgi: time="2025-11-09T05:06:25+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=enewdelhitaxicab WantedNames="[]" error="Account is suspended" Nov 9 05:06:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.5.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=3200 PROTO=TCP SPT=63981 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.5.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=3201 PROTO=TCP SPT=63981 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.179.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32909 PROTO=TCP SPT=41956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.5.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=3202 PROTO=TCP SPT=63981 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.105.182 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60768 DPT=9050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:29 server83 NetworkManager[922]: <warn> [1762644989.4514] dhcp4 (eth1): request timed out Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28649 Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4596] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:06:29 server83 NetworkManager[922]: <warn> [1762644989.4602] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4604] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4638] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4642] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4643] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4647] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4657] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4660] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:06:29 server83 NetworkManager[922]: <info> [1762644989.4672] dhcp4 (eth1): dhclient started with pid 2338 Nov 9 05:06:29 server83 dhclient[2338]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x555a1102) Nov 9 05:06:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.179.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32910 PROTO=TCP SPT=41956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.179.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32911 PROTO=TCP SPT=41956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.179.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32913 PROTO=TCP SPT=41956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:06:35 server83 dhclient[2338]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x555a1102) Nov 9 05:06:35 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 05:06:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64659 SEQ=1 Nov 9 05:06:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62822 SEQ=1 Nov 9 05:06:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23826 SEQ=1 Nov 9 05:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30480 SEQ=1 Nov 9 05:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18229 SEQ=1 Nov 9 05:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=55143 DF PROTO=ICMP TYPE=8 CODE=0 ID=21414 SEQ=36371 Nov 9 05:06:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:06:40 server83 letsencrypt.live.cgi: time="2025-11-09T05:06:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ubsservice WantedNames="[]" Nov 9 05:06:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=12263 PROTO=TCP SPT=61234 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:06:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41068 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52370 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=54310 DPT=6669 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=58995 DPT=6669 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:06:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:06:46 server83 dhclient[2338]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x555a1102) Nov 9 05:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=59560 DF PROTO=ICMP TYPE=8 CODE=0 ID=17741 SEQ=5716 Nov 9 05:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=46.250.172.130 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=8107 DF PROTO=ICMP TYPE=8 CODE=0 ID=19375 SEQ=30386 Nov 9 05:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55551 SEQ=1 Nov 9 05:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37513 SEQ=1 Nov 9 05:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40450 SEQ=1 Nov 9 05:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36835 SEQ=1 Nov 9 05:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25533 SEQ=1 Nov 9 05:06:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53134 DPT=48650 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:06:56 server83 letsencrypt.live.cgi: time="2025-11-09T05:06:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=websbook WantedNames="[]" Nov 9 05:07:00 server83 dhclient[2338]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x555a1102) Nov 9 05:07:01 server83 systemd: Started Session 306761 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306763 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306762 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306765 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306764 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306766 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306767 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306768 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306769 of user root. Nov 9 05:07:01 server83 systemd: Started Session 306770 of user root. Nov 9 05:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.233.237.191 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=44203 DF PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=3751 Nov 9 05:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.252.3.59 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=13217 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62175 SEQ=1 Nov 9 05:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27919 SEQ=1 Nov 9 05:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=647 PROTO=TCP SPT=50224 DPT=6669 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44167 PROTO=TCP SPT=34451 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37547 SEQ=1 Nov 9 05:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29639 DF PROTO=TCP SPT=50474 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44168 PROTO=TCP SPT=34451 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29640 DF PROTO=TCP SPT=50474 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27552 SEQ=1 Nov 9 05:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16802 PROTO=TCP SPT=56662 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:07:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4031 SEQ=1 Nov 9 05:07:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16804 PROTO=TCP SPT=56662 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:07:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16805 PROTO=TCP SPT=56662 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:07:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16806 PROTO=TCP SPT=56662 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29642 DF PROTO=TCP SPT=50474 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:14 server83 NetworkManager[922]: <warn> [1762645034.4433] dhcp4 (eth1): request timed out Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4433] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2338 Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:07:14 server83 NetworkManager[922]: <warn> [1762645034.4600] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4602] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4637] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4641] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4642] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4651] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4663] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4668] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:07:14 server83 NetworkManager[922]: <info> [1762645034.4680] dhcp4 (eth1): dhclient started with pid 7993 Nov 9 05:07:14 server83 dhclient[7993]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5b8572a4) Nov 9 05:07:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.111 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50101 DPT=48609 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:07:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:07:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.62 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56907 DPT=17518 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:07:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33294 SEQ=1 Nov 9 05:07:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31229 SEQ=1 Nov 9 05:07:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48974 SEQ=1 Nov 9 05:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29643 DF PROTO=TCP SPT=50474 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42239 SEQ=1 Nov 9 05:07:22 server83 dhclient[7993]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x5b8572a4) Nov 9 05:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6726 SEQ=1 Nov 9 05:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6726 SEQ=1 Nov 9 05:07:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24679 PROTO=TCP SPT=34869 DPT=4626 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59957 SEQ=1 Nov 9 05:07:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9535 PROTO=TCP SPT=40878 DPT=12339 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:07:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13976 SEQ=1 Nov 9 05:07:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17565 SEQ=1 Nov 9 05:07:32 server83 letsencrypt.live.cgi: time="2025-11-09T05:07:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=greecenewsblog WantedNames="[]" Nov 9 05:07:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35861 SEQ=1 Nov 9 05:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56694 SEQ=1 Nov 9 05:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56060 SEQ=1 Nov 9 05:07:34 server83 dhclient[7993]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x5b8572a4) Nov 9 05:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59074 PROTO=TCP SPT=35035 DPT=6978 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29644 DF PROTO=TCP SPT=50474 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15930 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15931 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15932 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:07:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15933 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:47 server83 letsencrypt.live.cgi: time="2025-11-09T05:07:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=innfutureexpo WantedNames="[]" Nov 9 05:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5720 SEQ=1 Nov 9 05:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38284 SEQ=1 Nov 9 05:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60094 SEQ=1 Nov 9 05:07:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32095 SEQ=1 Nov 9 05:07:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23979 SEQ=1 Nov 9 05:07:54 server83 dhclient[7993]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x5b8572a4) Nov 9 05:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15934 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:07:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:07:59 server83 NetworkManager[922]: <warn> [1762645079.4513] dhcp4 (eth1): request timed out Nov 9 05:07:59 server83 NetworkManager[922]: <info> [1762645079.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:07:59 server83 NetworkManager[922]: <info> [1762645079.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7993 Nov 9 05:07:59 server83 NetworkManager[922]: <info> [1762645079.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 05:07:59 server83 NetworkManager[922]: <info> [1762645079.4676] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:07:59 server83 NetworkManager[922]: <warn> [1762645079.4679] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:07:59 server83 NetworkManager[922]: <info> [1762645079.4680] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:08:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.149 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=565 PROTO=TCP SPT=48630 DPT=33086 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:08:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24063 PROTO=TCP SPT=58603 DPT=13389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:08:01 server83 systemd: Started Session 306772 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306774 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306771 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306775 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306776 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306773 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306777 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306778 of user root. Nov 9 05:08:01 server83 systemd: Started Session 306779 of user root. Nov 9 05:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37606 SEQ=1 Nov 9 05:08:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=107.150.105.5 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=6776 DF PROTO=TCP SPT=46616 DPT=2924 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52452 SEQ=1 Nov 9 05:08:03 server83 letsencrypt.live.cgi: time="2025-11-09T05:08:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=olive WantedNames="[]" Nov 9 05:08:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.125.135 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=17776 PROTO=TCP SPT=47160 DPT=11740 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:08:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13019 SEQ=1 Nov 9 05:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14466 SEQ=1 Nov 9 05:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16851 SEQ=1 Nov 9 05:08:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.144.239.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44360 DPT=5631 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37606 SEQ=1 Nov 9 05:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19330 SEQ=1 Nov 9 05:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12651 SEQ=1 Nov 9 05:08:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29645 DF PROTO=TCP SPT=50474 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15935 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:08:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=1957 PROTO=TCP SPT=36676 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=1958 PROTO=TCP SPT=36676 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52321 PROTO=TCP SPT=50187 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=1959 PROTO=TCP SPT=36676 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52322 PROTO=TCP SPT=50187 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=1960 PROTO=TCP SPT=36676 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11920 SEQ=1 Nov 9 05:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17906 SEQ=1 Nov 9 05:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64627 SEQ=1 Nov 9 05:08:19 server83 letsencrypt.live.cgi: time="2025-11-09T05:08:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mahilasevasadan WantedNames="[]" Nov 9 05:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52323 PROTO=TCP SPT=50187 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22527 SEQ=1 Nov 9 05:08:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=62352 DF PROTO=ICMP TYPE=8 CODE=0 ID=53753 SEQ=42791 Nov 9 05:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 05:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 05:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52325 PROTO=TCP SPT=50187 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:08:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44329 SEQ=1 Nov 9 05:08:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.136 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=37648 DF PROTO=TCP SPT=59052 DPT=7230 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:08:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.255.93.139 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=47005 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=12783 Nov 9 05:08:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.237.85.21 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=35304 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=19394 Nov 9 05:08:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7473 DF PROTO=TCP SPT=50944 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24315 DF PROTO=TCP SPT=44000 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:08:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7476 DF PROTO=TCP SPT=51129 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18035 SEQ=1 Nov 9 05:08:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7477 DF PROTO=TCP SPT=50944 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:08:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7478 DF PROTO=TCP SPT=51129 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:08:35 server83 letsencrypt.live.cgi: time="2025-11-09T05:08:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=syedtutors WantedNames="[]" Nov 9 05:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24316 DF PROTO=TCP SPT=44000 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40357 SEQ=1 Nov 9 05:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61934 SEQ=1 Nov 9 05:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9803 SEQ=1 Nov 9 05:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55080 SEQ=1 Nov 9 05:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20187 SEQ=1 Nov 9 05:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7479 DF PROTO=TCP SPT=51129 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54462 DPT=11551 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:08:42 server83 scripts.sh: Sun Nov 9 05:08:42 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 05:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.14 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=7234 DF PROTO=TCP SPT=14840 DPT=86 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65434 PROTO=TCP SPT=49956 DPT=28953 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=57632 PROTO=TCP SPT=21459 DPT=5500 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:08:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15936 DF PROTO=TCP SPT=54312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:08:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:08:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51523 SEQ=1 Nov 9 05:08:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4848 SEQ=1 Nov 9 05:08:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52563 SEQ=1 Nov 9 05:08:50 server83 letsencrypt.live.cgi: time="2025-11-09T05:08:50+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=shrikrishnaengg WantedNames="[]" error="Account is suspended" Nov 9 05:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30441 SEQ=1 Nov 9 05:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=63321 DF PROTO=ICMP TYPE=8 CODE=0 ID=41205 SEQ=25903 Nov 9 05:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24317 DF PROTO=TCP SPT=44000 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31225 SEQ=1 Nov 9 05:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52747 SEQ=1 Nov 9 05:08:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:08:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.41.205 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=7588 DF PROTO=TCP SPT=36821 DPT=23294 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:08:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.253 DST=51.210.113.204 LEN=42 TOS=0x00 PREC=0x00 TTL=35 ID=38525 PROTO=UDP SPT=19486 DPT=8301 LEN=22 Nov 9 05:09:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18930 PROTO=TCP SPT=45082 DPT=19317 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:09:01 server83 systemd: Started Session 306781 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306782 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306783 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306785 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306780 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306787 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306786 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306784 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306788 of user root. Nov 9 05:09:01 server83 systemd: Started Session 306789 of user root. Nov 9 05:09:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11061 SEQ=1 Nov 9 05:09:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62309 SEQ=1 Nov 9 05:09:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18714 SEQ=1 Nov 9 05:09:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47517 SEQ=1 Nov 9 05:09:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18950 SEQ=1 Nov 9 05:09:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.255.215.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=58870 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:09:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43099 SEQ=1 Nov 9 05:09:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.49.234 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=32631 DF PROTO=ICMP TYPE=8 CODE=0 ID=37474 SEQ=49455 Nov 9 05:09:05 server83 letsencrypt.live.cgi: time="2025-11-09T05:09:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gpto WantedNames="[]" Nov 9 05:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23445 SEQ=1 Nov 9 05:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49245 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.77 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=5501 PROTO=TCP SPT=65508 DPT=1424 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:09:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49246 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55404 SEQ=1 Nov 9 05:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.243.63 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=48675 DPT=8401 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49247 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.247 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50663 DPT=4913 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49248 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7876 SEQ=1 Nov 9 05:09:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25667 SEQ=1 Nov 9 05:09:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25667 SEQ=1 Nov 9 05:09:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18706 SEQ=1 Nov 9 05:09:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3307 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:09:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7480 DF PROTO=TCP SPT=65074 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7674 SEQ=1 Nov 9 05:09:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7481 DF PROTO=TCP SPT=65074 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=62521 PROTO=TCP SPT=58294 DPT=1723 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:09:21 server83 letsencrypt.live.cgi: time="2025-11-09T05:09:21+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=falconglobal WantedNames="[]" error="Account is suspended" Nov 9 05:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18706 SEQ=1 Nov 9 05:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35212 SEQ=1 Nov 9 05:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59725 PROTO=TCP SPT=43441 DPT=5720 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49249 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7482 DF PROTO=TCP SPT=65074 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24318 DF PROTO=TCP SPT=44000 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7483 DF PROTO=TCP SPT=65074 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.83.150.79 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=27114 PROTO=TCP SPT=43479 DPT=11740 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=61236 DF PROTO=ICMP TYPE=8 CODE=0 ID=34477 SEQ=6073 Nov 9 05:09:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7484 DF PROTO=TCP SPT=65074 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28006 PROTO=TCP SPT=48910 DPT=4550 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:09:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.114.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50222 DPT=8401 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:09:36 server83 letsencrypt.live.cgi: time="2025-11-09T05:09:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=topsignalservice WantedNames="[]" Nov 9 05:09:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29192 SEQ=1 Nov 9 05:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29204 SEQ=1 Nov 9 05:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29204 SEQ=1 Nov 9 05:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49250 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31476 SEQ=1 Nov 9 05:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31476 SEQ=1 Nov 9 05:09:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.127 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=43329 DPT=3478 LEN=28 Nov 9 05:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7575 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7576 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7577 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.26.10.7 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=122 ID=21053 PROTO=TCP SPT=22077 DPT=13209 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.26.10.7 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=122 ID=21053 PROTO=TCP SPT=22077 DPT=13209 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:09:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.24.237.172 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40947 PROTO=TCP SPT=54634 DPT=20070 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7578 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14320 SEQ=1 Nov 9 05:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44441 SEQ=1 Nov 9 05:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47364 SEQ=1 Nov 9 05:09:52 server83 letsencrypt.live.cgi: time="2025-11-09T05:09:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=growadve WantedNames="[]" Nov 9 05:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64221 SEQ=1 Nov 9 05:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58099 SEQ=1 Nov 9 05:09:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47666 PROTO=TCP SPT=61234 DPT=5904 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12683 SEQ=1 Nov 9 05:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7579 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:09:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52823 PROTO=TCP SPT=57143 DPT=8617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:09:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=48.217.83.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=52569 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37950 PROTO=TCP SPT=45082 DPT=4882 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:10:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6066 PROTO=TCP SPT=46370 DPT=2386 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:10:01 server83 systemd: Started Session 306790 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306793 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306794 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306792 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306791 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306795 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306796 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306797 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306798 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306802 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306803 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306804 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306801 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306800 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306799 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306805 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306806 of user root. Nov 9 05:10:01 server83 systemd: Started Session 306807 of user root. Nov 9 05:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51794 SEQ=1 Nov 9 05:10:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7485 DF PROTO=TCP SPT=49769 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:10:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7486 DF PROTO=TCP SPT=49769 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:10:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.254.185.87 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=50521 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:10:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51794 SEQ=1 Nov 9 05:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29254 SEQ=1 Nov 9 05:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51451 SEQ=1 Nov 9 05:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=105 SEQ=1 Nov 9 05:10:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7487 DF PROTO=TCP SPT=49769 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:10:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59567 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:08 server83 letsencrypt.live.cgi: time="2025-11-09T05:10:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kamalautotata WantedNames="[]" Nov 9 05:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54648 SEQ=1 Nov 9 05:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39543 SEQ=1 Nov 9 05:10:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=56626 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7488 DF PROTO=TCP SPT=49769 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:10:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49251 DF PROTO=TCP SPT=51662 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7580 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=29072 PROTO=TCP SPT=44912 DPT=46039 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:10:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45663 SEQ=1 Nov 9 05:10:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:10:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29376 SEQ=1 Nov 9 05:10:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7489 DF PROTO=TCP SPT=49769 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:10:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.56.61.130 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=60106 PROTO=TCP SPT=35255 DPT=12580 WINDOW=63880 RES=0x00 SYN URGP=0 Nov 9 05:10:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=1986 PROTO=TCP SPT=56765 DPT=8309 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:10:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.210 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56238 DPT=4222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33069 DF PROTO=TCP SPT=59428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:10:21 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33070 DF PROTO=TCP SPT=59428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29712 SEQ=1 Nov 9 05:10:23 server83 letsencrypt.live.cgi: time="2025-11-09T05:10:23+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=delhiprivatetaxi WantedNames="[]" error="Account is suspended" Nov 9 05:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33071 DF PROTO=TCP SPT=59428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3643 SEQ=1 Nov 9 05:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21933 SEQ=1 Nov 9 05:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16877 SEQ=1 Nov 9 05:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16877 SEQ=1 Nov 9 05:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33072 DF PROTO=TCP SPT=59428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25081 PROTO=TCP SPT=36785 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25082 PROTO=TCP SPT=36785 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18621 SEQ=1 Nov 9 05:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12435 SEQ=1 Nov 9 05:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=149.232.128.189 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=46625 DF PROTO=ICMP TYPE=8 CODE=0 ID=53409 SEQ=64446 Nov 9 05:10:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49593 PROTO=TCP SPT=54469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10114 SEQ=1 Nov 9 05:10:32 server83 chronyd[800]: Selected source 79.143.250.33 Nov 9 05:10:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49594 PROTO=TCP SPT=54469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53064 SEQ=1 Nov 9 05:10:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49595 PROTO=TCP SPT=54469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25085 PROTO=TCP SPT=36785 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49596 PROTO=TCP SPT=54469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49597 PROTO=TCP SPT=54469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33073 DF PROTO=TCP SPT=59428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:38 server83 letsencrypt.live.cgi: time="2025-11-09T05:10:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=onlinebkexpress WantedNames="[]" Nov 9 05:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13858 SEQ=1 Nov 9 05:10:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.3 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49302 DPT=7100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=37017 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45356 PROTO=TCP SPT=56949 DPT=8516 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:10:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7581 DF PROTO=TCP SPT=56760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:10:46 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:10:46 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:10:46 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:10:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.16.86 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=535 PROTO=TCP SPT=59428 DPT=2500 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:10:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:10:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:10:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:10:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.51 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=18898 PROTO=TCP SPT=53281 DPT=2484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:10:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.136 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59880 PROTO=TCP SPT=12150 DPT=503 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49487 SEQ=1 Nov 9 05:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39125 SEQ=1 Nov 9 05:10:50 server83 systemd: Started Session c2833 of user root. Nov 9 05:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7754 SEQ=1 Nov 9 05:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.42.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46756 DPT=8066 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:10:51 server83 scripts.sh: Load Average: 2.99 , 3.46 Nov 9 05:10:51 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:10:51 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:10:51 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:10:51 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:10:51 server83 scripts.sh: MySQL Status: active Nov 9 05:10:51 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:10:51 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:10:51 server83 scripts.sh: SSHD Status: active Nov 9 05:10:51 server83 scripts.sh: FTP Status: active Nov 9 05:10:51 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:10:51 server83 scripts.sh: Imunify Status: Active Nov 9 05:10:51 server83 scripts.sh: cPanel Status: active Nov 9 05:10:51 server83 scripts.sh: Memory Status: 12/31 GB - 41.18% Nov 9 05:10:51 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:10:51 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:10:51 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.24 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=53448 PROTO=TCP SPT=9964 DPT=2003 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:10:54 server83 pam_imunify_daemon.bin: time="2025-11-09T05:10:54+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 05:10:54 server83 letsencrypt.live.cgi: time="2025-11-09T05:10:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=doctorpradip WantedNames="[]" Nov 9 05:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5812 SEQ=1 Nov 9 05:10:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3498 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:11:01 server83 systemd: Started Session 306809 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306808 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306813 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306814 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306815 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306816 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306810 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306811 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306812 of user root. Nov 9 05:11:01 server83 systemd: Started Session 306817 of user root. Nov 9 05:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36521 SEQ=1 Nov 9 05:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44292 SEQ=1 Nov 9 05:11:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=325 SEQ=1 Nov 9 05:11:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57480 SEQ=1 Nov 9 05:11:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63208 PROTO=TCP SPT=49956 DPT=26034 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:11:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=63.35.248.115 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=34159 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:11:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.215.187.240 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=8019 DF PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=3751 Nov 9 05:11:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.255.181.194 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=64918 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22349 SEQ=1 Nov 9 05:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.175.18.56 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=39347 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20740 Nov 9 05:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60142 SEQ=1 Nov 9 05:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25653 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:10 server83 letsencrypt.live.cgi: time="2025-11-09T05:11:10+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=indiabyprivatedr WantedNames="[]" error="Account is suspended" Nov 9 05:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=8691 PROTO=TCP SPT=56972 DPT=8414 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25654 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25655 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57450 PROTO=TCP SPT=56617 DPT=5277 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.104 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50285 DPT=30083 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25656 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.72 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54535 DPT=3929 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46633 SEQ=1 Nov 9 05:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33220 SEQ=1 Nov 9 05:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46517 SEQ=1 Nov 9 05:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41961 SEQ=1 Nov 9 05:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46517 SEQ=1 Nov 9 05:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40495 SEQ=1 Nov 9 05:11:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=19558 PROTO=TCP SPT=50715 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36077 SEQ=1 Nov 9 05:11:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3304 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25657 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33075 DF PROTO=TCP SPT=59428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:25 server83 letsencrypt.live.cgi: time="2025-11-09T05:11:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=greensamabay WantedNames="[]" Nov 9 05:11:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=31567 DF PROTO=ICMP TYPE=8 CODE=0 ID=8914 SEQ=54460 Nov 9 05:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33949 DPT=8066 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.163.14.234 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=49599 PROTO=TCP SPT=49212 DPT=7001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:11:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.248.25 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=50539 PROTO=TCP SPT=58809 DPT=2085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6710 PROTO=TCP SPT=49956 DPT=29343 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:11:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63402 SEQ=1 Nov 9 05:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17480 SEQ=1 Nov 9 05:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41746 SEQ=1 Nov 9 05:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17480 SEQ=1 Nov 9 05:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41070 SEQ=1 Nov 9 05:11:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.143 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=56373 PROTO=TCP SPT=49884 DPT=8066 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25658 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:41 server83 letsencrypt.live.cgi: time="2025-11-09T05:11:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sntcollege WantedNames="[]" Nov 9 05:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.106.186.120 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=56451 DPT=9990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26220 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26221 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.106.201 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=44590 DPT=9990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26222 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:11:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:11:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21748 SEQ=1 Nov 9 05:11:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.120.89 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=6586 DF PROTO=TCP SPT=38490 DPT=6998 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26223 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:11:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47761 SEQ=1 Nov 9 05:11:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:11:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53357 SEQ=1 Nov 9 05:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21748 SEQ=1 Nov 9 05:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56912 SEQ=1 Nov 9 05:11:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.5 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=30459 DF PROTO=TCP SPT=21409 DPT=9236 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:11:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=14232 PROTO=TCP SPT=47254 DPT=39040 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26224 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:01 server83 systemd: Started Session 306818 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306819 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306820 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306823 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306821 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306824 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306825 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306822 of user root. Nov 9 05:12:01 server83 systemd: Started Session 306826 of user root. Nov 9 05:12:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26281 SEQ=1 Nov 9 05:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=98.84.115.6 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=40604 DF PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=3751 Nov 9 05:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.251.190.3 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=16233 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46077 SEQ=1 Nov 9 05:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13235 SEQ=1 Nov 9 05:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55909 SEQ=1 Nov 9 05:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46077 SEQ=1 Nov 9 05:12:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35401 PROTO=TCP SPT=61234 DPT=5905 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:12:14 server83 aibolit_wrapper[2861]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626453341553066.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626453341554804.txt --log=/tmp/malware_cleaner_log_17626453341556682.txt --progress=/tmp/malware_cleaner_progress_17626453341556246.json --csv_result=/tmp/revisium_csvfile_17626453341556466.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25659 DF PROTO=TCP SPT=52734 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26225 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.129.154 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=4037 DF PROTO=TCP SPT=42393 DPT=10260 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:12:16 server83 letsencrypt.live.cgi: time="2025-11-09T05:12:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=premiumfinunion WantedNames="[]" Nov 9 05:12:17 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 05:12:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63064 SEQ=1 Nov 9 05:12:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.100.187 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=46942 DF PROTO=TCP SPT=47966 DPT=10417 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 05:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33054 SEQ=1 Nov 9 05:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63064 SEQ=1 Nov 9 05:12:21 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:12:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2199 SEQ=1 Nov 9 05:12:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=15105 PROTO=TCP SPT=53857 DPT=44348 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62803 SEQ=1 Nov 9 05:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52255 SEQ=1 Nov 9 05:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23280 PROTO=TCP SPT=44644 DPT=48094 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23604 DF PROTO=TCP SPT=46638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23605 DF PROTO=TCP SPT=46638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.240.205.34 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=109 ID=3974 PROTO=TCP SPT=23978 DPT=3460 WINDOW=64025 RES=0x00 SYN URGP=0 Nov 9 05:12:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.204.138.152 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=64955 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=19394 Nov 9 05:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23606 DF PROTO=TCP SPT=46638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.115 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=20161 DF PROTO=TCP SPT=56840 DPT=4343 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:12:28 server83 aibolit_wrapper[3210]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626453484221156.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626453484222622.txt --log=/tmp/malware_cleaner_log_17626453484223992.txt --progress=/tmp/malware_cleaner_progress_17626453484223616.json --csv_result=/tmp/revisium_csvfile_17626453484223778.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:12:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55265 PROTO=TCP SPT=51680 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:12:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55266 PROTO=TCP SPT=51680 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:12:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28690 PROTO=TCP SPT=40653 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:12:32 server83 letsencrypt.live.cgi: time="2025-11-09T05:12:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=taxihireinjaipur WantedNames="[]" error="Account is suspended" Nov 9 05:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19817 SEQ=1 Nov 9 05:12:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28692 PROTO=TCP SPT=40653 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:12:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28693 PROTO=TCP SPT=40653 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:12:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51856 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:12:37 server83 aibolit_wrapper[3409]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626453571786736.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626453571788424.txt --log=/tmp/malware_cleaner_log_17626453571789942.txt --progress=/tmp/malware_cleaner_progress_17626453571789558.json --csv_result=/tmp/revisium_csvfile_17626453571789734.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=63331 PROTO=TCP SPT=61234 DPT=5916 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:12:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19885 SEQ=1 Nov 9 05:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23608 DF PROTO=TCP SPT=46638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39272 SEQ=1 Nov 9 05:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64913 SEQ=1 Nov 9 05:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12063 SEQ=1 Nov 9 05:12:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.152 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50369 DPT=1822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22354 SEQ=1 Nov 9 05:12:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=22461 PROTO=TCP SPT=21459 DPT=8004 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:12:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:12:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26226 DF PROTO=TCP SPT=43582 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:47 server83 letsencrypt.live.cgi: time="2025-11-09T05:12:47+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=kudaipurprivatet WantedNames="[]" error="Account is suspended" Nov 9 05:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.184 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=16766 DF PROTO=TCP SPT=49424 DPT=22084 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39822 SEQ=1 Nov 9 05:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58797 SEQ=1 Nov 9 05:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19537 SEQ=1 Nov 9 05:12:52 server83 aibolit_wrapper[3664]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626453724347038.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626453724348790.txt --log=/tmp/malware_cleaner_log_17626453724350408.txt --progress=/tmp/malware_cleaner_progress_17626453724349946.json --csv_result=/tmp/revisium_csvfile_17626453724350116.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:12:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21931 PROTO=TCP SPT=43457 DPT=2698 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50768 SEQ=1 Nov 9 05:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39822 SEQ=1 Nov 9 05:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39473 SEQ=1 Nov 9 05:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23609 DF PROTO=TCP SPT=46638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:12:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.19.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=59043 DPT=18004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:12:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.203 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=20359 DF PROTO=TCP SPT=59770 DPT=2525 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4487] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4492] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4493] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4497] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4507] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4509] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:12:59 server83 NetworkManager[922]: <info> [1762645379.4525] dhcp4 (eth1): dhclient started with pid 3758 Nov 9 05:12:59 server83 dhclient[3758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x2db5ac32) Nov 9 05:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:13:01 server83 systemd: Started Session 306827 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306829 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306828 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306830 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306831 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306832 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306833 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306835 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306836 of user root. Nov 9 05:13:01 server83 systemd: Started Session 306834 of user root. Nov 9 05:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:13:02 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 05:13:02 server83 letsencrypt.live.cgi: time="2025-11-09T05:13:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=singhaniagroup WantedNames="[]" Nov 9 05:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55477 DPT=9118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.255.215.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=7936 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60025 SEQ=1 Nov 9 05:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50045 SEQ=1 Nov 9 05:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50920 SEQ=1 Nov 9 05:13:05 server83 dhclient[3758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2db5ac32) Nov 9 05:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17073 SEQ=1 Nov 9 05:13:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.48 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53086 DPT=8602 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15900 SEQ=1 Nov 9 05:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17173 SEQ=1 Nov 9 05:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.143 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=20074 PROTO=TCP SPT=58476 DPT=18004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52781 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5067 PROTO=TCP SPT=46370 DPT=2066 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52782 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:13 server83 dhclient[3758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x2db5ac32) Nov 9 05:13:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52783 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1080 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:13:16 server83 aibolit_wrapper[4296]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626453966756192.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626453966758402.txt --log=/tmp/malware_cleaner_log_17626453966760426.txt --progress=/tmp/malware_cleaner_progress_17626453966759894.json --csv_result=/tmp/revisium_csvfile_17626453966760118.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:13:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4057 PROTO=TCP SPT=46370 DPT=1146 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:13:17 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:13:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44906 SEQ=1 Nov 9 05:13:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16514 SEQ=1 Nov 9 05:13:18 server83 letsencrypt.live.cgi: time="2025-11-09T05:13:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=askourtechs WantedNames="[]" Nov 9 05:13:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54161 SEQ=1 Nov 9 05:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52784 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:21 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:13:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18593 SEQ=1 Nov 9 05:13:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37639 PROTO=TCP SPT=47126 DPT=9863 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56628 SEQ=1 Nov 9 05:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.237.127.93 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=2933 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20740 Nov 9 05:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39251 SEQ=1 Nov 9 05:13:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52569 PROTO=TCP SPT=52866 DPT=22000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=29047 PROTO=TCP SPT=44611 DPT=28197 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52785 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23610 DF PROTO=TCP SPT=46638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:29 server83 aibolit_wrapper[4545]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626454099709354.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626454099710422.txt --log=/tmp/malware_cleaner_log_17626454099711334.txt --progress=/tmp/malware_cleaner_progress_17626454099711086.json --csv_result=/tmp/revisium_csvfile_17626454099711194.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:13:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59059 PROTO=TCP SPT=58603 DPT=13389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:13:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:13:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:13:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7490 DF PROTO=TCP SPT=53393 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:13:32 server83 dhclient[3758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x2db5ac32) Nov 9 05:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57785 SEQ=1 Nov 9 05:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55734 SEQ=1 Nov 9 05:13:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7491 DF PROTO=TCP SPT=53393 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:13:33 server83 letsencrypt.live.cgi: time="2025-11-09T05:13:33+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bhandardaralakes WantedNames="[]" error="Account is suspended" Nov 9 05:13:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7492 DF PROTO=TCP SPT=53393 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:13:35 server83 aibolit_wrapper[4722]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626454157118728.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626454157119870.txt --log=/tmp/malware_cleaner_log_17626454157121146.txt --progress=/tmp/malware_cleaner_progress_17626454157120824.json --csv_result=/tmp/revisium_csvfile_17626454157120970.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:13:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42245 SEQ=1 Nov 9 05:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27149 SEQ=1 Nov 9 05:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39826 SEQ=1 Nov 9 05:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9957 SEQ=1 Nov 9 05:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42245 SEQ=1 Nov 9 05:13:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7493 DF PROTO=TCP SPT=53393 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:13:39 server83 aibolit_wrapper[4826]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626454199324906.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626454199326864.txt --log=/tmp/malware_cleaner_log_17626454199329090.txt --progress=/tmp/malware_cleaner_progress_17626454199328464.json --csv_result=/tmp/revisium_csvfile_17626454199328740.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:13:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52074 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52786 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:44 server83 NetworkManager[922]: <warn> [1762645424.4401] dhcp4 (eth1): request timed out Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4401] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4480] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3758 Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4480] dhcp4 (eth1): state changed timeout -> done Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4481] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:13:44 server83 NetworkManager[922]: <warn> [1762645424.4485] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4486] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4515] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4517] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4518] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4520] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4529] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4531] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:13:44 server83 NetworkManager[922]: <info> [1762645424.4540] dhcp4 (eth1): dhclient started with pid 4918 Nov 9 05:13:44 server83 dhclient[4918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x7df3f23) Nov 9 05:13:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3497 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:13:45 server83 aibolit_wrapper[4953]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626454259849878.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626454259850866.txt --log=/tmp/malware_cleaner_log_17626454259851902.txt --progress=/tmp/malware_cleaner_progress_17626454259851632.json --csv_result=/tmp/revisium_csvfile_17626454259851748.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22847 DF PROTO=TCP SPT=53252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22848 DF PROTO=TCP SPT=53252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.128.242.174 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=23691 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7494 DF PROTO=TCP SPT=53393 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:13:49 server83 letsencrypt.live.cgi: time="2025-11-09T05:13:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=naisochn WantedNames="[]" Nov 9 05:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22849 DF PROTO=TCP SPT=53252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60846 SEQ=1 Nov 9 05:13:50 server83 aibolit_wrapper[5186]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626454302915380.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626454302916738.txt --log=/tmp/malware_cleaner_log_17626454302918374.txt --progress=/tmp/malware_cleaner_progress_17626454302917932.json --csv_result=/tmp/revisium_csvfile_17626454302918144.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:13:50 server83 dhclient[4918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7df3f23) Nov 9 05:13:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7708 SEQ=1 Nov 9 05:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54854 SEQ=1 Nov 9 05:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8907 SEQ=1 Nov 9 05:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64939 SEQ=1 Nov 9 05:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22850 DF PROTO=TCP SPT=53252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:13:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.84.147 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=14795 PROTO=TCP SPT=56426 DPT=2088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:13:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45182 SEQ=1 Nov 9 05:13:57 server83 dhclient[4918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7df3f23) Nov 9 05:13:58 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 05:13:58 server83 systemd: Stopped Status Update Service. Nov 9 05:13:58 server83 systemd: Started Status Update Service. Nov 9 05:14:01 server83 systemd: Started Session 306837 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306838 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306839 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306840 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306841 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306844 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306845 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306842 of user root. Nov 9 05:14:01 server83 systemd: Started Session 306843 of user root. Nov 9 05:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35876 PROTO=TCP SPT=43457 DPT=2582 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22851 DF PROTO=TCP SPT=53252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54108 SEQ=1 Nov 9 05:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59021 SEQ=1 Nov 9 05:14:04 server83 dhclient[4918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7df3f23) Nov 9 05:14:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.237.132.65 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=40543 PROTO=TCP SPT=37772 DPT=5839 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:14:04 server83 letsencrypt.live.cgi: time="2025-11-09T05:14:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sintechmachinery WantedNames="[]" Nov 9 05:14:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.168 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55639 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47858 SEQ=1 Nov 9 05:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.245.114.52 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=57583 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25021 SEQ=1 Nov 9 05:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59021 SEQ=1 Nov 9 05:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.252.184.97 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=17303 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:14:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=1.0.0.1 DST=51.210.113.204 LEN=104 TOS=0x00 PREC=0x00 TTL=52 ID=19314 DF PROTO=UDP SPT=53 DPT=41588 LEN=84 Nov 9 05:14:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17120 PROTO=TCP SPT=47263 DPT=1030 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50646 SEQ=1 Nov 9 05:14:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23424 PROTO=TCP SPT=46370 DPT=2674 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:14:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41917 SEQ=1 Nov 9 05:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=42952 PROTO=TCP SPT=55009 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52787 DF PROTO=TCP SPT=36532 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:17 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:14:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65060 SEQ=1 Nov 9 05:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22852 DF PROTO=TCP SPT=53252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14842 SEQ=1 Nov 9 05:14:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38679 SEQ=1 Nov 9 05:14:19 server83 dhclient[4918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x7df3f23) Nov 9 05:14:20 server83 letsencrypt.live.cgi: time="2025-11-09T05:14:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bramhade WantedNames="[]" Nov 9 05:14:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16617 SEQ=1 Nov 9 05:14:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=38479 DPT=10086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:14:21 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65060 SEQ=1 Nov 9 05:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16617 SEQ=1 Nov 9 05:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10822 SEQ=1 Nov 9 05:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6361 DF PROTO=TCP SPT=43814 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6362 DF PROTO=TCP SPT=43814 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6363 DF PROTO=TCP SPT=43814 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:29 server83 NetworkManager[922]: <warn> [1762645469.4493] dhcp4 (eth1): request timed out Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4493] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4577] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4918 Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4577] dhcp4 (eth1): state changed timeout -> done Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4579] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:14:29 server83 NetworkManager[922]: <warn> [1762645469.4584] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4586] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4618] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4622] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4623] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4626] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4636] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4639] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:14:29 server83 NetworkManager[922]: <info> [1762645469.4649] dhcp4 (eth1): dhclient started with pid 5949 Nov 9 05:14:29 server83 dhclient[5949]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x1e7ea898) Nov 9 05:14:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6364 DF PROTO=TCP SPT=43814 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3496 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:14:34 server83 dhclient[5949]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1e7ea898) Nov 9 05:14:35 server83 letsencrypt.live.cgi: time="2025-11-09T05:14:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=priyadarshini WantedNames="[]" Nov 9 05:14:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7495 DF PROTO=TCP SPT=54958 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28903 SEQ=1 Nov 9 05:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57322 SEQ=1 Nov 9 05:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33624 SEQ=1 Nov 9 05:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33457 SEQ=1 Nov 9 05:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1237 SEQ=1 Nov 9 05:14:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7496 DF PROTO=TCP SPT=54958 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.128 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=3303 DF PROTO=TCP SPT=34944 DPT=593 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7497 DF PROTO=TCP SPT=54958 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:14:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.128 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=3304 DF PROTO=TCP SPT=34944 DPT=593 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=24782 PROTO=TCP SPT=56033 DPT=7700 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6365 DF PROTO=TCP SPT=43814 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:14:42 server83 dhclient[5949]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1e7ea898) Nov 9 05:14:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.128 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=3305 DF PROTO=TCP SPT=34944 DPT=593 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:14:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=39620 PROTO=TCP SPT=47263 DPT=20359 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:14:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.128 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=3306 DF PROTO=TCP SPT=34944 DPT=593 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:14:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57107 SEQ=1 Nov 9 05:14:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23324 SEQ=1 Nov 9 05:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.114 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=20588 DF PROTO=TCP SPT=60689 DPT=4377 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:14:50 server83 dhclient[5949]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1e7ea898) Nov 9 05:14:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7499 DF PROTO=TCP SPT=54958 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:14:51 server83 letsencrypt.live.cgi: time="2025-11-09T05:14:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=demoice WantedNames="[]" Nov 9 05:14:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18863 PROTO=TCP SPT=61234 DPT=5987 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18044 SEQ=1 Nov 9 05:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50026 SEQ=1 Nov 9 05:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=24628 DF PROTO=ICMP TYPE=8 CODE=0 ID=7004 SEQ=43767 Nov 9 05:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38000 SEQ=1 Nov 9 05:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62121 PROTO=TCP SPT=58424 DPT=7841 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3495 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:14:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.128 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=22088 DF PROTO=TCP SPT=43320 DPT=593 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:14:59 server83 dhclient[5949]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x1e7ea898) Nov 9 05:15:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.128 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=33085 DF PROTO=TCP SPT=43344 DPT=593 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:15:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56810 SEQ=1 Nov 9 05:15:01 server83 systemd: Started Session 306847 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306848 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306850 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306846 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306849 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306852 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306853 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306854 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306851 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306855 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306858 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306856 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306857 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306859 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306860 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306861 of user root. Nov 9 05:15:01 server83 systemd: Started Session 306863 of user root. Nov 9 05:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 05:15:01 server83 systemd: Started Session 306862 of user sanatanhinduvahi. Nov 9 05:15:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35390 SEQ=1 Nov 9 05:15:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 05:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46713 SEQ=1 Nov 9 05:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.254.185.87 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=33325 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:15:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.71 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=52294 PROTO=TCP SPT=41970 DPT=10096 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41813 SEQ=1 Nov 9 05:15:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28557 SEQ=1 Nov 9 05:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31216 PROTO=TCP SPT=45082 DPT=25529 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:15:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58977 SEQ=1 Nov 9 05:15:07 server83 letsencrypt.live.cgi: time="2025-11-09T05:15:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tsctup WantedNames="[]" Nov 9 05:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33408 SEQ=1 Nov 9 05:15:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.46 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=21838 PROTO=TCP SPT=19807 DPT=9823 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:15:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52302 DPT=20121 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:15:10 server83 dhclient[5949]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x1e7ea898) Nov 9 05:15:14 server83 NetworkManager[922]: <warn> [1762645514.4414] dhcp4 (eth1): request timed out Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4414] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4573] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5949 Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4573] dhcp4 (eth1): state changed timeout -> done Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4575] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:15:14 server83 NetworkManager[922]: <warn> [1762645514.4577] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4579] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4607] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4609] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4610] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4612] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4621] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4623] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:15:14 server83 NetworkManager[922]: <info> [1762645514.4632] dhcp4 (eth1): dhclient started with pid 7459 Nov 9 05:15:14 server83 dhclient[7459]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x50e6d36c) Nov 9 05:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52773 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52774 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:18 server83 dhclient[7459]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x50e6d36c) Nov 9 05:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3303 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:15:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52775 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34199 SEQ=1 Nov 9 05:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4204 SEQ=1 Nov 9 05:15:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.94.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36933 DPT=30009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:15:22 server83 letsencrypt.live.cgi: time="2025-11-09T05:15:22+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=nsconstruction WantedNames="[]" error="Account is suspended" Nov 9 05:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50336 SEQ=1 Nov 9 05:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35223 SEQ=1 Nov 9 05:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52776 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:15:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:15:25 server83 dhclient[7459]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x50e6d36c) Nov 9 05:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.73 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=55644 PROTO=TCP SPT=43986 DPT=30009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6367 DF PROTO=TCP SPT=43814 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52994 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52777 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42021 SEQ=1 Nov 9 05:15:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37323 SEQ=1 Nov 9 05:15:38 server83 letsencrypt.live.cgi: time="2025-11-09T05:15:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=parasjewels WantedNames="[]" Nov 9 05:15:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32332 SEQ=1 Nov 9 05:15:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5882 SEQ=1 Nov 9 05:15:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14240 SEQ=1 Nov 9 05:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5882 SEQ=1 Nov 9 05:15:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=15299 DF PROTO=TCP SPT=5503 DPT=3256 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:15:43 server83 dhclient[7459]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x50e6d36c) Nov 9 05:15:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.221.68.122 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=3059 PROTO=TCP SPT=40127 DPT=4911 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:15:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.19 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=5335 PROTO=TCP SPT=26200 DPT=8861 WINDOW=33733 RES=0x00 SYN URGP=0 Nov 9 05:15:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52778 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16010 SEQ=1 Nov 9 05:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7718 SEQ=1 Nov 9 05:15:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50079 DPT=9453 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7718 SEQ=1 Nov 9 05:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3494 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:15:49 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:15:49 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:15:49 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27887 SEQ=1 Nov 9 05:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46988 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46989 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10272 SEQ=1 Nov 9 05:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26032 SEQ=1 Nov 9 05:15:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46990 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:53 server83 letsencrypt.live.cgi: time="2025-11-09T05:15:53+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=finelineinterior WantedNames="[]" error="Account is suspended" Nov 9 05:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16010 SEQ=1 Nov 9 05:15:56 server83 dhclient[7459]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x50e6d36c) Nov 9 05:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46991 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:15:59 server83 NetworkManager[922]: <warn> [1762645559.4463] dhcp4 (eth1): request timed out Nov 9 05:15:59 server83 NetworkManager[922]: <info> [1762645559.4463] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:15:59 server83 NetworkManager[922]: <info> [1762645559.4542] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7459 Nov 9 05:15:59 server83 NetworkManager[922]: <info> [1762645559.4542] dhcp4 (eth1): state changed timeout -> done Nov 9 05:15:59 server83 NetworkManager[922]: <info> [1762645559.4544] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:15:59 server83 NetworkManager[922]: <warn> [1762645559.4546] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:15:59 server83 NetworkManager[922]: <info> [1762645559.4548] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:15:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50193 PROTO=TCP SPT=45352 DPT=5486 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:16:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=43399 PROTO=TCP SPT=56506 DPT=3390 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:16:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:16:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:16:01 server83 systemd: Started Session 306865 of user root. Nov 9 05:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:16:01 server83 systemd: Started Session 306864 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306866 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306868 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306869 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306870 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306871 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306872 of user root. Nov 9 05:16:01 server83 systemd: Started Session 306867 of user root. Nov 9 05:16:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33262 SEQ=1 Nov 9 05:16:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37559 SEQ=1 Nov 9 05:16:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.82.65 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=25406 DF PROTO=ICMP TYPE=8 CODE=0 ID=20798 SEQ=33688 Nov 9 05:16:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6059 SEQ=1 Nov 9 05:16:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22825 SEQ=1 Nov 9 05:16:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.255.215.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=30360 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46992 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:06 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 05:16:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46059 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6910 SEQ=1 Nov 9 05:16:08 server83 letsencrypt.live.cgi: time="2025-11-09T05:16:08+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=starriseindia WantedNames="[]" error="Account is suspended" Nov 9 05:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33262 SEQ=1 Nov 9 05:16:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:16:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.254.149.200 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=37631 DF PROTO=ICMP TYPE=8 CODE=0 ID=8 SEQ=12783 Nov 9 05:16:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17810 SEQ=1 Nov 9 05:16:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8823 SEQ=1 Nov 9 05:16:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21756 SEQ=1 Nov 9 05:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52779 DF PROTO=TCP SPT=47210 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=49179 PROTO=TCP SPT=44628 DPT=82 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19198 PROTO=TCP SPT=58603 DPT=33899 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46993 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:24 server83 letsencrypt.live.cgi: time="2025-11-09T05:16:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ssbfoundationorg WantedNames="[]" Nov 9 05:16:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=34640 PROTO=TCP SPT=21459 DPT=26080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:16:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:16:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39115 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39116 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39117 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15745 PROTO=TCP SPT=52224 DPT=4119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:16:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40723 SEQ=1 Nov 9 05:16:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40163 SEQ=1 Nov 9 05:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.63 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=109 ID=34185 DF PROTO=ICMP TYPE=8 CODE=0 ID=54417 SEQ=28643 Nov 9 05:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40163 SEQ=1 Nov 9 05:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=32971 DF PROTO=ICMP TYPE=8 CODE=0 ID=43733 SEQ=14612 Nov 9 05:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39118 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11125 SEQ=1 Nov 9 05:16:39 server83 letsencrypt.live.cgi: time="2025-11-09T05:16:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nation WantedNames="[]" Nov 9 05:16:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=210.57.212.101 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64103 PROTO=TCP SPT=40611 DPT=8188 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:16:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.119 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=59574 PROTO=TCP SPT=54300 DPT=10013 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:16:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65364 PROTO=TCP SPT=49956 DPT=25252 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.120 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48597 PROTO=TCP SPT=54916 DPT=1880 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39119 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49971 SEQ=1 Nov 9 05:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4387 SEQ=1 Nov 9 05:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=1.92.213.48 DST=51.210.113.204 LEN=54 TOS=0x00 PREC=0x00 TTL=40 ID=27064 DF PROTO=ICMP TYPE=8 CODE=0 ID=15902 SEQ=34505 Nov 9 05:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=707 SEQ=1 Nov 9 05:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31744 SEQ=1 Nov 9 05:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14350 SEQ=1 Nov 9 05:16:51 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.101 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=56917 DPT=21434 LEN=9 Nov 9 05:16:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46994 DF PROTO=TCP SPT=41052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:16:55 server83 letsencrypt.live.cgi: time="2025-11-09T05:16:55+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=a2zprint WantedNames="[]" error="Account is suspended" Nov 9 05:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46648 PROTO=TCP SPT=50435 DPT=4585 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:16:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62769 PROTO=TCP SPT=61234 DPT=5953 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39120 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:17:01 server83 systemd: Started Session 306873 of user root. Nov 9 05:17:01 server83 systemd: Started Session 306874 of user root. Nov 9 05:17:01 server83 systemd: Started Session 306875 of user root. Nov 9 05:17:01 server83 systemd: Started Session 306876 of user root. Nov 9 05:17:01 server83 systemd: Started Session 306877 of user root. Nov 9 05:17:02 server83 systemd: Started Session 306878 of user root. Nov 9 05:17:02 server83 systemd: Started Session 306880 of user root. Nov 9 05:17:02 server83 systemd: Started Session 306881 of user root. Nov 9 05:17:02 server83 systemd: Started Session 306879 of user root. Nov 9 05:17:02 server83 systemd: Started Session 306882 of user root. Nov 9 05:17:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.16 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56543 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:17:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3302 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5214 PROTO=TCP SPT=45082 DPT=20411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35964 SEQ=1 Nov 9 05:17:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=63.35.248.115 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=12629 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:17:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.255.181.194 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=51721 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:17:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36301 SEQ=1 Nov 9 05:17:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36301 SEQ=1 Nov 9 05:17:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.239.43.39 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=46172 DF PROTO=ICMP TYPE=8 CODE=0 ID=32123 SEQ=17147 Nov 9 05:17:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7500 DF PROTO=TCP SPT=58236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23135 PROTO=TCP SPT=43457 DPT=2518 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13959 SEQ=1 Nov 9 05:17:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=13656 PROTO=TCP SPT=34195 DPT=9608 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:17:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7501 DF PROTO=TCP SPT=58236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31695 PROTO=TCP SPT=46370 DPT=3041 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:10 server83 letsencrypt.live.cgi: time="2025-11-09T05:17:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aroush WantedNames="[]" Nov 9 05:17:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.144.239.78 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33921 DPT=20008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:17:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.113 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=5675 DF PROTO=TCP SPT=47404 DPT=23560 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:17:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.113 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=23417 DF PROTO=TCP SPT=47734 DPT=23560 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:17:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13963 SEQ=1 Nov 9 05:17:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55516 SEQ=1 Nov 9 05:17:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42403 SEQ=1 Nov 9 05:17:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=82.165.93.136 DST=51.210.113.204 LEN=443 TOS=0x00 PREC=0x00 TTL=50 ID=17708 DF PROTO=UDP SPT=6288 DPT=5060 LEN=423 Nov 9 05:17:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.113 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=26681 DF PROTO=TCP SPT=47760 DPT=23560 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62095 SEQ=1 Nov 9 05:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.162.88.193 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=1415 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20740 Nov 9 05:17:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7504 DF PROTO=TCP SPT=58236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.136 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=21960 PROTO=TCP SPT=15589 DPT=4065 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:17:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.224.128.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=244 ID=36972 PROTO=TCP SPT=36785 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:17:26 server83 letsencrypt.live.cgi: time="2025-11-09T05:17:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vfoundation WantedNames="[]" Nov 9 05:17:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.170 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=50428 PROTO=TCP SPT=57224 DPT=5909 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57271 PROTO=TCP SPT=47795 DPT=5253 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:17:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7505 DF PROTO=TCP SPT=58753 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7506 DF PROTO=TCP SPT=58753 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16754 SEQ=1 Nov 9 05:17:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40214 SEQ=1 Nov 9 05:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39121 DF PROTO=TCP SPT=50704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:17:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28722 SEQ=1 Nov 9 05:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7507 DF PROTO=TCP SPT=58753 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28722 SEQ=1 Nov 9 05:17:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41546 SEQ=1 Nov 9 05:17:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43406 SEQ=1 Nov 9 05:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56021 SEQ=1 Nov 9 05:17:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7508 DF PROTO=TCP SPT=58753 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:41 server83 letsencrypt.live.cgi: time="2025-11-09T05:17:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=csapiti WantedNames="[]" Nov 9 05:17:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.143 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=10847 PROTO=TCP SPT=26412 DPT=40128 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57298 SEQ=1 Nov 9 05:17:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7509 DF PROTO=TCP SPT=58753 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:17:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.243 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=58759 PROTO=TCP SPT=51879 DPT=366 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16133 SEQ=1 Nov 9 05:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.44.184.14 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=26751 DF PROTO=ICMP TYPE=8 CODE=0 ID=53719 SEQ=39048 Nov 9 05:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28921 SEQ=1 Nov 9 05:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28921 SEQ=1 Nov 9 05:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46446 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=671 SEQ=1 Nov 9 05:17:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3458 PROTO=TCP SPT=61234 DPT=5901 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:17:57 server83 letsencrypt.live.cgi: time="2025-11-09T05:17:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=studyleadsacadem WantedNames="[]" error="Account is suspended" Nov 9 05:17:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:18:01 server83 systemd: Started Session 306883 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306885 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306884 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306887 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306886 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306888 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306889 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306891 of user root. Nov 9 05:18:01 server83 systemd: Started Session 306890 of user root. Nov 9 05:18:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.249.143.88 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=61478 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:18:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.245.114.52 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=34632 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=12939 Nov 9 05:18:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.204.174.192 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=22282 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=4531 Nov 9 05:18:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.200.10.118 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=19399 DF PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=3751 Nov 9 05:18:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40215 SEQ=1 Nov 9 05:18:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49728 DPT=20008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:18:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.65 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56521 PROTO=TCP SPT=54796 DPT=5006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:18:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25851 SEQ=1 Nov 9 05:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59976 SEQ=1 Nov 9 05:18:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23477 PROTO=TCP SPT=40623 DPT=9366 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:18:12 server83 letsencrypt.live.cgi: time="2025-11-09T05:18:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=prolifictradepro WantedNames="[]" Nov 9 05:18:13 server83 scripts.sh: Sun Nov 9 05:18:13 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 05:18:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45369 SEQ=1 Nov 9 05:18:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36398 SEQ=1 Nov 9 05:18:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33594 SEQ=1 Nov 9 05:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 05:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 05:18:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=4018 PROTO=TCP SPT=61234 DPT=5932 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50667 SEQ=1 Nov 9 05:18:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25739 PROTO=TCP SPT=49956 DPT=25934 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:18:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.149.178 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=0 DF PROTO=TCP SPT=51088 DPT=12149 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:18:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36990 PROTO=TCP SPT=45082 DPT=7547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:18:28 server83 letsencrypt.live.cgi: time="2025-11-09T05:18:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ssandcf WantedNames="[]" Nov 9 05:18:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58257 SEQ=1 Nov 9 05:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41544 SEQ=1 Nov 9 05:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=34939 DF PROTO=ICMP TYPE=8 CODE=0 ID=26767 SEQ=63214 Nov 9 05:18:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7177 PROTO=TCP SPT=45442 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=62032 PROTO=TCP SPT=33055 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42987 SEQ=1 Nov 9 05:18:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.95 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=14099 PROTO=TCP SPT=51296 DPT=16010 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:18:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7178 PROTO=TCP SPT=45442 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=62033 PROTO=TCP SPT=33055 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30409 PROTO=TCP SPT=59300 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7179 PROTO=TCP SPT=45442 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.6.26 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=43313 PROTO=TCP SPT=52699 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7180 PROTO=TCP SPT=45442 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30412 PROTO=TCP SPT=59300 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7754 SEQ=1 Nov 9 05:18:43 server83 letsencrypt.live.cgi: time="2025-11-09T05:18:43+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=pmkisancreditcar WantedNames="[]" error="Account is suspended" Nov 9 05:18:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=4.227.178.199 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=62093 PROTO=TCP SPT=33781 DPT=4911 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:18:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.127 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=41626 DF PROTO=TCP SPT=27462 DPT=8109 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:18:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.18 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=54550 PROTO=TCP SPT=26200 DPT=782 WINDOW=52689 RES=0x00 SYN URGP=0 Nov 9 05:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41256 SEQ=1 Nov 9 05:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50940 SEQ=1 Nov 9 05:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57565 SEQ=1 Nov 9 05:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57565 SEQ=1 Nov 9 05:18:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.43 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=37266 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:18:50 server83 pam_imunify_daemon.bin: time="2025-11-09T05:18:50+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 05:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58512 SEQ=1 Nov 9 05:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43189 SEQ=1 Nov 9 05:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21368 SEQ=1 Nov 9 05:18:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:18:58 server83 letsencrypt.live.cgi: time="2025-11-09T05:18:58+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=birlabuilder WantedNames="[]" error="Account is suspended" Nov 9 05:19:01 server83 systemd: Started Session 306893 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306892 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306894 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306895 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306896 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306897 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306898 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306899 of user root. Nov 9 05:19:01 server83 systemd: Started Session 306900 of user root. Nov 9 05:19:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.100 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56738 DPT=45117 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:19:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.97.171.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=23160 PROTO=TCP SPT=61000 DPT=8080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:19:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.251.190.3 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=10371 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=17416 Nov 9 05:19:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=203.55.131.3 DST=51.210.113.204 LEN=52 TOS=0x08 PREC=0x20 TTL=48 ID=50057 PROTO=TCP SPT=51098 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:19:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47533 SEQ=1 Nov 9 05:19:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.144.129.20 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=9510 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20740 Nov 9 05:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42722 SEQ=1 Nov 9 05:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16141 SEQ=1 Nov 9 05:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43085 SEQ=1 Nov 9 05:19:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48078 SEQ=1 Nov 9 05:19:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56482 PROTO=TCP SPT=36976 DPT=7865 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:19:14 server83 letsencrypt.live.cgi: time="2025-11-09T05:19:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=arafcon WantedNames="[]" Nov 9 05:19:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2218 PROTO=TCP SPT=52866 DPT=22222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:19:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.144.239.78 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47099 DPT=40012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8451 SEQ=1 Nov 9 05:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7388 SEQ=1 Nov 9 05:19:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.204.2.215 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=37130 DF PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=9871 Nov 9 05:19:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.50.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58213 DPT=40012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:19:30 server83 letsencrypt.live.cgi: time="2025-11-09T05:19:30+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=accurateclothing WantedNames="[]" error="Account is suspended" Nov 9 05:19:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.15 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=180 PROTO=TCP SPT=26200 DPT=22206 WINDOW=32537 RES=0x00 SYN URGP=0 Nov 9 05:19:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64068 PROTO=TCP SPT=49956 DPT=26036 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:19:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:19:35 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6948 SEQ=1 Nov 9 05:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6948 SEQ=1 Nov 9 05:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62897 SEQ=1 Nov 9 05:19:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=49370 PROTO=TCP SPT=47238 DPT=15704 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35276 SEQ=1 Nov 9 05:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43849 SEQ=1 Nov 9 05:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30543 SEQ=1 Nov 9 05:19:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3301 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:19:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:19:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3493 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:19:45 server83 letsencrypt.live.cgi: time="2025-11-09T05:19:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=lightspeedcourie WantedNames="[]" Nov 9 05:19:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:19:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22089 SEQ=1 Nov 9 05:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51244 SEQ=1 Nov 9 05:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14961 SEQ=1 Nov 9 05:19:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14961 SEQ=1 Nov 9 05:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51244 SEQ=1 Nov 9 05:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54463 SEQ=1 Nov 9 05:19:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:19:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=3140 PROTO=TCP SPT=46621 DPT=1086 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:19:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.149.245 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=51433 DPT=123 LEN=200 Nov 9 05:20:01 server83 letsencrypt.live.cgi: time="2025-11-09T05:20:01+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=loanatmin WantedNames="[]" error="Account is suspended" Nov 9 05:20:01 server83 systemd: Started Session 306901 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306902 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306904 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306906 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306907 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306909 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306908 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306911 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306905 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306903 of user root. Nov 9 05:20:01 server83 systemd: Started Session 306910 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306913 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306912 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306914 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306915 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306917 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306916 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306919 of user root. Nov 9 05:20:02 server83 systemd: Started Session 306918 of user root. Nov 9 05:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41270 SEQ=1 Nov 9 05:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52049 SEQ=1 Nov 9 05:20:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=4659 PROTO=TCP SPT=53857 DPT=44363 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.69 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53488 DPT=422 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.68 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49379 DPT=10024 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.255.181.194 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=13936 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=15770 Nov 9 05:20:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48918 SEQ=1 Nov 9 05:20:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=98.93.0.23 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=33876 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=4531 Nov 9 05:20:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48656 SEQ=1 Nov 9 05:20:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.237.85.94 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=4008 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=20740 Nov 9 05:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55571 SEQ=1 Nov 9 05:20:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64970 PROTO=TCP SPT=45780 DPT=5440 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.89.125.224 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=16178 PROTO=TCP SPT=47081 DPT=70 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2206 PROTO=TCP SPT=49956 DPT=26044 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16669 SEQ=1 Nov 9 05:20:16 server83 letsencrypt.live.cgi: time="2025-11-09T05:20:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ymsindia WantedNames="[]" Nov 9 05:20:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.159.117 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=49 ID=25320 DF PROTO=UDP SPT=19334 DPT=19334 LEN=16 Nov 9 05:20:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61944 SEQ=1 Nov 9 05:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21646 SEQ=1 Nov 9 05:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7118 SEQ=1 Nov 9 05:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39881 SEQ=1 Nov 9 05:20:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.127 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55330 DPT=5011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.19 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=40464 PROTO=TCP SPT=45173 DPT=8028 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.202.163.93 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=20975 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=18167 Nov 9 05:20:21 server83 systemd: Started Session c2834 of user root. Nov 9 05:20:21 server83 scripts.sh: Load Average: 1.49 , 2.08 Nov 9 05:20:21 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:20:21 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:20:21 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:20:21 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:20:21 server83 scripts.sh: MySQL Status: active Nov 9 05:20:21 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:20:21 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:20:21 server83 scripts.sh: SSHD Status: active Nov 9 05:20:21 server83 scripts.sh: FTP Status: active Nov 9 05:20:21 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:20:21 server83 scripts.sh: Imunify Status: Active Nov 9 05:20:21 server83 scripts.sh: cPanel Status: active Nov 9 05:20:21 server83 scripts.sh: Memory Status: 11/31 GB - 37.76% Nov 9 05:20:21 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:20:21 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:20:21 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:20:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40753 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=200.9.154.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50275 DPT=10089 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=9949 PROTO=TCP SPT=56185 DPT=7904 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.81.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51817 DPT=5011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.206.74 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=3594 DF PROTO=TCP SPT=38716 DPT=5358 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7659 SEQ=1 Nov 9 05:20:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6696 SEQ=1 Nov 9 05:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11781 SEQ=1 Nov 9 05:20:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52349 PROTO=TCP SPT=49956 DPT=25248 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=27991 DF PROTO=ICMP TYPE=8 CODE=0 ID=1756 SEQ=36691 Nov 9 05:20:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8425 PROTO=TCP SPT=54739 DPT=2609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10419 SEQ=1 Nov 9 05:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=1685 PROTO=TCP SPT=56185 DPT=7913 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11811 SEQ=1 Nov 9 05:20:41 server83 letsencrypt.live.cgi: time="2025-11-09T05:20:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=salyanltdit WantedNames="[]" Nov 9 05:20:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61984 SEQ=1 Nov 9 05:20:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65365 SEQ=1 Nov 9 05:20:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36097 SEQ=1 Nov 9 05:20:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.189 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52355 DPT=9991 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.25 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1081 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:20:50 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:20:50 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:20:50 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28834 SEQ=1 Nov 9 05:20:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44106 PROTO=TCP SPT=45727 DPT=31796 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63623 SEQ=1 Nov 9 05:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63623 SEQ=1 Nov 9 05:20:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33193 SEQ=1 Nov 9 05:20:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.103 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=59436 PROTO=TCP SPT=59449 DPT=12111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:20:57 server83 letsencrypt.live.cgi: time="2025-11-09T05:20:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=getsetcampingbha WantedNames="[]" error="Account is suspended" Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4496] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4502] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4503] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4507] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4518] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4522] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:20:59 server83 NetworkManager[922]: <info> [1762645859.4534] dhcp4 (eth1): dhclient started with pid 16537 Nov 9 05:20:59 server83 dhclient[16537]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3e9df5f) Nov 9 05:21:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53430 DPT=12111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:21:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:21:01 server83 systemd: Started Session 306921 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306923 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306920 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306925 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306922 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306924 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306926 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306928 of user root. Nov 9 05:21:01 server83 systemd: Started Session 306927 of user root. Nov 9 05:21:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8321 PROTO=TCP SPT=34702 DPT=4912 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=388 SEQ=1 Nov 9 05:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55301 SEQ=1 Nov 9 05:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=838 SEQ=1 Nov 9 05:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23497 SEQ=1 Nov 9 05:21:03 server83 pam_imunify_daemon.bin: time="2025-11-09T05:21:03+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 05:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23328 SEQ=1 Nov 9 05:21:06 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.159.117 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=49 ID=33877 DF PROTO=UDP SPT=19334 DPT=19334 LEN=16 Nov 9 05:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24619 SEQ=1 Nov 9 05:21:07 server83 dhclient[16537]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x3e9df5f) Nov 9 05:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.156.12.125 DST=145.239.177.179 LEN=48 TOS=0x08 PREC=0x60 TTL=237 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=19031 SEQ=30696 Nov 9 05:21:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=45458 DPT=11111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23497 SEQ=1 Nov 9 05:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51066 SEQ=1 Nov 9 05:21:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30988 PROTO=TCP SPT=46370 DPT=3179 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:12 server83 letsencrypt.live.cgi: time="2025-11-09T05:21:12+05:30" level=error msg="Failed to process AutoSSL" Username=bibiamen error="Experienced fatal pre-flight error for bibiamen: User is over quota: bibiamen (<nil>)" Nov 9 05:21:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54166 PROTO=TCP SPT=56256 DPT=8006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:18 server83 dhclient[16537]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x3e9df5f) Nov 9 05:21:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28454 SEQ=1 Nov 9 05:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16894 SEQ=1 Nov 9 05:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57357 SEQ=1 Nov 9 05:21:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=5747 PROTO=TCP SPT=44928 DPT=25018 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:21:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59440 PROTO=TCP SPT=45082 DPT=42624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:27 server83 letsencrypt.live.cgi: time="2025-11-09T05:21:27+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=eudaipurprivatet WantedNames="[]" error="Account is suspended" Nov 9 05:21:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62079 PROTO=TCP SPT=43448 DPT=2744 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:31 server83 dhclient[16537]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3e9df5f) Nov 9 05:21:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3492 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=53864 PROTO=TCP SPT=61234 DPT=5946 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1944 SEQ=1 Nov 9 05:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55493 SEQ=1 Nov 9 05:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8930 SEQ=1 Nov 9 05:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14490 SEQ=1 Nov 9 05:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4249 SEQ=1 Nov 9 05:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1944 SEQ=1 Nov 9 05:21:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45067 DPT=12111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:21:43 server83 letsencrypt.live.cgi: time="2025-11-09T05:21:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=evershedslaw WantedNames="[]" Nov 9 05:21:44 server83 NetworkManager[922]: <warn> [1762645904.4455] dhcp4 (eth1): request timed out Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4455] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4614] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16537 Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4614] dhcp4 (eth1): state changed timeout -> done Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4616] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:21:44 server83 NetworkManager[922]: <warn> [1762645904.4619] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4621] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4651] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4654] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4655] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4657] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4666] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4668] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:21:44 server83 NetworkManager[922]: <info> [1762645904.4680] dhcp4 (eth1): dhclient started with pid 18856 Nov 9 05:21:44 server83 dhclient[18856]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2718830e) Nov 9 05:21:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3499 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.86 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55454 DPT=30010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:21:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46636 SEQ=1 Nov 9 05:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62379 SEQ=1 Nov 9 05:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40527 SEQ=1 Nov 9 05:21:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=48779 PROTO=TCP SPT=29827 DPT=8663 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46636 SEQ=1 Nov 9 05:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58445 SEQ=1 Nov 9 05:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=48789 PROTO=TCP SPT=29827 DPT=9347 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=40756 PROTO=TCP SPT=29827 DPT=5067 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=49869 PROTO=TCP SPT=29827 DPT=9663 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=34484 PROTO=TCP SPT=29827 DPT=7822 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:52 server83 dhclient[18856]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x2718830e) Nov 9 05:21:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=41604 PROTO=TCP SPT=29827 DPT=30007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24202 SEQ=1 Nov 9 05:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61513 SEQ=1 Nov 9 05:21:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=13650 PROTO=TCP SPT=29827 DPT=8004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=38435 PROTO=TCP SPT=29827 DPT=37531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=55856 PROTO=TCP SPT=29827 DPT=9935 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:21:59 server83 letsencrypt.live.cgi: time="2025-11-09T05:21:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mewalal WantedNames="[]" Nov 9 05:22:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=38631 PROTO=TCP SPT=29827 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:01 server83 systemd: Started Session 306929 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306931 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306930 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306933 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306934 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306932 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306935 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306936 of user root. Nov 9 05:22:01 server83 systemd: Started Session 306937 of user root. Nov 9 05:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34384 SEQ=1 Nov 9 05:22:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=35619 PROTO=TCP SPT=29827 DPT=30443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60921 SEQ=1 Nov 9 05:22:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=50276 PROTO=TCP SPT=29827 DPT=30017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=45827 PROTO=TCP SPT=29827 DPT=3377 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:05 server83 dhclient[18856]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x2718830e) Nov 9 05:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=39362 PROTO=TCP SPT=29827 DPT=6612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=10429 PROTO=TCP SPT=29827 DPT=16888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=16561 PROTO=TCP SPT=29827 DPT=9982 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7513 DF PROTO=TCP SPT=63810 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11352 SEQ=1 Nov 9 05:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8795 SEQ=1 Nov 9 05:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28921 SEQ=1 Nov 9 05:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22030 SEQ=1 Nov 9 05:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57322 SEQ=1 Nov 9 05:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3498 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29710 SEQ=1 Nov 9 05:22:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=1573 PROTO=TCP SPT=29827 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=14038 PROTO=TCP SPT=29827 DPT=12096 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=6041 PROTO=TCP SPT=29827 DPT=2887 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=30451 PROTO=TCP SPT=29827 DPT=5569 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:17 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.240 DST=145.239.177.179 LEN=41 TOS=0x00 PREC=0x00 TTL=35 ID=32752 PROTO=UDP SPT=30114 DPT=27308 LEN=21 Nov 9 05:22:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=63389 PROTO=TCP SPT=29827 DPT=8002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60720 SEQ=1 Nov 9 05:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20848 SEQ=1 Nov 9 05:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41902 SEQ=1 Nov 9 05:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.155.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=13890 PROTO=TCP SPT=29827 DPT=7730 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:24 server83 letsencrypt.live.cgi: time="2025-11-09T05:22:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=trustfinglobal WantedNames="[]" Nov 9 05:22:26 server83 dhclient[18856]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x2718830e) Nov 9 05:22:29 server83 NetworkManager[922]: <warn> [1762645949.4503] dhcp4 (eth1): request timed out Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18856 Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:22:29 server83 NetworkManager[922]: <warn> [1762645949.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4628] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4628] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4631] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4641] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4643] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:22:29 server83 NetworkManager[922]: <info> [1762645949.4654] dhcp4 (eth1): dhclient started with pid 19743 Nov 9 05:22:29 server83 dhclient[19743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x3b8e49ea) Nov 9 05:22:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=51494 PROTO=TCP SPT=44764 DPT=10911 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:22:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=27053 DF PROTO=TCP SPT=47178 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.141.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=3037 DF PROTO=TCP SPT=40162 DPT=6484 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:22:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=27054 DF PROTO=TCP SPT=47178 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=52717 DPT=11111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58567 SEQ=1 Nov 9 05:22:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=27055 DF PROTO=TCP SPT=47178 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55162 SEQ=1 Nov 9 05:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=21991 DF PROTO=TCP SPT=47208 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:35 server83 dhclient[19743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x3b8e49ea) Nov 9 05:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29160 SEQ=1 Nov 9 05:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4907 SEQ=1 Nov 9 05:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=21992 DF PROTO=TCP SPT=47208 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=5637 DF PROTO=TCP SPT=47228 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3503 SEQ=1 Nov 9 05:22:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.24 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53086 DPT=30006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:22:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.116 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=5638 DF PROTO=TCP SPT=47228 DPT=10050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41292 SEQ=1 Nov 9 05:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41292 SEQ=1 Nov 9 05:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3503 SEQ=1 Nov 9 05:22:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2442 PROTO=TCP SPT=46791 DPT=4966 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:22:40 server83 letsencrypt.live.cgi: time="2025-11-09T05:22:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pdpiti WantedNames="[]" Nov 9 05:22:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31800 PROTO=TCP SPT=40760 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:22:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31801 PROTO=TCP SPT=40760 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:22:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43098 PROTO=TCP SPT=60125 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:22:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43100 PROTO=TCP SPT=60125 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:22:46 server83 dhclient[19743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3b8e49ea) Nov 9 05:22:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25204 SEQ=1 Nov 9 05:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27943 SEQ=1 Nov 9 05:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62033 SEQ=1 Nov 9 05:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32202 SEQ=1 Nov 9 05:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30044 SEQ=1 Nov 9 05:22:56 server83 letsencrypt.live.cgi: time="2025-11-09T05:22:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wmps WantedNames="[]" Nov 9 05:22:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36750 PROTO=TCP SPT=61234 DPT=5990 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.136 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17045 PROTO=TCP SPT=57545 DPT=2455 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:23:01 server83 systemd: Started Session 306939 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306940 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306941 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306938 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306942 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306943 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306944 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306945 of user root. Nov 9 05:23:01 server83 systemd: Started Session 306946 of user root. Nov 9 05:23:01 server83 dhclient[19743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3b8e49ea) Nov 9 05:23:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.221.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37744 DPT=5858 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45531 SEQ=1 Nov 9 05:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25863 SEQ=1 Nov 9 05:23:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45447 DF PROTO=TCP SPT=46516 DPT=7895 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:23:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45448 DF PROTO=TCP SPT=46516 DPT=7895 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:23:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=13292 DF PROTO=TCP SPT=46524 DPT=7895 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:23:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=13293 DF PROTO=TCP SPT=46524 DPT=7895 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4475 DF PROTO=TCP SPT=46546 DPT=7895 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7515 DF PROTO=TCP SPT=65301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:23:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7516 DF PROTO=TCP SPT=65301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33596 SEQ=1 Nov 9 05:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45383 SEQ=1 Nov 9 05:23:08 server83 dhclient[19743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x3b8e49ea) Nov 9 05:23:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35705 SEQ=1 Nov 9 05:23:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.230.75.180 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=235 ID=62567 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=11 Nov 9 05:23:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7517 DF PROTO=TCP SPT=65301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:23:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45575 SEQ=1 Nov 9 05:23:11 server83 letsencrypt.live.cgi: time="2025-11-09T05:23:11+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=anshcargopackers WantedNames="[]" error="Account is suspended" Nov 9 05:23:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63825 PROTO=TCP SPT=45082 DPT=4882 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:23:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7518 DF PROTO=TCP SPT=65301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:23:14 server83 NetworkManager[922]: <warn> [1762645994.4512] dhcp4 (eth1): request timed out Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4512] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4672] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19743 Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4673] dhcp4 (eth1): state changed timeout -> done Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4675] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:23:14 server83 NetworkManager[922]: <warn> [1762645994.4679] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4681] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4714] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4718] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4719] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4722] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4732] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4735] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:23:14 server83 NetworkManager[922]: <info> [1762645994.4748] dhcp4 (eth1): dhclient started with pid 20817 Nov 9 05:23:14 server83 dhclient[20817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x655b250c) Nov 9 05:23:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39732 SEQ=1 Nov 9 05:23:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65075 SEQ=1 Nov 9 05:23:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64967 SEQ=1 Nov 9 05:23:20 server83 dhclient[20817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x655b250c) Nov 9 05:23:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7519 DF PROTO=TCP SPT=65301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1169 PROTO=TCP SPT=46370 DPT=3084 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19570 SEQ=1 Nov 9 05:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64967 SEQ=1 Nov 9 05:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15878 SEQ=1 Nov 9 05:23:26 server83 letsencrypt.live.cgi: time="2025-11-09T05:23:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ouexprefix WantedNames="[]" Nov 9 05:23:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.191 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=17264 DF PROTO=TCP SPT=36730 DPT=22846 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:23:29 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 05:23:29 server83 systemd: Stopped Status Update Service. Nov 9 05:23:29 server83 systemd: Started Status Update Service. Nov 9 05:23:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=51218 PROTO=TCP SPT=21459 DPT=86 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:23:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40029 PROTO=TCP SPT=50207 DPT=4626 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49233 SEQ=1 Nov 9 05:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46112 SEQ=1 Nov 9 05:23:33 server83 dhclient[20817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x655b250c) Nov 9 05:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4602 SEQ=1 Nov 9 05:23:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:23:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30411 SEQ=1 Nov 9 05:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20950 SEQ=1 Nov 9 05:23:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.124 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=7761 PROTO=TCP SPT=36072 DPT=5665 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:23:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19289 PROTO=TCP SPT=43739 DPT=2777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:23:42 server83 letsencrypt.live.cgi: time="2025-11-09T05:23:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=uniwhite WantedNames="[]" Nov 9 05:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:23:49 server83 dhclient[20817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x655b250c) Nov 9 05:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14868 SEQ=1 Nov 9 05:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18689 SEQ=1 Nov 9 05:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3611 SEQ=1 Nov 9 05:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52255 SEQ=1 Nov 9 05:23:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.154 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33467 DF PROTO=TCP SPT=58731 DPT=8230 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:23:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40214 PROTO=TCP SPT=43739 DPT=2587 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:23:58 server83 letsencrypt.live.cgi: time="2025-11-09T05:23:58+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=mvgcservices WantedNames="[]" error="Account is suspended" Nov 9 05:23:58 server83 dhclient[20817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x655b250c) Nov 9 05:23:59 server83 NetworkManager[922]: <warn> [1762646039.4467] dhcp4 (eth1): request timed out Nov 9 05:23:59 server83 NetworkManager[922]: <info> [1762646039.4467] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:23:59 server83 NetworkManager[922]: <info> [1762646039.4627] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20817 Nov 9 05:23:59 server83 NetworkManager[922]: <info> [1762646039.4627] dhcp4 (eth1): state changed timeout -> done Nov 9 05:23:59 server83 NetworkManager[922]: <info> [1762646039.4629] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:23:59 server83 NetworkManager[922]: <warn> [1762646039.4634] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:23:59 server83 NetworkManager[922]: <info> [1762646039.4636] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:24:01 server83 systemd: Started Session 306947 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306950 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306952 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306948 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306951 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306953 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306954 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306949 of user root. Nov 9 05:24:01 server83 systemd: Started Session 306955 of user root. Nov 9 05:24:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65447 PROTO=TCP SPT=45082 DPT=39714 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:24:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3491 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17127 SEQ=1 Nov 9 05:24:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27136 SEQ=1 Nov 9 05:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8262 SEQ=1 Nov 9 05:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27136 SEQ=1 Nov 9 05:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38446 SEQ=1 Nov 9 05:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59943 SEQ=1 Nov 9 05:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17582 SEQ=1 Nov 9 05:24:13 server83 letsencrypt.live.cgi: time="2025-11-09T05:24:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sbssmbtc WantedNames="[]" Nov 9 05:24:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.95.90 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46549 PROTO=TCP SPT=58975 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:24:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28824 PROTO=TCP SPT=49956 DPT=26960 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:24:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.95.90 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46550 PROTO=TCP SPT=58975 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:24:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43060 PROTO=TCP SPT=35400 DPT=9127 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.95.93 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19234 PROTO=TCP SPT=54468 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.95.90 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46551 PROTO=TCP SPT=58975 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31684 SEQ=1 Nov 9 05:24:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.95.93 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19236 PROTO=TCP SPT=54468 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17850 SEQ=1 Nov 9 05:24:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17850 SEQ=1 Nov 9 05:24:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61390 SEQ=1 Nov 9 05:24:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.95.93 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19238 PROTO=TCP SPT=54468 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40154 SEQ=1 Nov 9 05:24:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56057 PROTO=TCP SPT=45082 DPT=39714 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:24:29 server83 letsencrypt.live.cgi: time="2025-11-09T05:24:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=labolax WantedNames="[]" Nov 9 05:24:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.105.182 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=34639 DPT=5665 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7520 DF PROTO=TCP SPT=50877 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:24:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56843 PROTO=TCP SPT=44912 DPT=35366 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:24:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7521 DF PROTO=TCP SPT=50877 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:24:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33416 SEQ=1 Nov 9 05:24:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7522 DF PROTO=TCP SPT=50877 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:24:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3490 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12444 SEQ=1 Nov 9 05:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59189 SEQ=1 Nov 9 05:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50730 SEQ=1 Nov 9 05:24:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7523 DF PROTO=TCP SPT=50877 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50730 SEQ=1 Nov 9 05:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59185 SEQ=1 Nov 9 05:24:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.89.53 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57986 DPT=5665 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51218 DPT=5353 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59029 PROTO=TCP SPT=49139 DPT=4334 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:44 server83 letsencrypt.live.cgi: time="2025-11-09T05:24:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=wptechgi WantedNames="[]" error="Account is suspended" Nov 9 05:24:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52579 PROTO=TCP SPT=57067 DPT=7251 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7524 DF PROTO=TCP SPT=50877 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:24:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=57651 DF PROTO=TCP SPT=1751 DPT=444 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:24:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7081 PROTO=TCP SPT=41298 DPT=6000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:24:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61671 SEQ=1 Nov 9 05:24:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33765 SEQ=1 Nov 9 05:24:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61671 SEQ=1 Nov 9 05:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21240 SEQ=1 Nov 9 05:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39111 SEQ=1 Nov 9 05:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63264 SEQ=1 Nov 9 05:24:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:24:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.191 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42220 DPT=5353 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:24:52 server83 pam_imunify_daemon.bin: time="2025-11-09T05:24:52+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 05:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20133 SEQ=1 Nov 9 05:24:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3497 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:25:00 server83 letsencrypt.live.cgi: time="2025-11-09T05:25:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=unichukaexp WantedNames="[]" Nov 9 05:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:25:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:25:01 server83 systemd: Started Session 306956 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306957 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306960 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306959 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306962 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306961 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306964 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306963 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306966 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306958 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306965 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306968 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306969 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306967 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306970 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306971 of user root. Nov 9 05:25:01 server83 systemd: Started Session 306972 of user root. Nov 9 05:25:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.44 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=6471 PROTO=TCP SPT=26200 DPT=2049 WINDOW=45132 RES=0x00 SYN URGP=0 Nov 9 05:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3165 SEQ=1 Nov 9 05:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12069 SEQ=1 Nov 9 05:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3165 SEQ=1 Nov 9 05:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.230.145.243 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=235 ID=12767 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=11 Nov 9 05:25:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54220 SEQ=1 Nov 9 05:25:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:25:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41457 SEQ=1 Nov 9 05:25:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41457 SEQ=1 Nov 9 05:25:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50450 PROTO=TCP SPT=49956 DPT=27182 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:25:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7525 DF PROTO=TCP SPT=51897 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:25:15 server83 letsencrypt.live.cgi: time="2025-11-09T05:25:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=indiatime24 WantedNames="[]" Nov 9 05:25:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7526 DF PROTO=TCP SPT=51897 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:25:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7527 DF PROTO=TCP SPT=51897 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10965 SEQ=1 Nov 9 05:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42619 SEQ=1 Nov 9 05:25:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7528 DF PROTO=TCP SPT=51897 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:25:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.40.88 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=7572 DF PROTO=TCP SPT=39073 DPT=1485 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:25:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.116.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9466 Nov 9 05:25:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.116.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9666 Nov 9 05:25:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.116.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9791 Nov 9 05:25:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.116.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9891 Nov 9 05:25:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.116.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9991 Nov 9 05:25:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7529 DF PROTO=TCP SPT=51897 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58883 SEQ=1 Nov 9 05:25:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16736 PROTO=TCP SPT=44928 DPT=41284 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=167 Nov 9 05:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=267 Nov 9 05:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38083 SEQ=1 Nov 9 05:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19594 Nov 9 05:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19855 Nov 9 05:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19973 Nov 9 05:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20173 Nov 9 05:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20616 Nov 9 05:25:36 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 05:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62476 SEQ=1 Nov 9 05:25:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7249 PROTO=TCP SPT=58584 DPT=9933 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:25:41 server83 letsencrypt.live.cgi: time="2025-11-09T05:25:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=undin WantedNames="[]" Nov 9 05:25:41 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=29 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15412 Nov 9 05:25:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=19951 Nov 9 05:25:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3496 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:25:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9939 SEQ=1 Nov 9 05:25:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26203 SEQ=1 Nov 9 05:25:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:25:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=11681 Nov 9 05:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=16100 Nov 9 05:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1313 SEQ=1 Nov 9 05:25:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10872 PROTO=TCP SPT=43457 DPT=2716 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:25:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:25:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:25:55 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:25:57 server83 letsencrypt.live.cgi: time="2025-11-09T05:25:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=evergreentrustgr WantedNames="[]" error="Account is suspended" Nov 9 05:25:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.159.222 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=59203 DF PROTO=UDP SPT=19330 DPT=19330 LEN=16 Nov 9 05:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:26:01 server83 systemd: Started Session 306976 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306975 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306977 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306973 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306974 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306978 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306982 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306980 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306981 of user root. Nov 9 05:26:01 server83 systemd: Started Session 306979 of user root. Nov 9 05:26:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.193 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=13413 PROTO=TCP SPT=53904 DPT=44432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:26:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22794 SEQ=1 Nov 9 05:26:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48773 SEQ=1 Nov 9 05:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48773 SEQ=1 Nov 9 05:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32288 SEQ=1 Nov 9 05:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30187 SEQ=1 Nov 9 05:26:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.130 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=31346 PROTO=TCP SPT=53786 DPT=35534 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.136 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31384 PROTO=TCP SPT=39481 DPT=1513 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.198 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50094 DPT=18282 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3495 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3489 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:26:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=71.6.134.234 DST=51.210.113.204 LEN=52 TOS=0x08 PREC=0x20 TTL=45 ID=58010 PROTO=TCP SPT=33441 DPT=8554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:26:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.82.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36779 DPT=47990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:26:12 server83 letsencrypt.live.cgi: time="2025-11-09T05:26:12+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=leocargomoverspa WantedNames="[]" error="Account is suspended" Nov 9 05:26:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=106.75.134.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=59833 PROTO=TCP SPT=58914 DPT=1471 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:26:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:26:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.209.62 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=4830 DF PROTO=TCP SPT=40755 DPT=5043 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:26:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.127 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=43329 DPT=3478 LEN=28 Nov 9 05:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15204 SEQ=1 Nov 9 05:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7280 SEQ=1 Nov 9 05:26:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63555 SEQ=1 Nov 9 05:26:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56506 SEQ=1 Nov 9 05:26:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50139 SEQ=1 Nov 9 05:26:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12071 PROTO=TCP SPT=44628 DPT=20088 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15204 SEQ=1 Nov 9 05:26:27 server83 letsencrypt.live.cgi: time="2025-11-09T05:26:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sakshamhub WantedNames="[]" Nov 9 05:26:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.67.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35692 DPT=37777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:26:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:26:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51757 PROTO=TCP SPT=45082 DPT=42624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59542 SEQ=1 Nov 9 05:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20962 SEQ=1 Nov 9 05:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45855 SEQ=1 Nov 9 05:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59542 SEQ=1 Nov 9 05:26:43 server83 letsencrypt.live.cgi: time="2025-11-09T05:26:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ptkripas WantedNames="[]" Nov 9 05:26:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.3 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=6970 PROTO=TCP SPT=34731 DPT=20100 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64981 SEQ=1 Nov 9 05:26:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=60828 PROTO=TCP SPT=21459 DPT=16995 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:26:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24058 SEQ=1 Nov 9 05:26:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55749 DF PROTO=TCP SPT=47104 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:26:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:26:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:26:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55750 DF PROTO=TCP SPT=47104 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:26:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17258 SEQ=1 Nov 9 05:26:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=615 SEQ=1 Nov 9 05:26:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33870 SEQ=1 Nov 9 05:26:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55751 DF PROTO=TCP SPT=47104 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:26:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=161.97.171.113 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=31685 PROTO=TCP SPT=61000 DPT=5269 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:26:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55752 DF PROTO=TCP SPT=47104 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:26:59 server83 letsencrypt.live.cgi: time="2025-11-09T05:26:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=alaskajet WantedNames="[]" Nov 9 05:26:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3494 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:27:01 server83 systemd: Started Session 306983 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306984 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306985 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306986 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306988 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306987 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306989 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306990 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306991 of user root. Nov 9 05:27:01 server83 systemd: Started Session 306992 of user root. Nov 9 05:27:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.38 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49198 DPT=5950 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62554 SEQ=1 Nov 9 05:27:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48068 SEQ=1 Nov 9 05:27:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.229.109.1 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=14271 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=7702 Nov 9 05:27:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51370 SEQ=1 Nov 9 05:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15914 SEQ=1 Nov 9 05:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41650 SEQ=1 Nov 9 05:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14610 SEQ=1 Nov 9 05:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48240 SEQ=1 Nov 9 05:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41650 SEQ=1 Nov 9 05:27:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=44992 DF PROTO=TCP SPT=51424 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:27:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.167 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53764 DPT=9361 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:27:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=44993 DF PROTO=TCP SPT=51424 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:27:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13232 DF PROTO=TCP SPT=51442 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:27:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13233 DF PROTO=TCP SPT=51442 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:27:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.118 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=35808 DF PROTO=TCP SPT=51466 DPT=5269 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:27:14 server83 letsencrypt.live.cgi: time="2025-11-09T05:27:14+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=xxnewdelhicab WantedNames="[]" error="Account is suspended" Nov 9 05:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59504 SEQ=1 Nov 9 05:27:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15362 SEQ=1 Nov 9 05:27:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61878 SEQ=1 Nov 9 05:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61878 SEQ=1 Nov 9 05:27:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47353 SEQ=1 Nov 9 05:27:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19824 PROTO=TCP SPT=49956 DPT=29922 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:27:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.89 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=51608 DPT=21434 LEN=9 Nov 9 05:27:30 server83 letsencrypt.live.cgi: time="2025-11-09T05:27:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=olorimail WantedNames="[]" Nov 9 05:27:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53895 PROTO=TCP SPT=49956 DPT=27412 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16183 SEQ=1 Nov 9 05:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17835 SEQ=1 Nov 9 05:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.199.246.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=110 ID=18157 DF PROTO=ICMP TYPE=8 CODE=0 ID=51688 SEQ=27166 Nov 9 05:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=36546 DF PROTO=ICMP TYPE=8 CODE=0 ID=44831 SEQ=61361 Nov 9 05:27:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54939 SEQ=1 Nov 9 05:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.237.243.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=110 ID=65388 DF PROTO=ICMP TYPE=8 CODE=0 ID=21166 SEQ=64584 Nov 9 05:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50729 SEQ=1 Nov 9 05:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43796 SEQ=1 Nov 9 05:27:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.32 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=2240 PROTO=TCP SPT=28809 DPT=33037 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:27:44 server83 scripts.sh: Sun Nov 9 05:27:44 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 05:27:45 server83 letsencrypt.live.cgi: time="2025-11-09T05:27:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hairsalon WantedNames="[]" Nov 9 05:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:27:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.193 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=57035 DPT=131 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:27:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.90 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51024 DPT=45204 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:27:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17666 SEQ=1 Nov 9 05:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44974 SEQ=1 Nov 9 05:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36206 SEQ=1 Nov 9 05:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41775 SEQ=1 Nov 9 05:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59336 SEQ=1 Nov 9 05:27:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.114 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=38965 PROTO=TCP SPT=41449 DPT=42111 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17666 SEQ=1 Nov 9 05:27:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:28:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18421 SEQ=1 Nov 9 05:28:01 server83 letsencrypt.live.cgi: time="2025-11-09T05:28:01+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=thighti1 WantedNames="[]" error="Account is suspended" Nov 9 05:28:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40657 SEQ=1 Nov 9 05:28:01 server83 systemd: Started Session 306993 of user root. Nov 9 05:28:01 server83 systemd: Started Session 306994 of user root. Nov 9 05:28:01 server83 systemd: Started Session 306995 of user root. Nov 9 05:28:01 server83 systemd: Started Session 306996 of user root. Nov 9 05:28:01 server83 systemd: Started Session 306997 of user root. Nov 9 05:28:01 server83 systemd: Started Session 307000 of user root. Nov 9 05:28:01 server83 systemd: Started Session 306999 of user root. Nov 9 05:28:01 server83 systemd: Started Session 306998 of user root. Nov 9 05:28:01 server83 systemd: Started Session 307001 of user root. Nov 9 05:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 05:28:01 server83 systemd: Started Session 307002 of user metalarts. Nov 9 05:28:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 05:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.230.88.195 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=235 ID=11264 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=11 Nov 9 05:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.228.50.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=15562 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=7702 Nov 9 05:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60652 SEQ=1 Nov 9 05:28:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.197 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57224 DPT=47838 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.93.1.80 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=110 ID=22204 DF PROTO=ICMP TYPE=8 CODE=0 ID=893 SEQ=6472 Nov 9 05:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63404 SEQ=1 Nov 9 05:28:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44114 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:28:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=9721 PROTO=TCP SPT=61234 DPT=5957 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:16 server83 letsencrypt.live.cgi: time="2025-11-09T05:28:16+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=wonderfulbhandar WantedNames="[]" error="Account is suspended" Nov 9 05:28:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35227 SEQ=1 Nov 9 05:28:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42824 SEQ=1 Nov 9 05:28:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=33795 PROTO=TCP SPT=44928 DPT=46039 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:28:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33414 SEQ=1 Nov 9 05:28:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22016 SEQ=1 Nov 9 05:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 05:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 05:28:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56749 PROTO=TCP SPT=56698 DPT=8224 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:31 server83 letsencrypt.live.cgi: time="2025-11-09T05:28:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aaspvtiti WantedNames="[]" Nov 9 05:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25099 PROTO=TCP SPT=49956 DPT=25428 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22355 SEQ=1 Nov 9 05:28:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45022 SEQ=1 Nov 9 05:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22355 SEQ=1 Nov 9 05:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1406 SEQ=1 Nov 9 05:28:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.82 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=52930 PROTO=TCP SPT=56866 DPT=4567 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63562 SEQ=1 Nov 9 05:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13833 SEQ=1 Nov 9 05:28:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.71 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=45934 DF PROTO=TCP SPT=20569 DPT=5431 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:28:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26700 PROTO=TCP SPT=61234 DPT=5912 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19700 SEQ=1 Nov 9 05:28:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38246 SEQ=1 Nov 9 05:28:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38246 SEQ=1 Nov 9 05:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55801 SEQ=1 Nov 9 05:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5235 SEQ=1 Nov 9 05:28:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.18.113 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=40424 DPT=131 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22058 SEQ=1 Nov 9 05:28:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.173.211 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5369 DF PROTO=TCP SPT=48348 DPT=30095 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:28:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20605 PROTO=TCP SPT=46331 DPT=1080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53333 PROTO=TCP SPT=46331 DPT=4145 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:57 server83 letsencrypt.live.cgi: time="2025-11-09T05:28:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jpsmvorg WantedNames="[]" Nov 9 05:28:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56848 PROTO=TCP SPT=46331 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4430] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4435] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4435] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4439] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4449] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4452] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:28:59 server83 NetworkManager[922]: <info> [1762646339.4465] dhcp4 (eth1): dhclient started with pid 28201 Nov 9 05:28:59 server83 dhclient[28201]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x16d01dfb) Nov 9 05:28:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8325 PROTO=TCP SPT=46331 DPT=1111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:28:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42171 PROTO=TCP SPT=46331 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:01 server83 systemd: Started Session 307004 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307003 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307007 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307006 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307010 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307008 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307009 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307005 of user root. Nov 9 05:29:01 server83 systemd: Started Session 307011 of user root. Nov 9 05:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21007 SEQ=1 Nov 9 05:29:02 server83 dhclient[28201]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x16d01dfb) Nov 9 05:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18132 SEQ=1 Nov 9 05:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16146 SEQ=1 Nov 9 05:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18132 SEQ=1 Nov 9 05:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29413 SEQ=1 Nov 9 05:29:03 server83 pam_imunify_daemon.bin: time="2025-11-09T05:29:03+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 05:29:05 server83 dhclient[28201]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x16d01dfb) Nov 9 05:29:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33406 PROTO=TCP SPT=49956 DPT=29424 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57780 PROTO=TCP SPT=46331 DPT=8989 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:09 server83 dhclient[28201]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x16d01dfb) Nov 9 05:29:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=48175 PROTO=TCP SPT=56749 DPT=8318 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:29:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13849 SEQ=1 Nov 9 05:29:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20407 PROTO=TCP SPT=46331 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62983 SEQ=1 Nov 9 05:29:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7530 DF PROTO=TCP SPT=55651 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:29:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7531 DF PROTO=TCP SPT=55651 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:29:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7532 DF PROTO=TCP SPT=55651 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:29:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47005 PROTO=TCP SPT=46331 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:20 server83 dhclient[28201]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x16d01dfb) Nov 9 05:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62983 SEQ=1 Nov 9 05:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26549 SEQ=1 Nov 9 05:29:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53706 PROTO=TCP SPT=46331 DPT=8082 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32789 SEQ=1 Nov 9 05:29:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7533 DF PROTO=TCP SPT=55651 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:29:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3487 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26549 SEQ=1 Nov 9 05:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32789 SEQ=1 Nov 9 05:29:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52966 PROTO=TCP SPT=46331 DPT=5678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.114 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1670 DF PROTO=TCP SPT=60000 DPT=1920 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:29:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.114 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63682 DF PROTO=TCP SPT=60018 DPT=1920 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10486 PROTO=TCP SPT=46331 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.114 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63683 DF PROTO=TCP SPT=60018 DPT=1920 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:29:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:29:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7534 DF PROTO=TCP SPT=55651 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:29:32 server83 letsencrypt.live.cgi: time="2025-11-09T05:29:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sentinelguardsol WantedNames="[]" Nov 9 05:29:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58296 SEQ=1 Nov 9 05:29:33 server83 dhclient[28201]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x16d01dfb) Nov 9 05:29:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=11224 PROTO=TCP SPT=47254 DPT=44163 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:29:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=25745 PROTO=TCP SPT=56256 DPT=8002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=44243 PROTO=TCP SPT=46331 DPT=4153 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.81.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38787 DPT=44021 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11968 SEQ=1 Nov 9 05:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18063 SEQ=1 Nov 9 05:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34690 SEQ=1 Nov 9 05:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25835 SEQ=1 Nov 9 05:29:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47733 PROTO=TCP SPT=46331 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14718 SEQ=1 Nov 9 05:29:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6203 PROTO=TCP SPT=61000 DPT=29129 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:44 server83 NetworkManager[922]: <warn> [1762646384.4463] dhcp4 (eth1): request timed out Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4463] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4622] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28201 Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4623] dhcp4 (eth1): state changed timeout -> done Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4625] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:29:44 server83 NetworkManager[922]: <warn> [1762646384.4630] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4632] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4665] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4669] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4670] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4674] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4685] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4687] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:29:44 server83 NetworkManager[922]: <info> [1762646384.4700] dhcp4 (eth1): dhclient started with pid 29156 Nov 9 05:29:44 server83 dhclient[29156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x10e38c01) Nov 9 05:29:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:29:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33711 PROTO=TCP SPT=45082 DPT=20411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:29:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45516 SEQ=1 Nov 9 05:29:48 server83 letsencrypt.live.cgi: time="2025-11-09T05:29:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jabalpur WantedNames="[]" Nov 9 05:29:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15212 SEQ=1 Nov 9 05:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31896 SEQ=1 Nov 9 05:29:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41094 PROTO=TCP SPT=58664 DPT=7935 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38189 SEQ=1 Nov 9 05:29:51 server83 dhclient[29156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x10e38c01) Nov 9 05:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18564 SEQ=1 Nov 9 05:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56976 SEQ=1 Nov 9 05:29:52 server83 systemd: Started Session c2835 of user root. Nov 9 05:29:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59271 PROTO=TCP SPT=40801 DPT=9451 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:29:52 server83 scripts.sh: Load Average: 2.16 , 1.90 Nov 9 05:29:52 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:29:52 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:29:52 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:29:52 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:29:52 server83 scripts.sh: MySQL Status: active Nov 9 05:29:52 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:29:52 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:29:52 server83 scripts.sh: SSHD Status: active Nov 9 05:29:52 server83 scripts.sh: FTP Status: active Nov 9 05:29:52 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:29:52 server83 scripts.sh: Imunify Status: Active Nov 9 05:29:52 server83 scripts.sh: cPanel Status: active Nov 9 05:29:52 server83 scripts.sh: Memory Status: 12/31 GB - 39.69% Nov 9 05:29:52 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:29:52 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:29:52 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:30:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:30:01 server83 systemd: Started Session 307014 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307013 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307016 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307015 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307017 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307019 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307012 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307020 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307018 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307021 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307022 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307023 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307024 of user root. Nov 9 05:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 05:30:01 server83 systemd: Started Session 307025 of user sanatanhinduvahi. Nov 9 05:30:01 server83 systemd: Started Session 307026 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307027 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307028 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307029 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307030 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307032 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307031 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307033 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307034 of user root. Nov 9 05:30:01 server83 systemd: Started Session 307035 of user root. Nov 9 05:30:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.11.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=5706 DF PROTO=TCP SPT=41738 DPT=32784 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 05:30:03 server83 dhclient[29156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x10e38c01) Nov 9 05:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59270 SEQ=1 Nov 9 05:30:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63821 SEQ=1 Nov 9 05:30:04 server83 letsencrypt.live.cgi: time="2025-11-09T05:30:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sourcesfirm WantedNames="[]" Nov 9 05:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15560 SEQ=1 Nov 9 05:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35338 SEQ=1 Nov 9 05:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49661 SEQ=1 Nov 9 05:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59270 SEQ=1 Nov 9 05:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61103 SEQ=1 Nov 9 05:30:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8540 SEQ=1 Nov 9 05:30:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3486 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:30:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44469 PROTO=TCP SPT=41497 DPT=4673 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:30:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.10.187 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=7568 DF PROTO=TCP SPT=39374 DPT=1158 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:30:17 server83 dhclient[29156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x10e38c01) Nov 9 05:30:20 server83 letsencrypt.live.cgi: time="2025-11-09T05:30:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ebnexpress WantedNames="[]" Nov 9 05:30:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.128.69.194 DST=145.239.177.179 LEN=48 TOS=0x08 PREC=0x60 TTL=237 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=61564 SEQ=59918 Nov 9 05:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52553 SEQ=1 Nov 9 05:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14176 SEQ=1 Nov 9 05:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54666 SEQ=1 Nov 9 05:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38091 SEQ=1 Nov 9 05:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38091 SEQ=1 Nov 9 05:30:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.62.58.119 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9466 Nov 9 05:30:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15887 PROTO=TCP SPT=43448 DPT=2520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:30:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:30:29 server83 NetworkManager[922]: <warn> [1762646429.4503] dhcp4 (eth1): request timed out Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29156 Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:30:29 server83 NetworkManager[922]: <warn> [1762646429.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4710] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4714] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4715] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4718] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4729] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4732] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:30:29 server83 NetworkManager[922]: <info> [1762646429.4747] dhcp4 (eth1): dhclient started with pid 627 Nov 9 05:30:29 server83 dhclient[627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x21b22984) Nov 9 05:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=267 Nov 9 05:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43921 SEQ=1 Nov 9 05:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=485 Nov 9 05:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=909 Nov 9 05:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=1327 Nov 9 05:30:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3485 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.62.87.208 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=16483 Nov 9 05:30:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.225.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43300 DPT=4222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19855 Nov 9 05:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19973 Nov 9 05:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20173 Nov 9 05:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20616 Nov 9 05:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20716 Nov 9 05:30:35 server83 letsencrypt.live.cgi: time="2025-11-09T05:30:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ikopensea WantedNames="[]" Nov 9 05:30:37 server83 dhclient[627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x21b22984) Nov 9 05:30:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9071 SEQ=1 Nov 9 05:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56603 SEQ=1 Nov 9 05:30:41 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.55.26 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=29 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15412 Nov 9 05:30:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:30:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58916 PROTO=TCP SPT=45082 DPT=7547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=208 SEQ=1 Nov 9 05:30:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.237 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49155 DPT=8099 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26884 SEQ=1 Nov 9 05:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=12825 Nov 9 05:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=13025 Nov 9 05:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=13174 Nov 9 05:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=13405 Nov 9 05:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=13591 Nov 9 05:30:51 server83 letsencrypt.live.cgi: time="2025-11-09T05:30:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shbservice WantedNames="[]" Nov 9 05:30:51 server83 dhclient[627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x21b22984) Nov 9 05:30:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:30:52 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:30:53 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:30:53 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:30:53 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:30:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3493 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:30:58 server83 dhclient[627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x21b22984) Nov 9 05:31:01 server83 systemd: Started Session 307036 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307037 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307040 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307038 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307039 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307041 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307044 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307043 of user root. Nov 9 05:31:01 server83 systemd: Started Session 307042 of user root. Nov 9 05:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.230.75.180 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=235 ID=65236 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=11 Nov 9 05:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16777 SEQ=1 Nov 9 05:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33066 SEQ=1 Nov 9 05:31:06 server83 letsencrypt.live.cgi: time="2025-11-09T05:31:06+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=greenfield WantedNames="[]" error="Account is suspended" Nov 9 05:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23227 SEQ=1 Nov 9 05:31:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33066 SEQ=1 Nov 9 05:31:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:31:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26809 SEQ=1 Nov 9 05:31:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.173.204 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7142 DF PROTO=TCP SPT=45199 DPT=9627 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:31:11 server83 dhclient[627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x21b22984) Nov 9 05:31:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.210.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52558 DPT=4222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50260 PROTO=TCP SPT=41845 DPT=4179 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:31:14 server83 NetworkManager[922]: <warn> [1762646474.4500] dhcp4 (eth1): request timed out Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4500] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4660] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 627 Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4660] dhcp4 (eth1): state changed timeout -> done Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4662] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:31:14 server83 NetworkManager[922]: <warn> [1762646474.4668] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4703] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4707] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4708] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4712] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4723] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4726] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:31:14 server83 NetworkManager[922]: <info> [1762646474.4737] dhcp4 (eth1): dhclient started with pid 6465 Nov 9 05:31:14 server83 dhclient[6465]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0xb95a91a) Nov 9 05:31:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58508 SEQ=1 Nov 9 05:31:22 server83 letsencrypt.live.cgi: time="2025-11-09T05:31:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mvpvtiti WantedNames="[]" Nov 9 05:31:22 server83 dhclient[6465]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0xb95a91a) Nov 9 05:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14878 SEQ=1 Nov 9 05:31:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58508 SEQ=1 Nov 9 05:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24498 SEQ=1 Nov 9 05:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38071 SEQ=1 Nov 9 05:31:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.242 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55690 DPT=10088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5198 SEQ=1 Nov 9 05:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11581 SEQ=1 Nov 9 05:31:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=5572 PROTO=TCP SPT=47238 DPT=44426 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:31:35 server83 dhclient[6465]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0xb95a91a) Nov 9 05:31:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32068 SEQ=1 Nov 9 05:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6470 SEQ=1 Nov 9 05:31:37 server83 letsencrypt.live.cgi: time="2025-11-09T05:31:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jazzyson WantedNames="[]" Nov 9 05:31:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=6100 PROTO=TCP SPT=44628 DPT=39594 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32068 SEQ=1 Nov 9 05:31:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7535 DF PROTO=TCP SPT=59049 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:31:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.86 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53945 DPT=9800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7536 DF PROTO=TCP SPT=59049 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:31:44 server83 dhclient[6465]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0xb95a91a) Nov 9 05:31:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7537 DF PROTO=TCP SPT=59049 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:31:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55338 PROTO=TCP SPT=60760 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62805 PROTO=TCP SPT=35821 DPT=8534 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7538 DF PROTO=TCP SPT=59049 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:31:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=41059 PROTO=TCP SPT=52138 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22568 SEQ=1 Nov 9 05:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34017 SEQ=1 Nov 9 05:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34017 SEQ=1 Nov 9 05:31:53 server83 letsencrypt.live.cgi: time="2025-11-09T05:31:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=federalrepublicy WantedNames="[]" Nov 9 05:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44431 SEQ=1 Nov 9 05:31:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35268 PROTO=TCP SPT=39797 DPT=7280 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:31:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14151 PROTO=TCP SPT=56185 DPT=7900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:31:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7539 DF PROTO=TCP SPT=59049 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:31:58 server83 dhclient[6465]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0xb95a91a) Nov 9 05:31:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44643 PROTO=TCP SPT=49956 DPT=28174 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:31:59 server83 NetworkManager[922]: <warn> [1762646519.4379] dhcp4 (eth1): request timed out Nov 9 05:31:59 server83 NetworkManager[922]: <info> [1762646519.4380] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:31:59 server83 NetworkManager[922]: <info> [1762646519.4458] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6465 Nov 9 05:31:59 server83 NetworkManager[922]: <info> [1762646519.4459] dhcp4 (eth1): state changed timeout -> done Nov 9 05:31:59 server83 NetworkManager[922]: <info> [1762646519.4461] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:31:59 server83 NetworkManager[922]: <warn> [1762646519.4468] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:31:59 server83 NetworkManager[922]: <info> [1762646519.4470] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:31:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55749 PROTO=TCP SPT=57564 DPT=4374 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.127.116 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=34758 DPT=4200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22979 SEQ=1 Nov 9 05:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:32:01 server83 systemd: Started Session 307045 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307046 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307047 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307049 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307050 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307051 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307052 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307053 of user root. Nov 9 05:32:01 server83 systemd: Started Session 307048 of user root. Nov 9 05:32:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7525 PROTO=TCP SPT=60602 DPT=7508 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24649 SEQ=1 Nov 9 05:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52778 SEQ=1 Nov 9 05:32:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=49808 PROTO=TCP SPT=58633 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24649 SEQ=1 Nov 9 05:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4153 SEQ=1 Nov 9 05:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13534 SEQ=1 Nov 9 05:32:08 server83 letsencrypt.live.cgi: time="2025-11-09T05:32:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aaaaaaaa WantedNames="[]" Nov 9 05:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.125.234.223 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=27034 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=4354 Nov 9 05:32:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:32:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.72.203 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1081 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:32:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=210.56.24.212 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=28273 PROTO=TCP SPT=45842 DPT=8181 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:32:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10500 SEQ=1 Nov 9 05:32:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46165 PROTO=TCP SPT=37189 DPT=44197 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1858 SEQ=1 Nov 9 05:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22642 SEQ=1 Nov 9 05:32:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.67.18.11 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=41208 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=7702 Nov 9 05:32:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=983 SEQ=1 Nov 9 05:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11616 SEQ=1 Nov 9 05:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=681 SEQ=1 Nov 9 05:32:24 server83 letsencrypt.live.cgi: time="2025-11-09T05:32:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=websofttechnolog WantedNames="[]" Nov 9 05:32:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:32:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:32:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=56876 PROTO=TCP SPT=53762 DPT=10001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:32:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30187 SEQ=1 Nov 9 05:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18242 SEQ=1 Nov 9 05:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53570 SEQ=1 Nov 9 05:32:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32489 PROTO=TCP SPT=53160 DPT=41001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.108 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=44902 DF PROTO=TCP SPT=49694 DPT=33060 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:32:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.108 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=44903 DF PROTO=TCP SPT=49694 DPT=33060 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:32:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.108 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3975 DF PROTO=TCP SPT=48292 DPT=33060 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44889 PROTO=TCP SPT=44172 DPT=6689 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7540 DF PROTO=TCP SPT=60374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.108 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3976 DF PROTO=TCP SPT=48292 DPT=33060 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:32:40 server83 letsencrypt.live.cgi: time="2025-11-09T05:32:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jasonmemorialhos WantedNames="[]" Nov 9 05:32:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.33 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=40645 DF PROTO=TCP SPT=52270 DPT=30010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:32:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3492 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:32:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:32:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7543 DF PROTO=TCP SPT=60374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:32:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:32:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.108 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=56984 DF PROTO=TCP SPT=34464 DPT=33060 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:32:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.230 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=17942 PROTO=TCP SPT=37280 DPT=45874 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24220 SEQ=1 Nov 9 05:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35690 SEQ=1 Nov 9 05:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21431 SEQ=1 Nov 9 05:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35690 SEQ=1 Nov 9 05:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29734 SEQ=1 Nov 9 05:32:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5475 SEQ=1 Nov 9 05:32:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7544 DF PROTO=TCP SPT=60374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7545 DF PROTO=TCP SPT=60855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:32:55 server83 letsencrypt.live.cgi: time="2025-11-09T05:32:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=maliksportindia WantedNames="[]" Nov 9 05:32:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7546 DF PROTO=TCP SPT=60855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:32:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.165.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57226 DPT=15021 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:33:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=21208 PROTO=TCP SPT=61234 DPT=5985 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:33:00 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 05:33:00 server83 systemd: Stopped Status Update Service. Nov 9 05:33:00 server83 systemd: Started Status Update Service. Nov 9 05:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:33:01 server83 systemd: Started Session 307054 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307056 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307057 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307055 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307058 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307059 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307060 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307061 of user root. Nov 9 05:33:01 server83 systemd: Started Session 307062 of user root. Nov 9 05:33:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7548 DF PROTO=TCP SPT=60855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:33:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40574 SEQ=1 Nov 9 05:33:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=92 SEQ=1 Nov 9 05:33:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36550 SEQ=1 Nov 9 05:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55084 SEQ=1 Nov 9 05:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56147 SEQ=1 Nov 9 05:33:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39361 PROTO=TCP SPT=49956 DPT=27180 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50141 SEQ=1 Nov 9 05:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.232.146.106 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=19337 DF PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=4354 Nov 9 05:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40574 SEQ=1 Nov 9 05:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7549 DF PROTO=TCP SPT=60855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:33:11 server83 pam_imunify_daemon.bin: time="2025-11-09T05:33:11+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 05:33:11 server83 letsencrypt.live.cgi: time="2025-11-09T05:33:11+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=wellcarecorrupac WantedNames="[]" error="Account is suspended" Nov 9 05:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23974 SEQ=1 Nov 9 05:33:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23974 SEQ=1 Nov 9 05:33:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9475 SEQ=1 Nov 9 05:33:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23356 SEQ=1 Nov 9 05:33:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.143.152.247 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33799 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:33:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.66.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=26405 PROTO=TCP SPT=46339 DPT=5432 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:33:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48986 PROTO=TCP SPT=45727 DPT=33599 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32808 SEQ=1 Nov 9 05:33:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20028 SEQ=1 Nov 9 05:33:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47941 PROTO=TCP SPT=45082 DPT=951 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:33:26 server83 letsencrypt.live.cgi: time="2025-11-09T05:33:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=flipstockminers WantedNames="[]" Nov 9 05:33:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.138 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=65082 PROTO=TCP SPT=33772 DPT=23925 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16551 SEQ=1 Nov 9 05:33:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.89.125.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=35244 PROTO=TCP SPT=42159 DPT=7001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:33:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19887 PROTO=TCP SPT=48202 DPT=7012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:33:42 server83 letsencrypt.live.cgi: time="2025-11-09T05:33:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=savitrinathan WantedNames="[]" Nov 9 05:33:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=4166 PROTO=TCP SPT=56033 DPT=7706 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:33:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:33:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15138 SEQ=1 Nov 9 05:33:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60769 SEQ=1 Nov 9 05:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41324 SEQ=1 Nov 9 05:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60769 SEQ=1 Nov 9 05:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24199 SEQ=1 Nov 9 05:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23806 SEQ=1 Nov 9 05:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41324 SEQ=1 Nov 9 05:33:58 server83 letsencrypt.live.cgi: time="2025-11-09T05:33:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aibonl WantedNames="[]" Nov 9 05:34:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:34:01 server83 systemd: Started Session 307064 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307065 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307063 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307066 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307067 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307068 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307070 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307069 of user root. Nov 9 05:34:01 server83 systemd: Started Session 307071 of user root. Nov 9 05:34:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29724 SEQ=1 Nov 9 05:34:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:34:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.67.18.11 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=49892 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=7702 Nov 9 05:34:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49276 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49257 DPT=46593 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5519 SEQ=1 Nov 9 05:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57330 SEQ=1 Nov 9 05:34:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47500 PROTO=TCP SPT=61234 DPT=5929 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35500 SEQ=1 Nov 9 05:34:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10115 SEQ=1 Nov 9 05:34:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39367 SEQ=1 Nov 9 05:34:13 server83 letsencrypt.live.cgi: time="2025-11-09T05:34:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=brilhost WantedNames="[]" Nov 9 05:34:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.121.84.30 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28091 PROTO=TCP SPT=47994 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:34:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.13 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=47465 DF PROTO=TCP SPT=3287 DPT=10242 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:34:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5964 PROTO=TCP SPT=61234 DPT=5925 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:34:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25133 SEQ=1 Nov 9 05:34:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58998 SEQ=1 Nov 9 05:34:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61812 SEQ=1 Nov 9 05:34:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21870 SEQ=1 Nov 9 05:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36292 SEQ=1 Nov 9 05:34:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53578 DPT=8991 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.101 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50823 DPT=9182 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:28 server83 letsencrypt.live.cgi: time="2025-11-09T05:34:28+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bitjetfxtrade WantedNames="[]" error="Account is suspended" Nov 9 05:34:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:34:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21104 SEQ=1 Nov 9 05:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24510 SEQ=1 Nov 9 05:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55345 SEQ=1 Nov 9 05:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24423 SEQ=1 Nov 9 05:34:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29901 PROTO=TCP SPT=57143 DPT=8619 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3823 SEQ=1 Nov 9 05:34:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:34:36 server83 imunify-auditd-log-reader[9638]: lost 18 message sequences Nov 9 05:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55345 SEQ=1 Nov 9 05:34:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11199 PROTO=TCP SPT=48161 DPT=4876 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.63 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=109 ID=8958 DF PROTO=ICMP TYPE=8 CODE=0 ID=44305 SEQ=58454 Nov 9 05:34:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=100.29.192.119 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=46536 DPT=9191 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=142.93.157.82 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33939 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:44 server83 letsencrypt.live.cgi: time="2025-11-09T05:34:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bkuse WantedNames="[]" error="Account is suspended" Nov 9 05:34:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.177.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57691 DPT=10398 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:34:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:34:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:34:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19100 SEQ=1 Nov 9 05:34:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42993 PROTO=TCP SPT=49944 DPT=9090 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52848 SEQ=1 Nov 9 05:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19100 SEQ=1 Nov 9 05:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.128.163.133 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=41 ID=56929 DF PROTO=ICMP TYPE=8 CODE=0 ID=50724 SEQ=14464 Nov 9 05:34:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52073 SEQ=1 Nov 9 05:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24252 SEQ=1 Nov 9 05:34:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:34:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63522 PROTO=TCP SPT=45082 DPT=26486 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:34:59 server83 letsencrypt.live.cgi: time="2025-11-09T05:34:59+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=moveexpertco WantedNames="[]" error="Account is suspended" Nov 9 05:35:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62082 PROTO=TCP SPT=54739 DPT=2781 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:35:01 server83 systemd: Started Session 307073 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307074 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307072 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307076 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307077 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307078 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307075 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307080 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307082 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307083 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307079 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307081 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307084 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307085 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307086 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307088 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307090 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307089 of user root. Nov 9 05:35:01 server83 systemd: Started Session 307087 of user root. Nov 9 05:35:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=140.206.235.16 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=37 ID=52694 DF PROTO=ICMP TYPE=8 CODE=0 ID=36264 SEQ=42523 Nov 9 05:35:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56397 SEQ=1 Nov 9 05:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21429 SEQ=1 Nov 9 05:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.230.75.180 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=235 ID=10962 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=11 Nov 9 05:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62233 SEQ=1 Nov 9 05:35:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57710 PROTO=TCP SPT=39486 DPT=4523 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=61122 PROTO=TCP SPT=61234 DPT=5909 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.156.152.139 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28969 PROTO=TCP SPT=50748 DPT=11374 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5183 SEQ=1 Nov 9 05:35:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.81.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42758 DPT=10398 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50536 SEQ=1 Nov 9 05:35:07 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 05:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60857 PROTO=TCP SPT=41356 DPT=21000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28704 SEQ=1 Nov 9 05:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=39574 DF PROTO=ICMP TYPE=8 CODE=0 ID=9816 SEQ=22292 Nov 9 05:35:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40558 PROTO=TCP SPT=46370 DPT=1535 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3491 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:14 server83 letsencrypt.live.cgi: time="2025-11-09T05:35:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jnmahavi WantedNames="[]" Nov 9 05:35:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57627 SEQ=1 Nov 9 05:35:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.138.20.120 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=41213 DF PROTO=ICMP TYPE=8 CODE=0 ID=9468 SEQ=41105 Nov 9 05:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31333 SEQ=1 Nov 9 05:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65532 SEQ=1 Nov 9 05:35:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.157 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51038 DPT=12088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64489 PROTO=TCP SPT=61234 DPT=5942 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3483 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.133.87 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19315 DPT=19315 LEN=16 Nov 9 05:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=798 SEQ=1 Nov 9 05:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31779 SEQ=1 Nov 9 05:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31333 SEQ=1 Nov 9 05:35:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=11889 PROTO=TCP SPT=34992 DPT=787 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:35:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7605 SEQ=1 Nov 9 05:35:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39749 SEQ=1 Nov 9 05:35:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.67.237 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=57216 DF PROTO=TCP SPT=58240 DPT=8505 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 05:35:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.55.26 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=10978 Nov 9 05:35:30 server83 letsencrypt.live.cgi: time="2025-11-09T05:35:30+05:30" level=error msg="Failed to process AutoSSL" Username=shrikalloshaktid error="Experienced fatal pre-flight error for shrikalloshaktid: User is over quota: shrikalloshaktid (<nil>)" Nov 9 05:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.62.226.99 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=5708 Nov 9 05:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.62.226.99 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=5833 Nov 9 05:35:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8553 SEQ=1 Nov 9 05:35:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59891 DPT=18000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19019 Nov 9 05:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19119 Nov 9 05:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19419 Nov 9 05:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19594 Nov 9 05:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19855 Nov 9 05:35:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16725 SEQ=1 Nov 9 05:35:39 server83 aibolit_wrapper[7373]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626467397950128.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626467397951398.txt --log=/tmp/malware_cleaner_log_17626467397952470.txt --progress=/tmp/malware_cleaner_progress_17626467397952156.json --csv_result=/tmp/revisium_csvfile_17626467397952288.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:35:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.151 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56565 DPT=9672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.228.17.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15555 Nov 9 05:35:43 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.228.17.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15680 Nov 9 05:35:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.193 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=17326 PROTO=TCP SPT=53904 DPT=14439 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5311 SEQ=1 Nov 9 05:35:45 server83 letsencrypt.live.cgi: time="2025-11-09T05:35:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mybusinessjobs WantedNames="[]" Nov 9 05:35:47 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.248 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=34 ID=54152 PROTO=UDP SPT=64702 DPT=28553 LEN=9 Nov 9 05:35:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52313 SEQ=1 Nov 9 05:35:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3490 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:35:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38947 SEQ=1 Nov 9 05:35:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25190 PROTO=TCP SPT=37889 DPT=4780 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23453 SEQ=1 Nov 9 05:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5266 SEQ=1 Nov 9 05:35:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40202 PROTO=TCP SPT=48605 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:35:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40203 PROTO=TCP SPT=48605 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4744 SEQ=1 Nov 9 05:35:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12189 PROTO=TCP SPT=49499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:35:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40204 PROTO=TCP SPT=48605 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:35:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.155 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54892 DPT=9857 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:35:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12190 PROTO=TCP SPT=49499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:35:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12191 PROTO=TCP SPT=49499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:35:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:35:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12193 PROTO=TCP SPT=49499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:36:01 server83 systemd: Started Session 307093 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307092 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307091 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307097 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307096 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307095 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307098 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307094 of user root. Nov 9 05:36:01 server83 systemd: Started Session 307099 of user root. Nov 9 05:36:01 server83 letsencrypt.live.cgi: time="2025-11-09T05:36:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jetexpress WantedNames="[]" Nov 9 05:36:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50779 PROTO=TCP SPT=61234 DPT=5949 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9971 SEQ=1 Nov 9 05:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50552 SEQ=1 Nov 9 05:36:02 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:36:02 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:36:02 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50552 SEQ=1 Nov 9 05:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9971 SEQ=1 Nov 9 05:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15773 SEQ=1 Nov 9 05:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62609 SEQ=1 Nov 9 05:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56800 SEQ=1 Nov 9 05:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51060 SEQ=1 Nov 9 05:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27024 SEQ=1 Nov 9 05:36:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=29084 PROTO=TCP SPT=50780 DPT=2001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:36:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24423 PROTO=TCP SPT=48546 DPT=9215 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:13 server83 pam_imunify_daemon.bin: time="2025-11-09T05:36:13+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 05:36:16 server83 letsencrypt.live.cgi: time="2025-11-09T05:36:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=citizenbtc WantedNames="[]" Nov 9 05:36:17 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:36:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11116 PROTO=TCP SPT=45495 DPT=4817 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29644 SEQ=1 Nov 9 05:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=65180 PROTO=TCP SPT=52849 DPT=5143 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33528 SEQ=1 Nov 9 05:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29634 SEQ=1 Nov 9 05:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29634 SEQ=1 Nov 9 05:36:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56518 PROTO=TCP SPT=43719 DPT=6298 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=17182 PROTO=TCP SPT=41574 DPT=3221 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:36:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52376 PROTO=TCP SPT=34359 DPT=8229 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63139 SEQ=1 Nov 9 05:36:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:36:30 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:36:32 server83 letsencrypt.live.cgi: time="2025-11-09T05:36:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=globalfinanciali WantedNames="[]" Nov 9 05:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7553 SEQ=1 Nov 9 05:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54354 SEQ=1 Nov 9 05:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41305 SEQ=1 Nov 9 05:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13716 SEQ=1 Nov 9 05:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=14605 PROTO=TCP SPT=61234 DPT=5973 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42938 SEQ=1 Nov 9 05:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42938 SEQ=1 Nov 9 05:36:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62251 SEQ=1 Nov 9 05:36:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33010 PROTO=TCP SPT=48538 DPT=4452 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:48 server83 letsencrypt.live.cgi: time="2025-11-09T05:36:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=chemfilindia WantedNames="[]" Nov 9 05:36:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.127 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=33029 DPT=10099 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35360 SEQ=1 Nov 9 05:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18875 SEQ=1 Nov 9 05:36:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.154.175 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=9228 PROTO=TCP SPT=51030 DPT=70 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47131 SEQ=1 Nov 9 05:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25334 SEQ=1 Nov 9 05:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18875 SEQ=1 Nov 9 05:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29430 SEQ=1 Nov 9 05:36:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.183 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54811 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.4962] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.4967] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.4969] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.4974] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.4985] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.4988] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:36:59 server83 NetworkManager[922]: <info> [1762646819.5004] dhcp4 (eth1): dhclient started with pid 17038 Nov 9 05:36:59 server83 dhclient[17038]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x4cd92e03) Nov 9 05:36:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.216 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56600 DPT=48897 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:37:01 server83 systemd: Started Session 307102 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307101 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307103 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307100 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307105 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307106 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307104 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307107 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307109 of user root. Nov 9 05:37:01 server83 systemd: Started Session 307108 of user root. Nov 9 05:37:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23250 SEQ=1 Nov 9 05:37:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47218 SEQ=1 Nov 9 05:37:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30777 SEQ=1 Nov 9 05:37:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15337 SEQ=1 Nov 9 05:37:03 server83 letsencrypt.live.cgi: time="2025-11-09T05:37:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=edgepointdeliver WantedNames="[]" Nov 9 05:37:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.230.75.180 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=236 ID=30346 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=11 Nov 9 05:37:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.92 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=52468 DPT=30010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55022 DPT=5456 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37591 DF PROTO=TCP SPT=56274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:07 server83 dhclient[17038]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x4cd92e03) Nov 9 05:37:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37592 DF PROTO=TCP SPT=56274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23599 SEQ=1 Nov 9 05:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.238 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=110 PROTO=TCP SPT=57512 DPT=11319 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23250 SEQ=1 Nov 9 05:37:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37593 DF PROTO=TCP SPT=56274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.228.50.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=24970 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=7702 Nov 9 05:37:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3482 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:37:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37594 DF PROTO=TCP SPT=56274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32913 PROTO=TCP SPT=59664 DPT=18956 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:14 server83 scripts.sh: Sun Nov 9 05:37:14 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 05:37:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.148.147.222 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49327 DPT=9700 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3489 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:37:19 server83 letsencrypt.live.cgi: time="2025-11-09T05:37:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sgvmalld WantedNames="[]" Nov 9 05:37:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.129 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=7195 PROTO=TCP SPT=37555 DPT=3283 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31306 SEQ=1 Nov 9 05:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52025 SEQ=1 Nov 9 05:37:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.153.188.254 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=61716 PROTO=TCP SPT=37857 DPT=4389 WINDOW=64048 RES=0x00 SYN URGP=0 Nov 9 05:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21292 SEQ=1 Nov 9 05:37:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60005 SEQ=1 Nov 9 05:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37433 SEQ=1 Nov 9 05:37:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49853 SEQ=1 Nov 9 05:37:25 server83 dhclient[17038]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x4cd92e03) Nov 9 05:37:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=599 PROTO=TCP SPT=59033 DPT=4902 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.42 DST=51.210.113.204 LEN=53 TOS=0x10 PREC=0x00 TTL=115 ID=43538 PROTO=UDP SPT=16728 DPT=28015 LEN=33 Nov 9 05:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22471 SEQ=1 Nov 9 05:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48323 SEQ=1 Nov 9 05:37:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19086 PROTO=TCP SPT=57828 DPT=41001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33195 SEQ=1 Nov 9 05:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10341 SEQ=1 Nov 9 05:37:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2590 PROTO=TCP SPT=56949 DPT=8505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:37:34 server83 letsencrypt.live.cgi: time="2025-11-09T05:37:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=dominionmobile WantedNames="[]" error="Account is suspended" Nov 9 05:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10341 SEQ=1 Nov 9 05:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33219 SEQ=1 Nov 9 05:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37596 DF PROTO=TCP SPT=56274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43774 SEQ=1 Nov 9 05:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60461 SEQ=1 Nov 9 05:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6435 SEQ=1 Nov 9 05:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1580 DF PROTO=TCP SPT=50692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7550 DF PROTO=TCP SPT=50090 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1581 DF PROTO=TCP SPT=50692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7551 DF PROTO=TCP SPT=50090 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:37:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.193.213 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=22136 PROTO=TCP SPT=50786 DPT=7474 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:43 server83 dhclient[17038]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x4cd92e03) Nov 9 05:37:44 server83 NetworkManager[922]: <warn> [1762646864.4503] dhcp4 (eth1): request timed out Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17038 Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:37:44 server83 NetworkManager[922]: <warn> [1762646864.4589] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4623] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4626] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4627] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4630] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4640] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4642] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:37:44 server83 NetworkManager[922]: <info> [1762646864.4655] dhcp4 (eth1): dhclient started with pid 23384 Nov 9 05:37:44 server83 dhclient[23384]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1a426f8) Nov 9 05:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1583 DF PROTO=TCP SPT=50692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52266 SEQ=1 Nov 9 05:37:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7553 DF PROTO=TCP SPT=50090 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:37:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.87 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54707 DPT=40002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:37:50 server83 letsencrypt.live.cgi: time="2025-11-09T05:37:50+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bhubanes WantedNames="[]" error="Account is suspended" Nov 9 05:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37983 SEQ=1 Nov 9 05:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32091 SEQ=1 Nov 9 05:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37983 SEQ=1 Nov 9 05:37:52 server83 dhclient[23384]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x1a426f8) Nov 9 05:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1584 DF PROTO=TCP SPT=50692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:37:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7554 DF PROTO=TCP SPT=50090 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:01 server83 systemd: Started Session 307111 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307110 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307112 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307114 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307113 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307115 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307117 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307116 of user root. Nov 9 05:38:01 server83 systemd: Started Session 307118 of user root. Nov 9 05:38:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1286 PROTO=TCP SPT=49956 DPT=29993 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:38:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:38:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7555 DF PROTO=TCP SPT=50666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:03 server83 dhclient[23384]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x1a426f8) Nov 9 05:38:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7556 DF PROTO=TCP SPT=50666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:05 server83 letsencrypt.live.cgi: time="2025-11-09T05:38:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gptmail WantedNames="[]" Nov 9 05:38:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7557 DF PROTO=TCP SPT=50666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31661 SEQ=1 Nov 9 05:38:06 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.90 DST=145.239.177.179 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=9446 PROTO=UDP SPT=40923 DPT=7785 LEN=17 Nov 9 05:38:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53874 SEQ=1 Nov 9 05:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32616 SEQ=1 Nov 9 05:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43951 SEQ=1 Nov 9 05:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64802 SEQ=1 Nov 9 05:38:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=134.209.235.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=25400 DPT=8085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:38:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7558 DF PROTO=TCP SPT=50666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46787 SEQ=1 Nov 9 05:38:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37597 DF PROTO=TCP SPT=56274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1585 DF PROTO=TCP SPT=50692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:16 server83 dhclient[23384]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1a426f8) Nov 9 05:38:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7559 DF PROTO=TCP SPT=50666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64062 SEQ=1 Nov 9 05:38:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9157 SEQ=1 Nov 9 05:38:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50718 SEQ=1 Nov 9 05:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17787 DF PROTO=TCP SPT=37236 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 05:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 05:38:21 server83 letsencrypt.live.cgi: time="2025-11-09T05:38:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bankkeyin WantedNames="[]" Nov 9 05:38:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17788 DF PROTO=TCP SPT=37236 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24863 SEQ=1 Nov 9 05:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=62789 DF PROTO=TCP SPT=58454 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 05:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55884 SEQ=1 Nov 9 05:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17789 DF PROTO=TCP SPT=37236 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=62790 DF PROTO=TCP SPT=58454 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 05:38:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44343 PROTO=TCP SPT=56949 DPT=8506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9157 SEQ=1 Nov 9 05:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11230 SEQ=1 Nov 9 05:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7560 DF PROTO=TCP SPT=51348 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17790 DF PROTO=TCP SPT=37236 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:28 server83 dhclient[23384]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1a426f8) Nov 9 05:38:29 server83 NetworkManager[922]: <warn> [1762646909.4503] dhcp4 (eth1): request timed out Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23384 Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4665] dhcp4 (eth1): state changed timeout -> done Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4668] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:38:29 server83 NetworkManager[922]: <warn> [1762646909.4677] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4680] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4715] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4720] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4721] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4725] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4736] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4739] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:38:29 server83 NetworkManager[922]: <info> [1762646909.4754] dhcp4 (eth1): dhclient started with pid 28088 Nov 9 05:38:29 server83 dhclient[28088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x5efa32be) Nov 9 05:38:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7562 DF PROTO=TCP SPT=51348 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:33 server83 dhclient[28088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x5efa32be) Nov 9 05:38:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=4873 PROTO=TCP SPT=61234 DPT=5976 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:38:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7563 DF PROTO=TCP SPT=51348 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17032 SEQ=1 Nov 9 05:38:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42911 SEQ=1 Nov 9 05:38:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17791 DF PROTO=TCP SPT=37236 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10182 SEQ=1 Nov 9 05:38:37 server83 letsencrypt.live.cgi: time="2025-11-09T05:38:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=updatedroyal WantedNames="[]" Nov 9 05:38:38 server83 dhclient[28088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x5efa32be) Nov 9 05:38:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.217.194.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=54166 DPT=790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:38:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.250.143.9 DST=51.210.113.204 LEN=33 TOS=0x14 PREC=0x00 TTL=43 ID=41295 PROTO=UDP SPT=42319 DPT=3283 LEN=13 Nov 9 05:38:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7564 DF PROTO=TCP SPT=51348 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.32 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=61823 PROTO=TCP SPT=59335 DPT=4060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:38:43 server83 dhclient[28088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5efa32be) Nov 9 05:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1586 DF PROTO=TCP SPT=50692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:38:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35300 PROTO=TCP SPT=45082 DPT=6374 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:38:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37456 PROTO=TCP SPT=60435 DPT=8886 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:38:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:38:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.137 DST=145.239.177.179 LEN=130 TOS=0x00 PREC=0x00 TTL=32 ID=8937 PROTO=UDP SPT=24754 DPT=1701 LEN=110 Nov 9 05:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40352 SEQ=1 Nov 9 05:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.243.98.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=4355 PROTO=TCP SPT=46759 DPT=2222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26394 SEQ=1 Nov 9 05:38:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17792 DF PROTO=TCP SPT=37236 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:38:53 server83 letsencrypt.live.cgi: time="2025-11-09T05:38:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=primebridgeholdi WantedNames="[]" Nov 9 05:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58684 SEQ=1 Nov 9 05:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46036 SEQ=1 Nov 9 05:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27557 SEQ=1 Nov 9 05:38:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.150 DST=145.239.177.179 LEN=53 TOS=0x00 PREC=0x00 TTL=48 ID=18069 PROTO=UDP SPT=58711 DPT=27023 LEN=33 Nov 9 05:38:57 server83 dhclient[28088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5efa32be) Nov 9 05:38:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.93 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54031 DPT=20257 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:39:01 server83 systemd: Started Session 307119 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307124 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307123 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307120 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307122 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307121 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307125 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307127 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307126 of user root. Nov 9 05:39:01 server83 systemd: Started Session 307128 of user root. Nov 9 05:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13998 SEQ=1 Nov 9 05:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43588 SEQ=1 Nov 9 05:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62609 SEQ=1 Nov 9 05:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14155 SEQ=1 Nov 9 05:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55080 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45290 SEQ=1 Nov 9 05:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18522 SEQ=1 Nov 9 05:39:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55081 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:08 server83 letsencrypt.live.cgi: time="2025-11-09T05:39:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aeroshiplogs WantedNames="[]" Nov 9 05:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25947 SEQ=1 Nov 9 05:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55082 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.213 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=55020 DF PROTO=TCP SPT=23307 DPT=10256 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:39:11 server83 dhclient[28088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x5efa32be) Nov 9 05:39:14 server83 NetworkManager[922]: <warn> [1762646954.4505] dhcp4 (eth1): request timed out Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4505] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4584] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28088 Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4584] dhcp4 (eth1): state changed timeout -> done Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:39:14 server83 NetworkManager[922]: <warn> [1762646954.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4621] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4625] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4625] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4628] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4637] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4639] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:39:14 server83 NetworkManager[922]: <info> [1762646954.4649] dhcp4 (eth1): dhclient started with pid 32324 Nov 9 05:39:14 server83 dhclient[32324]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3a8acac6) Nov 9 05:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55083 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=97.107.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53782 DPT=4060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:39:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7565 DF PROTO=TCP SPT=52796 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19443 SEQ=1 Nov 9 05:39:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56086 PROTO=TCP SPT=44912 DPT=37400 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:39:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7566 DF PROTO=TCP SPT=52796 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:39:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13789 SEQ=1 Nov 9 05:39:22 server83 dhclient[32324]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3a8acac6) Nov 9 05:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55084 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:22 server83 systemd: Started Session c2836 of user root. Nov 9 05:39:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63237 SEQ=1 Nov 9 05:39:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11011 PROTO=TCP SPT=45727 DPT=30141 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:39:23 server83 scripts.sh: Load Average: 2.93 , 3.47 Nov 9 05:39:23 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:39:23 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:39:23 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:39:23 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:39:23 server83 scripts.sh: MySQL Status: active Nov 9 05:39:23 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:39:23 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:39:23 server83 scripts.sh: SSHD Status: active Nov 9 05:39:23 server83 scripts.sh: FTP Status: active Nov 9 05:39:23 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:39:23 server83 scripts.sh: Imunify Status: Active Nov 9 05:39:23 server83 scripts.sh: cPanel Status: active Nov 9 05:39:23 server83 scripts.sh: Memory Status: 12/31 GB - 41.06% Nov 9 05:39:23 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:39:23 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:39:23 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:39:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7567 DF PROTO=TCP SPT=52796 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:39:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12051 SEQ=1 Nov 9 05:39:24 server83 letsencrypt.live.cgi: time="2025-11-09T05:39:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tedgedel WantedNames="[]" Nov 9 05:39:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13789 SEQ=1 Nov 9 05:39:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.229.109.1 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=233 ID=28339 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=7702 Nov 9 05:39:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:39:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7568 DF PROTO=TCP SPT=52796 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:39:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23492 PROTO=TCP SPT=44928 DPT=13619 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:39:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34914 DF PROTO=TCP SPT=44454 DPT=7050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:39:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34915 DF PROTO=TCP SPT=44454 DPT=7050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:39:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=8766 DF PROTO=TCP SPT=44474 DPT=7050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:39:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.92.207.19 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP SPT=33565 DPT=123 LEN=200 Nov 9 05:39:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33789 SEQ=1 Nov 9 05:39:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=49558 DF PROTO=TCP SPT=44498 DPT=7050 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:39:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=186 SEQ=1 Nov 9 05:39:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59807 SEQ=1 Nov 9 05:39:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7569 DF PROTO=TCP SPT=52796 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:39:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57408 SEQ=1 Nov 9 05:39:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28615 SEQ=1 Nov 9 05:39:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10267 SEQ=1 Nov 9 05:39:37 server83 dhclient[32324]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x3a8acac6) Nov 9 05:39:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3481 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.14 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=1680 PROTO=TCP SPT=33500 DPT=9200 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:39:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55085 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:40 server83 letsencrypt.live.cgi: time="2025-11-09T05:39:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cfdmarketspro WantedNames="[]" Nov 9 05:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6746 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6747 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6748 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6749 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45915 SEQ=1 Nov 9 05:39:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27501 SEQ=1 Nov 9 05:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17988 SEQ=1 Nov 9 05:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60152 SEQ=1 Nov 9 05:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.95.117 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=6751 DF PROTO=ICMP TYPE=8 CODE=0 ID=31752 SEQ=39223 Nov 9 05:39:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=38933 PROTO=TCP SPT=48732 DPT=8300 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60152 SEQ=1 Nov 9 05:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17988 SEQ=1 Nov 9 05:39:55 server83 letsencrypt.live.cgi: time="2025-11-09T05:39:55+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=naturalkingbhand WantedNames="[]" error="Account is suspended" Nov 9 05:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6750 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:39:58 server83 dhclient[32324]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x3a8acac6) Nov 9 05:39:59 server83 NetworkManager[922]: <warn> [1762646999.4374] dhcp4 (eth1): request timed out Nov 9 05:39:59 server83 NetworkManager[922]: <info> [1762646999.4374] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:39:59 server83 NetworkManager[922]: <info> [1762646999.4534] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32324 Nov 9 05:39:59 server83 NetworkManager[922]: <info> [1762646999.4534] dhcp4 (eth1): state changed timeout -> done Nov 9 05:39:59 server83 NetworkManager[922]: <info> [1762646999.4537] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:39:59 server83 NetworkManager[922]: <warn> [1762646999.4540] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:39:59 server83 NetworkManager[922]: <info> [1762646999.4542] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:40:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.177.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55431 DPT=10002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:01 server83 systemd: Started Session 307129 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307130 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307131 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307132 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307133 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307134 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307135 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307136 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307138 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307137 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307141 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307140 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307139 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307143 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307142 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307144 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307145 of user root. Nov 9 05:40:01 server83 systemd: Started Session 307146 of user root. Nov 9 05:40:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21420 SEQ=1 Nov 9 05:40:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.227.238.235 DST=51.210.113.204 LEN=102 TOS=0x00 PREC=0x00 TTL=50 ID=60946 DF PROTO=UDP SPT=8082 DPT=4000 LEN=82 Nov 9 05:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1722 SEQ=1 Nov 9 05:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1722 SEQ=1 Nov 9 05:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15985 SEQ=1 Nov 9 05:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8598 SEQ=1 Nov 9 05:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54973 SEQ=1 Nov 9 05:40:10 server83 letsencrypt.live.cgi: time="2025-11-09T05:40:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mailalliancecred WantedNames="[]" Nov 9 05:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55086 DF PROTO=TCP SPT=35760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:13 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.156 DST=145.239.177.179 LEN=92 TOS=0x00 PREC=0x00 TTL=32 ID=13980 PROTO=UDP SPT=42522 DPT=17185 LEN=72 Nov 9 05:40:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6751 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3480 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:40:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26214 PROTO=TCP SPT=33329 DPT=8700 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49357 DPT=4153 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:40:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5050 SEQ=1 Nov 9 05:40:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.166 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56716 DPT=5840 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45936 SEQ=1 Nov 9 05:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5050 SEQ=1 Nov 9 05:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3548 SEQ=1 Nov 9 05:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=71.6.146.130 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=109 ID=56514 PROTO=TCP SPT=30321 DPT=1414 WINDOW=39053 RES=0x00 SYN URGP=0 Nov 9 05:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2577 DF PROTO=TCP SPT=53792 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2578 DF PROTO=TCP SPT=53792 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21666 SEQ=1 Nov 9 05:40:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.31.250.159 DST=145.239.177.179 LEN=127 TOS=0x18 PREC=0xA0 TTL=51 ID=20620 DF PROTO=UDP SPT=11783 DPT=5060 LEN=107 Nov 9 05:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1085 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2579 DF PROTO=TCP SPT=53792 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.62.58.119 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=8795 Nov 9 05:40:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.62.58.119 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=8901 Nov 9 05:40:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.62.58.119 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=29 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=9001 Nov 9 05:40:26 server83 letsencrypt.live.cgi: time="2025-11-09T05:40:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=de4gstcs WantedNames="[]" Nov 9 05:40:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=11487 PROTO=TCP SPT=44912 DPT=25018 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:40:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2580 DF PROTO=TCP SPT=53792 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=67 Nov 9 05:40:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=167 Nov 9 05:40:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=267 Nov 9 05:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23611 SEQ=1 Nov 9 05:40:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.41 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=57049 DPT=5001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3487 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19119 Nov 9 05:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19419 Nov 9 05:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19594 Nov 9 05:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19855 Nov 9 05:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.57.205 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19973 Nov 9 05:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2581 DF PROTO=TCP SPT=53792 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42 SEQ=1 Nov 9 05:40:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.137 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=58969 PROTO=TCP SPT=49824 DPT=12514 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:40:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=21128 PROTO=TCP SPT=56753 DPT=8120 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:40:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=51403 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.132.41 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56313 DPT=10002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:42 server83 letsencrypt.live.cgi: time="2025-11-09T05:40:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=securebk WantedNames="[]" Nov 9 05:40:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=29 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15412 Nov 9 05:40:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15555 Nov 9 05:40:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15680 Nov 9 05:40:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15805 Nov 9 05:40:42 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=16578 Nov 9 05:40:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50654 PROTO=TCP SPT=45727 DPT=34131 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:40:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58282 SEQ=1 Nov 9 05:40:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6752 DF PROTO=TCP SPT=54276 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38683 SEQ=1 Nov 9 05:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: circuit breaker is open Nov 9 05:40:46 server83 imunify360-php-daemon[734]: connections: {total = 21134, closed_as_old = 0, dropped = 2},#012messages: {total_received = 40854, blamer_received = 40661, blamer_filtered = 1848, aggregated = 1835, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 169, send = 0, send_failed = 203, stored = 34, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 15020, fevents_total = 13369,#012#011#011#011#011 fevents_filtered = {total = 27485, wrong_id = 131172, wrong_function_name = 8510977, match_file_false = 5962458, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 2125, fevents_stored_updated = 437, fevents_send_success = 0, fevents_send_failure = 67 } Nov 9 05:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 23152448 B, totalAlloc = 789161527520 B, sys = 68965640 B, rss = 198725632 B Nov 9 05:40:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:40:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38683 SEQ=1 Nov 9 05:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15307 Nov 9 05:40:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2582 DF PROTO=TCP SPT=53792 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:40:53 server83 pam_imunify_daemon.bin: time="2025-11-09T05:40:53+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 05:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17501 SEQ=1 Nov 9 05:40:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58970 SEQ=1 Nov 9 05:40:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.128 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54311 DPT=48161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53691 PROTO=TCP SPT=49652 DPT=6932 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9944 PROTO=TCP SPT=60883 DPT=4471 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:57 server83 letsencrypt.live.cgi: time="2025-11-09T05:40:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bombayfineartigd WantedNames="[]" Nov 9 05:40:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21909 PROTO=TCP SPT=59877 DPT=5109 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:40:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.204 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38773 DPT=12345 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:41:01 server83 systemd: Started Session 307147 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307148 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307150 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307149 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307151 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307152 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307153 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307154 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307155 of user root. Nov 9 05:41:01 server83 systemd: Started Session 307156 of user root. Nov 9 05:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11503 SEQ=1 Nov 9 05:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58643 SEQ=1 Nov 9 05:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7222 SEQ=1 Nov 9 05:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29415 SEQ=1 Nov 9 05:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13842 PROTO=TCP SPT=50274 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:41:04 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.62 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=45 ID=3586 DF PROTO=UDP SPT=44659 DPT=389 LEN=60 Nov 9 05:41:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13843 PROTO=TCP SPT=50274 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.32 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=43762 DF PROTO=TCP SPT=52339 DPT=22000 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:41:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:41:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:41:05 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:41:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30407 PROTO=TCP SPT=35028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13844 PROTO=TCP SPT=50274 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30408 PROTO=TCP SPT=35028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13845 PROTO=TCP SPT=50274 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30410 PROTO=TCP SPT=35028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52061 SEQ=1 Nov 9 05:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9090 PROTO=TCP SPT=45727 DPT=32571 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:41:13 server83 letsencrypt.live.cgi: time="2025-11-09T05:41:13+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=novapowerquality WantedNames="[]" error="Account is suspended" Nov 9 05:41:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.219.9.139 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=51138 DF PROTO=TCP SPT=52162 DPT=30000 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 05:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.117.57.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47906 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:41:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.158 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=14414 PROTO=TCP SPT=48013 DPT=15000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:41:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9226 SEQ=1 Nov 9 05:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39958 SEQ=1 Nov 9 05:41:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.56 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53015 DPT=1157 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59639 SEQ=1 Nov 9 05:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65394 SEQ=1 Nov 9 05:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9226 SEQ=1 Nov 9 05:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51836 SEQ=1 Nov 9 05:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38657 SEQ=1 Nov 9 05:41:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3486 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:41:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=44543 DF PROTO=ICMP TYPE=8 CODE=0 ID=61353 SEQ=32192 Nov 9 05:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51773 PROTO=TCP SPT=61234 DPT=5965 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6843 DF PROTO=TCP SPT=39388 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:41:28 server83 letsencrypt.live.cgi: time="2025-11-09T05:41:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bangkokhotelmass WantedNames="[]" Nov 9 05:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12863 SEQ=1 Nov 9 05:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60786 SEQ=1 Nov 9 05:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61106 SEQ=1 Nov 9 05:41:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12909 SEQ=1 Nov 9 05:41:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61106 SEQ=1 Nov 9 05:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6844 DF PROTO=TCP SPT=39388 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3479 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3485 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14087 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:41:44 server83 letsencrypt.live.cgi: time="2025-11-09T05:41:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=demo WantedNames="[]" Nov 9 05:41:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14088 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14089 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:41:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.3 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=10693 PROTO=TCP SPT=42519 DPT=9300 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:41:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=54210 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:41:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14090 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52966 SEQ=1 Nov 9 05:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17656 SEQ=1 Nov 9 05:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17656 SEQ=1 Nov 9 05:41:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=35694 PROTO=TCP SPT=48147 DPT=7002 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47011 SEQ=1 Nov 9 05:41:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52562 PROTO=TCP SPT=43457 DPT=2698 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:41:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28036 PROTO=TCP SPT=44408 DPT=8486 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14091 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:00 server83 letsencrypt.live.cgi: time="2025-11-09T05:42:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mahiaquaservices WantedNames="[]" Nov 9 05:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:42:01 server83 systemd: Started Session 307157 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307159 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307160 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307158 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307161 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307162 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307163 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307165 of user root. Nov 9 05:42:01 server83 systemd: Started Session 307164 of user root. Nov 9 05:42:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24818 SEQ=1 Nov 9 05:42:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52807 SEQ=1 Nov 9 05:42:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62619 SEQ=1 Nov 9 05:42:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45443 SEQ=1 Nov 9 05:42:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3478 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42299 SEQ=1 Nov 9 05:42:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.207.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4801 DF PROTO=TCP SPT=47631 DPT=9346 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:42:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.52.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35950 DPT=6080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44367 SEQ=1 Nov 9 05:42:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44367 SEQ=1 Nov 9 05:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6845 DF PROTO=TCP SPT=39388 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14092 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48571 DPT=18000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:15 server83 letsencrypt.live.cgi: time="2025-11-09T05:42:15+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=cascnew WantedNames="[]" error="Account is suspended" Nov 9 05:42:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40906 SEQ=1 Nov 9 05:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39940 SEQ=1 Nov 9 05:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.26.171.140 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=230 ID=63918 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1082 Nov 9 05:42:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40041 SEQ=1 Nov 9 05:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27344 SEQ=1 Nov 9 05:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40041 SEQ=1 Nov 9 05:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27344 SEQ=1 Nov 9 05:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59343 PROTO=TCP SPT=61234 DPT=1455 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16893 DF PROTO=TCP SPT=36114 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11491 SEQ=1 Nov 9 05:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.86 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53542 DPT=34502 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16894 DF PROTO=TCP SPT=36114 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16895 DF PROTO=TCP SPT=36114 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.191 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=43205 DPT=6080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16896 DF PROTO=TCP SPT=36114 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:30 server83 letsencrypt.live.cgi: time="2025-11-09T05:42:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=teamdatarecovery WantedNames="[]" Nov 9 05:42:31 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 05:42:31 server83 systemd: Stopped Status Update Service. Nov 9 05:42:31 server83 systemd: Started Status Update Service. Nov 9 05:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39505 SEQ=1 Nov 9 05:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60772 SEQ=1 Nov 9 05:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=29961 DF PROTO=ICMP TYPE=8 CODE=0 ID=62202 SEQ=45896 Nov 9 05:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36457 SEQ=1 Nov 9 05:42:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:42:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41570 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16897 DF PROTO=TCP SPT=36114 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21903 SEQ=1 Nov 9 05:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60772 SEQ=1 Nov 9 05:42:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=21783 PROTO=TCP SPT=53789 DPT=46443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39505 SEQ=1 Nov 9 05:42:42 server83 aibolit_wrapper[14873]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626471620617988.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626471620619908.txt --log=/tmp/malware_cleaner_log_17626471620621976.txt --progress=/tmp/malware_cleaner_progress_17626471620621516.json --csv_result=/tmp/revisium_csvfile_17626471620621736.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:42:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46808 PROTO=TCP SPT=45727 DPT=31223 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:42:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.194.84 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=47670 DPT=7473 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9911 PROTO=TCP SPT=60881 DPT=18956 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:42:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=48003 PROTO=TCP SPT=55975 DPT=7623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:42:46 server83 aibolit_wrapper[15017]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626471662728346.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626471662729102.txt --log=/tmp/malware_cleaner_log_17626471662729866.txt --progress=/tmp/malware_cleaner_progress_17626471662729666.json --csv_result=/tmp/revisium_csvfile_17626471662729762.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:42:46 server83 letsencrypt.live.cgi: time="2025-11-09T05:42:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vpvpmahavidyalay WantedNames="[]" Nov 9 05:42:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:42:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14093 DF PROTO=TCP SPT=42486 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=5492 PROTO=TCP SPT=39160 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:42:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=5493 PROTO=TCP SPT=39160 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41919 SEQ=1 Nov 9 05:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60208 PROTO=TCP SPT=56617 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21698 SEQ=1 Nov 9 05:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9688 SEQ=1 Nov 9 05:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4243 SEQ=1 Nov 9 05:42:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60209 PROTO=TCP SPT=56617 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28525 SEQ=1 Nov 9 05:42:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60211 PROTO=TCP SPT=56617 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:42:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39310 SEQ=1 Nov 9 05:42:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.191.209.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3125 PROTO=TCP SPT=41356 DPT=2000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61950 PROTO=TCP SPT=36846 DPT=9943 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:43:01 server83 systemd: Started Session 307167 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307168 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307166 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307169 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307170 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307171 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307172 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307173 of user root. Nov 9 05:43:01 server83 systemd: Started Session 307174 of user root. Nov 9 05:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:43:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43151 SEQ=1 Nov 9 05:43:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60174 SEQ=1 Nov 9 05:43:02 server83 letsencrypt.live.cgi: time="2025-11-09T05:43:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ibsmobile WantedNames="[]" Nov 9 05:43:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53088 SEQ=1 Nov 9 05:43:02 server83 aibolit_wrapper[15556]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626471824505198.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626471824506354.txt --log=/tmp/malware_cleaner_log_17626471824507198.txt --progress=/tmp/malware_cleaner_progress_17626471824506974.json --csv_result=/tmp/revisium_csvfile_17626471824507074.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 05:43:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63825 SEQ=1 Nov 9 05:43:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24209 SEQ=1 Nov 9 05:43:03 server83 atd[15580]: Starting job 1604 (a0064401c04392) for user 'root' (0) Nov 9 05:43:03 server83 systemd: Started Session 307175 of user root. Nov 9 05:43:03 server83 systemd-logind: New session 307175 of user root. Nov 9 05:43:09 server83 systemd-logind: Removed session 307175. Nov 9 05:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36489 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36490 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36491 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:17 server83 letsencrypt.live.cgi: time="2025-11-09T05:43:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tdglobal WantedNames="[]" Nov 9 05:43:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=991 SEQ=1 Nov 9 05:43:18 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36492 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30507 SEQ=1 Nov 9 05:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54679 SEQ=1 Nov 9 05:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=991 SEQ=1 Nov 9 05:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3339 SEQ=1 Nov 9 05:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23095 SEQ=1 Nov 9 05:43:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4715 SEQ=1 Nov 9 05:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36493 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16899 DF PROTO=TCP SPT=36114 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.59 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54318 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:43:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=9073 PROTO=TCP SPT=47254 DPT=43679 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:43:30 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:43:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.54 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=46015 DF PROTO=TCP SPT=45674 DPT=11389 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57054 SEQ=1 Nov 9 05:43:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.54 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=5512 DF PROTO=TCP SPT=45680 DPT=11389 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58921 SEQ=1 Nov 9 05:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12955 SEQ=1 Nov 9 05:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55842 SEQ=1 Nov 9 05:43:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7323 PROTO=TCP SPT=49956 DPT=26818 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:43:33 server83 letsencrypt.live.cgi: time="2025-11-09T05:43:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=biz2rock WantedNames="[]" Nov 9 05:43:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10571 SEQ=1 Nov 9 05:43:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39212 PROTO=TCP SPT=41851 DPT=44197 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:43:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12955 SEQ=1 Nov 9 05:43:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.239.44.125 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=19936 SEQ=0 Nov 9 05:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37438 SEQ=1 Nov 9 05:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12183 SEQ=1 Nov 9 05:43:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.193.78 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=50571 PROTO=TCP SPT=44993 DPT=7474 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34859 PROTO=TCP SPT=45679 DPT=5640 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:43:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36494 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16710 PROTO=TCP SPT=36904 DPT=8726 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:43:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=60699 PROTO=TCP SPT=56337 DPT=10111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46844 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52303 SEQ=1 Nov 9 05:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46845 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56060 SEQ=1 Nov 9 05:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52303 SEQ=1 Nov 9 05:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64968 SEQ=1 Nov 9 05:43:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46846 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30357 PROTO=TCP SPT=45727 DPT=34147 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:43:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13228 SEQ=1 Nov 9 05:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55161 SEQ=1 Nov 9 05:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=17610 PROTO=TCP SPT=55975 DPT=7620 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46847 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:43:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17365 PROTO=TCP SPT=49956 DPT=27175 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:43:59 server83 letsencrypt.live.cgi: time="2025-11-09T05:43:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=santsing WantedNames="[]" Nov 9 05:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:44:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 05:44:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:44:01 server83 systemd: Started Session 307176 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307177 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307178 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307179 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307182 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307181 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307183 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307180 of user root. Nov 9 05:44:01 server83 systemd: Started Session 307184 of user root. Nov 9 05:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=55075 PROTO=TCP SPT=35799 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46848 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=55076 PROTO=TCP SPT=35799 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63868 SEQ=1 Nov 9 05:44:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=52091 PROTO=TCP SPT=55838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18307 SEQ=1 Nov 9 05:44:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27906 PROTO=TCP SPT=56698 DPT=8201 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:44:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=55078 PROTO=TCP SPT=35799 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=52092 PROTO=TCP SPT=55838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=55079 PROTO=TCP SPT=35799 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=52093 PROTO=TCP SPT=55838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:44:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=203.55.131.4 DST=51.210.113.204 LEN=52 TOS=0x08 PREC=0x20 TTL=48 ID=31755 PROTO=TCP SPT=48732 DPT=4022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14350 SEQ=1 Nov 9 05:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50499 SEQ=1 Nov 9 05:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24874 SEQ=1 Nov 9 05:44:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36495 DF PROTO=TCP SPT=35576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46849 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57067 SEQ=1 Nov 9 05:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.114.175.11 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26626 PROTO=TCP SPT=59524 DPT=132 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:44:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63857 SEQ=1 Nov 9 05:44:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63857 SEQ=1 Nov 9 05:44:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63164 DF PROTO=TCP SPT=57188 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63165 DF PROTO=TCP SPT=57188 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6201 SEQ=1 Nov 9 05:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13598 SEQ=1 Nov 9 05:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14399 SEQ=1 Nov 9 05:44:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63166 DF PROTO=TCP SPT=57188 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17515 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17516 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63167 DF PROTO=TCP SPT=57188 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=120 ID=26316 PROTO=TCP SPT=25292 DPT=13261 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17517 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=200.9.154.79 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38608 DPT=10089 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9699 SEQ=1 Nov 9 05:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63174 SEQ=1 Nov 9 05:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17518 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:34 server83 letsencrypt.live.cgi: time="2025-11-09T05:44:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=kalikainstrument WantedNames="[]" error="Account is suspended" Nov 9 05:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65306 SEQ=1 Nov 9 05:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38349 SEQ=1 Nov 9 05:44:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62064 PROTO=TCP SPT=45082 DPT=6374 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14771 SEQ=1 Nov 9 05:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14771 SEQ=1 Nov 9 05:44:38 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 05:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63174 SEQ=1 Nov 9 05:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7570 DF PROTO=TCP SPT=59420 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:44:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7571 DF PROTO=TCP SPT=59420 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:44:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=11035 DF PROTO=TCP SPT=49982 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=39175 DF PROTO=TCP SPT=50016 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17519 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7572 DF PROTO=TCP SPT=59420 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:44:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=39176 DF PROTO=TCP SPT=50016 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=1647 DF PROTO=TCP SPT=50026 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=1648 DF PROTO=TCP SPT=50026 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:44:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.122.82 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=34906 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:44:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7573 DF PROTO=TCP SPT=59420 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8540 SEQ=1 Nov 9 05:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4501 SEQ=1 Nov 9 05:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38865 SEQ=1 Nov 9 05:44:49 server83 letsencrypt.live.cgi: time="2025-11-09T05:44:49+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=htdnextgen WantedNames="[]" error="Account is suspended" Nov 9 05:44:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39734 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62831 SEQ=1 Nov 9 05:44:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56159 PROTO=TCP SPT=54739 DPT=2746 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:44:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46850 DF PROTO=TCP SPT=48416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7574 DF PROTO=TCP SPT=59420 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:44:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4501 SEQ=1 Nov 9 05:44:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12566 PROTO=TCP SPT=49956 DPT=25011 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17520 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4927] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4932] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4933] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4937] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4949] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4952] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:44:59 server83 NetworkManager[922]: <info> [1762647299.4964] dhcp4 (eth1): dhclient started with pid 18709 Nov 9 05:44:59 server83 dhclient[18709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6653e80c) Nov 9 05:44:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:45:01 server83 systemd: Started Session 307187 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307189 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307190 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307185 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307188 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307191 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307192 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307193 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307195 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307186 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307196 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307197 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307198 of user root. Nov 9 05:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 05:45:01 server83 systemd: Started Session 307199 of user sanatanhinduvahi. Nov 9 05:45:01 server83 systemd: Started Session 307200 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307194 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307201 of user root. Nov 9 05:45:01 server83 systemd: Started Session 307202 of user root. Nov 9 05:45:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 05:45:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3477 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63789 SEQ=1 Nov 9 05:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15721 SEQ=1 Nov 9 05:45:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.30 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=27380 PROTO=TCP SPT=43433 DPT=2525 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:45:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.123.0 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=38508 DPT=4200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3464 SEQ=1 Nov 9 05:45:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3464 SEQ=1 Nov 9 05:45:04 server83 letsencrypt.live.cgi: time="2025-11-09T05:45:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=unifieddelandlog WantedNames="[]" Nov 9 05:45:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.52 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51387 DPT=30287 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:06 server83 dhclient[18709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6653e80c) Nov 9 05:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58197 SEQ=1 Nov 9 05:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46080 SEQ=1 Nov 9 05:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5217 SEQ=1 Nov 9 05:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15721 SEQ=1 Nov 9 05:45:13 server83 dhclient[18709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x6653e80c) Nov 9 05:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19566 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19567 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25701 SEQ=1 Nov 9 05:45:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25701 SEQ=1 Nov 9 05:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43966 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19568 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.165 DST=51.210.113.204 LEN=76 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=53526 DPT=123 LEN=56 Nov 9 05:45:20 server83 letsencrypt.live.cgi: time="2025-11-09T05:45:20+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=krishnadalbatire WantedNames="[]" error="Account is suspended" Nov 9 05:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64690 SEQ=1 Nov 9 05:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30558 SEQ=1 Nov 9 05:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43412 SEQ=1 Nov 9 05:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19569 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14063 SEQ=1 Nov 9 05:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.25.99.255 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=230 ID=3315 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1082 Nov 9 05:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14063 SEQ=1 Nov 9 05:45:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=8190 Nov 9 05:45:28 server83 dhclient[18709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6653e80c) Nov 9 05:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17521 DF PROTO=TCP SPT=54840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31993 SEQ=1 Nov 9 05:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=16.63.233.100 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x60 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=3 SEQ=5833 Nov 9 05:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=67 Nov 9 05:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19570 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.227.147.215 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=39818 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19973 Nov 9 05:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20173 Nov 9 05:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20616 Nov 9 05:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.21.194.38 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20716 Nov 9 05:45:35 server83 letsencrypt.live.cgi: time="2025-11-09T05:45:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dsautoco WantedNames="[]" Nov 9 05:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15171 SEQ=1 Nov 9 05:45:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.239.4.211 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=63537 PROTO=TCP SPT=43063 DPT=30287 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20858 SEQ=1 Nov 9 05:45:38 server83 dhclient[18709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x6653e80c) Nov 9 05:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58942 SEQ=1 Nov 9 05:45:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:45:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54858 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:41 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.55.26 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=29 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15412 Nov 9 05:45:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.29 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51263 DPT=48798 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:45:44 server83 NetworkManager[922]: <warn> [1762647344.4388] dhcp4 (eth1): request timed out Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4388] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4548] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18709 Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4548] dhcp4 (eth1): state changed timeout -> done Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4550] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:45:44 server83 NetworkManager[922]: <warn> [1762647344.4553] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4554] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4583] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4586] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4587] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4589] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4598] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4600] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:45:44 server83 NetworkManager[922]: <info> [1762647344.4610] dhcp4 (eth1): dhclient started with pid 20583 Nov 9 05:45:44 server83 dhclient[20583]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x3a59240d) Nov 9 05:45:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52087 PROTO=TCP SPT=45727 DPT=32478 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:45:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:45:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6406 SEQ=1 Nov 9 05:45:47 server83 dhclient[20583]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3a59240d) Nov 9 05:45:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17744 SEQ=1 Nov 9 05:45:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7038 SEQ=1 Nov 9 05:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19571 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5194 SEQ=1 Nov 9 05:45:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7038 SEQ=1 Nov 9 05:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.20.116.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=11407 Nov 9 05:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55015 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3476 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:45:51 server83 letsencrypt.live.cgi: time="2025-11-09T05:45:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mayadevigroupofi WantedNames="[]" Nov 9 05:45:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55016 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55017 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:55 server83 dhclient[20583]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3a59240d) Nov 9 05:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55018 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:45:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50614 PROTO=TCP SPT=54960 DPT=5255 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:46:01 server83 systemd: Started Session 307203 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307204 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307205 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307207 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307206 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307208 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307209 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307210 of user root. Nov 9 05:46:01 server83 systemd: Started Session 307211 of user root. Nov 9 05:46:02 server83 dhclient[20583]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x3a59240d) Nov 9 05:46:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.134.137.215 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=64693 DF PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=4858 Nov 9 05:46:04 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:46:04 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:46:04 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:46:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12891 PROTO=TCP SPT=61234 DPT=5923 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:46:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7575 DF PROTO=TCP SPT=61717 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55019 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7576 DF PROTO=TCP SPT=61717 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:06 server83 letsencrypt.live.cgi: time="2025-11-09T05:46:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=valuearchgateway WantedNames="[]" Nov 9 05:46:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3475 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:46:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=4635 PROTO=TCP SPT=21574 DPT=20547 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63151 SEQ=1 Nov 9 05:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54994 SEQ=1 Nov 9 05:46:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=54358 DPT=18181 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52998 SEQ=1 Nov 9 05:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38401 SEQ=1 Nov 9 05:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49541 SEQ=1 Nov 9 05:46:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7578 DF PROTO=TCP SPT=61717 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5285 PROTO=TCP SPT=50510 DPT=8644 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:14 server83 dhclient[20583]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x3a59240d) Nov 9 05:46:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7579 DF PROTO=TCP SPT=61717 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19572 DF PROTO=TCP SPT=38168 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44856 PROTO=TCP SPT=52799 DPT=4562 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55020 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:22 server83 letsencrypt.live.cgi: time="2025-11-09T05:46:22+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=onlineyogaindia WantedNames="[]" error="Account is suspended" Nov 9 05:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5262 SEQ=1 Nov 9 05:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5956 SEQ=1 Nov 9 05:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65088 SEQ=1 Nov 9 05:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47278 SEQ=1 Nov 9 05:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53067 SEQ=1 Nov 9 05:46:24 server83 pam_imunify_daemon.bin: time="2025-11-09T05:46:24+05:30" level=error msg="Send stats for 2 records error: Post \"https://api.imunify360.com/api/send-message\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" agent_lic_status=OK error="Post \"https://api.imunify360.com/api/send-message\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)" records_num=2 Nov 9 05:46:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.78.164 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=46 ID=12424 DF PROTO=TCP SPT=13448 DPT=3080 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 05:46:29 server83 NetworkManager[922]: <warn> [1762647389.4479] dhcp4 (eth1): request timed out Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4480] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4639] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20583 Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4639] dhcp4 (eth1): state changed timeout -> done Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4642] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:46:29 server83 NetworkManager[922]: <warn> [1762647389.4647] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4650] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4682] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4686] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4687] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4690] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4700] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4702] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:46:29 server83 NetworkManager[922]: <info> [1762647389.4713] dhcp4 (eth1): dhclient started with pid 21842 Nov 9 05:46:29 server83 dhclient[21842]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x347130b4) Nov 9 05:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3483 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3063 DF PROTO=TCP SPT=36438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1827 SEQ=1 Nov 9 05:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29947 SEQ=1 Nov 9 05:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29947 SEQ=1 Nov 9 05:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34295 SEQ=1 Nov 9 05:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3064 DF PROTO=TCP SPT=36438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12247 PROTO=TCP SPT=40030 DPT=5684 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3065 DF PROTO=TCP SPT=36438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:34 server83 dhclient[21842]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x347130b4) Nov 9 05:46:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28252 SEQ=1 Nov 9 05:46:37 server83 letsencrypt.live.cgi: time="2025-11-09T05:46:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=unitymail WantedNames="[]" Nov 9 05:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3066 DF PROTO=TCP SPT=36438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.186 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=22762 PROTO=TCP SPT=41320 DPT=25565 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.148.190.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54967 PROTO=TCP SPT=45719 DPT=31289 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:46:45 server83 scripts.sh: Sun Nov 9 05:46:45 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 05:46:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=61.242.178.1 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=42 ID=14751 DF PROTO=ICMP TYPE=8 CODE=0 ID=12065 SEQ=54038 Nov 9 05:46:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3067 DF PROTO=TCP SPT=36438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:46 server83 dhclient[21842]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x347130b4) Nov 9 05:46:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32819 SEQ=1 Nov 9 05:46:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50482 DPT=9752 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19404 SEQ=1 Nov 9 05:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50978 SEQ=1 Nov 9 05:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=11228 DF PROTO=ICMP TYPE=8 CODE=0 ID=58166 SEQ=50591 Nov 9 05:46:53 server83 letsencrypt.live.cgi: time="2025-11-09T05:46:53+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bharatcartranspo WantedNames="[]" error="Account is suspended" Nov 9 05:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=13275 PROTO=TCP SPT=56753 DPT=8113 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:46:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41461 SEQ=1 Nov 9 05:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7580 DF PROTO=TCP SPT=62975 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55021 DF PROTO=TCP SPT=49674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7581 DF PROTO=TCP SPT=62975 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53556 PROTO=TCP SPT=37590 DPT=4494 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:46:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7582 DF PROTO=TCP SPT=62975 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:46:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3474 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:47:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.198 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=15077 DF PROTO=TCP SPT=52630 DPT=40120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:47:01 server83 systemd: Started Session 307212 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307213 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307214 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307215 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307218 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307219 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307217 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307216 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307220 of user root. Nov 9 05:47:01 server83 systemd: Started Session 307221 of user root. Nov 9 05:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.198 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=31591 DF PROTO=TCP SPT=52634 DPT=40120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:47:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.25.83.27 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=20641 DF PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=4858 Nov 9 05:47:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15616 SEQ=1 Nov 9 05:47:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.198 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45572 DF PROTO=TCP SPT=52646 DPT=40120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:47:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.198 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45573 DF PROTO=TCP SPT=52646 DPT=40120 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41577 SEQ=1 Nov 9 05:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46934 SEQ=1 Nov 9 05:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12384 SEQ=1 Nov 9 05:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46934 SEQ=1 Nov 9 05:47:06 server83 dhclient[21842]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x347130b4) Nov 9 05:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41661 SEQ=1 Nov 9 05:47:08 server83 letsencrypt.live.cgi: time="2025-11-09T05:47:08+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=saifoundation WantedNames="[]" error="Account is suspended" Nov 9 05:47:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17512 SEQ=1 Nov 9 05:47:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7584 DF PROTO=TCP SPT=62975 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:47:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.225.32 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48498 DPT=4782 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:47:14 server83 NetworkManager[922]: <warn> [1762647434.4388] dhcp4 (eth1): request timed out Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4389] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4468] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21842 Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4469] dhcp4 (eth1): state changed timeout -> done Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4471] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:47:14 server83 NetworkManager[922]: <warn> [1762647434.4478] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4480] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4518] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4524] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4525] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4531] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4542] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4546] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:47:14 server83 NetworkManager[922]: <info> [1762647434.4560] dhcp4 (eth1): dhclient started with pid 23629 Nov 9 05:47:14 server83 dhclient[23629]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x3bf0ada7) Nov 9 05:47:14 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:47:14 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 05:47:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39278 PROTO=TCP SPT=46370 DPT=1859 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31527 SEQ=1 Nov 9 05:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63902 SEQ=1 Nov 9 05:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.81.67.26 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=1496 SEQ=0 Nov 9 05:47:19 server83 dhclient[23629]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x3bf0ada7) Nov 9 05:47:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35951 SEQ=1 Nov 9 05:47:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31527 SEQ=1 Nov 9 05:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21667 SEQ=1 Nov 9 05:47:23 server83 letsencrypt.live.cgi: time="2025-11-09T05:47:23+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=paigamadil WantedNames="[]" error="Account is suspended" Nov 9 05:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32020 SEQ=1 Nov 9 05:47:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16485 PROTO=TCP SPT=56353 DPT=6474 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:25 server83 dhclient[23629]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3bf0ada7) Nov 9 05:47:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48775 DPT=37777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61466 SEQ=1 Nov 9 05:47:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28483 SEQ=1 Nov 9 05:47:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3069 DF PROTO=TCP SPT=36438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 05:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45259 SEQ=1 Nov 9 05:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36761 SEQ=1 Nov 9 05:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28483 SEQ=1 Nov 9 05:47:38 server83 letsencrypt.live.cgi: time="2025-11-09T05:47:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=adyancon WantedNames="[]" Nov 9 05:47:40 server83 dhclient[23629]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x3bf0ada7) Nov 9 05:47:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57517 DPT=9020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:47:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.111.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53145 DPT=9020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50505 DPT=4153 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.73 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=30789 PROTO=TCP SPT=36219 DPT=9020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24548 SEQ=1 Nov 9 05:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60914 SEQ=1 Nov 9 05:47:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34521 PROTO=TCP SPT=41091 DPT=5261 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22041 SEQ=1 Nov 9 05:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13892 SEQ=1 Nov 9 05:47:54 server83 letsencrypt.live.cgi: time="2025-11-09T05:47:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=oswalage WantedNames="[]" error="Account is suspended" Nov 9 05:47:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.177 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52463 DPT=17575 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:47:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:47:58 server83 dhclient[23629]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x3bf0ada7) Nov 9 05:47:59 server83 NetworkManager[922]: <warn> [1762647479.4503] dhcp4 (eth1): request timed out Nov 9 05:47:59 server83 NetworkManager[922]: <info> [1762647479.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:47:59 server83 NetworkManager[922]: <info> [1762647479.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23629 Nov 9 05:47:59 server83 NetworkManager[922]: <info> [1762647479.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 05:47:59 server83 NetworkManager[922]: <info> [1762647479.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:47:59 server83 NetworkManager[922]: <warn> [1762647479.4587] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:47:59 server83 NetworkManager[922]: <info> [1762647479.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:48:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43517 PROTO=TCP SPT=45727 DPT=33665 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:48:01 server83 systemd: Started Session 307223 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307224 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307222 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307228 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307229 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307227 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307225 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307226 of user root. Nov 9 05:48:01 server83 systemd: Started Session 307230 of user root. Nov 9 05:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:48:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50189 DPT=47533 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:48:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.121 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=23103 DF PROTO=TCP SPT=40130 DPT=8010 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57530 SEQ=1 Nov 9 05:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23418 SEQ=1 Nov 9 05:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55025 SEQ=1 Nov 9 05:48:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.116.120 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=48883 DF PROTO=TCP SPT=49907 DPT=9264 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 05:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54659 SEQ=1 Nov 9 05:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23418 SEQ=1 Nov 9 05:48:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19746 DF PROTO=TCP SPT=2069 DPT=8081 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54659 SEQ=1 Nov 9 05:48:09 server83 letsencrypt.live.cgi: time="2025-11-09T05:48:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=chgffdetys WantedNames="[]" Nov 9 05:48:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62811 PROTO=TCP SPT=52820 DPT=6156 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:48:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.65.212 DST=51.210.113.204 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=3146 DF PROTO=TCP SPT=42242 DPT=4070 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:48:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49324 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:48:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=34839 PROTO=TCP SPT=44628 DPT=25639 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 05:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 05:48:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3482 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51707 SEQ=1 Nov 9 05:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26285 SEQ=1 Nov 9 05:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51707 SEQ=1 Nov 9 05:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39118 SEQ=1 Nov 9 05:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39118 SEQ=1 Nov 9 05:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.64.43.231 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=20217 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1082 Nov 9 05:48:25 server83 letsencrypt.live.cgi: time="2025-11-09T05:48:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=anandint WantedNames="[]" Nov 9 05:48:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=14722 DF PROTO=TCP SPT=29194 DPT=5601 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:48:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24304 PROTO=TCP SPT=45727 DPT=30693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=13041 DF PROTO=ICMP TYPE=8 CODE=0 ID=26118 SEQ=57524 Nov 9 05:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60397 SEQ=1 Nov 9 05:48:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18985 PROTO=TCP SPT=49956 DPT=29602 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53829 SEQ=1 Nov 9 05:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63357 SEQ=1 Nov 9 05:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53643 SEQ=1 Nov 9 05:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7808 SEQ=1 Nov 9 05:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39183 SEQ=1 Nov 9 05:48:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.121.84.49 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49994 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:48:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:48:41 server83 letsencrypt.live.cgi: time="2025-11-09T05:48:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crcu WantedNames="[]" Nov 9 05:48:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17883 PROTO=TCP SPT=58926 DPT=5089 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:48:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25041 SEQ=1 Nov 9 05:48:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=48091 PROTO=TCP SPT=55975 DPT=7622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46847 SEQ=1 Nov 9 05:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.119.207.11 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=42480 DF PROTO=ICMP TYPE=8 CODE=0 ID=20288 SEQ=43256 Nov 9 05:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34888 SEQ=1 Nov 9 05:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17054 SEQ=1 Nov 9 05:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25041 SEQ=1 Nov 9 05:48:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.65 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51963 DPT=212 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:48:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7585 DF PROTO=TCP SPT=49555 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:48:53 server83 systemd: Started Session c2837 of user root. Nov 9 05:48:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7586 DF PROTO=TCP SPT=49555 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:48:54 server83 scripts.sh: Load Average: 1.93 , 2.39 Nov 9 05:48:54 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:48:54 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:48:54 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:48:54 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:48:54 server83 scripts.sh: MySQL Status: active Nov 9 05:48:54 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:48:54 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:48:54 server83 scripts.sh: SSHD Status: active Nov 9 05:48:54 server83 scripts.sh: FTP Status: active Nov 9 05:48:54 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:48:54 server83 scripts.sh: Imunify Status: Active Nov 9 05:48:54 server83 scripts.sh: cPanel Status: active Nov 9 05:48:54 server83 scripts.sh: Memory Status: 11/31 GB - 37.49% Nov 9 05:48:54 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:48:54 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:48:54 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:48:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7587 DF PROTO=TCP SPT=49555 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:48:56 server83 letsencrypt.live.cgi: time="2025-11-09T05:48:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dovewoodconst WantedNames="[]" Nov 9 05:49:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7588 DF PROTO=TCP SPT=49555 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:49:01 server83 systemd: Started Session 307231 of user root. Nov 9 05:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:49:01 server83 systemd: Started Session 307233 of user root. Nov 9 05:49:01 server83 systemd: Started Session 307232 of user root. Nov 9 05:49:01 server83 systemd: Started Session 307235 of user root. Nov 9 05:49:01 server83 systemd: Started Session 307234 of user root. Nov 9 05:49:01 server83 systemd: Started Session 307236 of user root. Nov 9 05:49:01 server83 systemd: Started Session 307237 of user root. Nov 9 05:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:49:01 server83 systemd: Started Session 307238 of user root. Nov 9 05:49:01 server83 systemd: Started Session 307239 of user root. Nov 9 05:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:49:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.27.244.234 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=10332 DF PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=4858 Nov 9 05:49:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54058 SEQ=1 Nov 9 05:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47356 SEQ=1 Nov 9 05:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5400 PROTO=TCP SPT=61234 DPT=5940 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:49:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15694 SEQ=1 Nov 9 05:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53630 SEQ=1 Nov 9 05:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59497 SEQ=1 Nov 9 05:49:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=54109 DF PROTO=ICMP TYPE=8 CODE=0 ID=33623 SEQ=62601 Nov 9 05:49:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7589 DF PROTO=TCP SPT=49555 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:49:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60948 PROTO=TCP SPT=54739 DPT=2484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55839 SEQ=1 Nov 9 05:49:12 server83 letsencrypt.live.cgi: time="2025-11-09T05:49:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=achintyabooks WantedNames="[]" Nov 9 05:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=11319 PROTO=TCP SPT=47549 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=52556 PROTO=TCP SPT=47549 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.242.196 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=34494 DPT=2004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:49:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53891 SEQ=1 Nov 9 05:49:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=62987 PROTO=TCP SPT=47549 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:49:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29822 SEQ=1 Nov 9 05:49:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53891 SEQ=1 Nov 9 05:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18536 SEQ=1 Nov 9 05:49:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60821 PROTO=TCP SPT=49956 DPT=25265 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40251 SEQ=1 Nov 9 05:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23005 SEQ=1 Nov 9 05:49:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5864 SEQ=1 Nov 9 05:49:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4096 SEQ=1 Nov 9 05:49:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47104 SEQ=1 Nov 9 05:49:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24956 SEQ=1 Nov 9 05:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3277 SEQ=1 Nov 9 05:49:38 server83 letsencrypt.live.cgi: time="2025-11-09T05:49:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gssmahav WantedNames="[]" Nov 9 05:49:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25944 SEQ=1 Nov 9 05:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5864 SEQ=1 Nov 9 05:49:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:49:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33650 SEQ=1 Nov 9 05:49:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=76 SEQ=1 Nov 9 05:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33650 SEQ=1 Nov 9 05:49:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=16383 DF PROTO=TCP SPT=56916 DPT=7081 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=569 PROTO=TCP SPT=44644 DPT=9109 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:49:53 server83 letsencrypt.live.cgi: time="2025-11-09T05:49:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=babcour WantedNames="[]" Nov 9 05:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=16384 DF PROTO=TCP SPT=56916 DPT=7081 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17987 DF PROTO=TCP SPT=56924 DPT=7081 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:49:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17988 DF PROTO=TCP SPT=56924 DPT=7081 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:49:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=8474 DF PROTO=TCP SPT=56938 DPT=7081 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:49:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12933 PROTO=TCP SPT=48818 DPT=5694 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43915 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:01 server83 systemd: Started Session 307242 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307243 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307241 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307240 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307244 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307245 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307246 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307247 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307249 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307248 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307250 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307251 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307253 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307254 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307255 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307252 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307256 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307257 of user root. Nov 9 05:50:01 server83 systemd: Started Session 307258 of user root. Nov 9 05:50:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=34602 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.175.211.127 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=7167 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=19185 Nov 9 05:50:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63559 SEQ=1 Nov 9 05:50:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1142 SEQ=1 Nov 9 05:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=119 SEQ=1 Nov 9 05:50:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:50:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47328 SEQ=1 Nov 9 05:50:09 server83 letsencrypt.live.cgi: time="2025-11-09T05:50:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mayurpaints WantedNames="[]" Nov 9 05:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24405 SEQ=1 Nov 9 05:50:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.52 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54198 DPT=5040 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.15 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=56498 PROTO=TCP SPT=26200 DPT=4095 WINDOW=24476 RES=0x00 SYN URGP=0 Nov 9 05:50:12 server83 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=145.239.177.179 DST=31.56.240.174 LEN=1280 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=443 DPT=46145 LEN=1260 UID=0 GID=99 Nov 9 05:50:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.89 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=7775 PROTO=TCP SPT=39365 DPT=2004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27701 SEQ=1 Nov 9 05:50:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51621 SEQ=1 Nov 9 05:50:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32414 SEQ=1 Nov 9 05:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.10.234.0 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=49816 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=7853 Nov 9 05:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41552 SEQ=1 Nov 9 05:50:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.66.75.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32200 PROTO=TCP SPT=65257 DPT=9040 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27701 SEQ=1 Nov 9 05:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=58230 DF PROTO=ICMP TYPE=8 CODE=0 ID=60337 SEQ=20629 Nov 9 05:50:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9652 PROTO=TCP SPT=39388 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51621 SEQ=1 Nov 9 05:50:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9653 PROTO=TCP SPT=39388 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:25 server83 letsencrypt.live.cgi: time="2025-11-09T05:50:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mindandmission WantedNames="[]" Nov 9 05:50:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:50:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65255 PROTO=TCP SPT=54313 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9654 PROTO=TCP SPT=39388 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.51.171.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=12860 Nov 9 05:50:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9655 PROTO=TCP SPT=39388 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65256 PROTO=TCP SPT=54313 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9656 PROTO=TCP SPT=39388 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65259 PROTO=TCP SPT=54313 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:50:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.58 DST=145.239.177.179 LEN=30 TOS=0x00 PREC=0x00 TTL=45 ID=17054 DF PROTO=UDP SPT=58517 DPT=5351 LEN=10 Nov 9 05:50:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=28 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=167 Nov 9 05:50:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=267 Nov 9 05:50:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18667 SEQ=1 Nov 9 05:50:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29003 PROTO=TCP SPT=49120 DPT=3390 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:50:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.120 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=56574 DF PROTO=TCP SPT=38404 DPT=8083 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:50:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.120 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63765 DF PROTO=TCP SPT=38406 DPT=8083 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:50:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19855 Nov 9 05:50:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=19973 Nov 9 05:50:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=26 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20173 Nov 9 05:50:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x20 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20616 Nov 9 05:50:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.60.189.177 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=20716 Nov 9 05:50:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.120 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=25691 DF PROTO=TCP SPT=38426 DPT=8083 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40122 SEQ=1 Nov 9 05:50:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=47974 PROTO=TCP SPT=44764 DPT=10911 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:50:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47284 PROTO=TCP SPT=58999 DPT=7309 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:40 server83 letsencrypt.live.cgi: time="2025-11-09T05:50:40+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ebnsecure WantedNames="[]" error="Account is suspended" Nov 9 05:50:41 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.20.55.26 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=15083 Nov 9 05:50:41 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.20.55.26 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=18362 Nov 9 05:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=21316 PROTO=TCP SPT=44628 DPT=9109 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.191 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=3983 PROTO=TCP SPT=40903 DPT=13000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:50:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3481 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:50:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.194.251.101 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=7584 DF PROTO=TCP SPT=40925 DPT=1548 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.228.17.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=25 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=11681 Nov 9 05:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48043 SEQ=1 Nov 9 05:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.228.17.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=24 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=12224 Nov 9 05:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=56.228.17.160 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=12324 Nov 9 05:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=56.228.17.160 DST=145.239.177.179 LEN=68 TOS=0x08 PREC=0x20 TTL=27 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=12825 Nov 9 05:50:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37366 PROTO=TCP SPT=38881 DPT=5114 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:50:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=31.39.6.216 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=27946 DF PROTO=TCP SPT=48406 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:50:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=31.39.6.216 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=27947 DF PROTO=TCP SPT=48406 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22090 SEQ=1 Nov 9 05:50:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=31.39.6.216 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=27948 DF PROTO=TCP SPT=48406 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:50:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3473 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:50:55 server83 letsencrypt.live.cgi: time="2025-11-09T05:50:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=santinstitute WantedNames="[]" Nov 9 05:50:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43624 PROTO=TCP SPT=54739 DPT=2799 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:51:01 server83 systemd: Started Session 307259 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307264 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307265 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307267 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307266 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307263 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307261 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307262 of user root. Nov 9 05:51:01 server83 systemd: Started Session 307260 of user root. Nov 9 05:51:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.133.110 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19303 DPT=19303 LEN=16 Nov 9 05:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59183 SEQ=1 Nov 9 05:51:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.39 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=58132 DF PROTO=TCP SPT=27046 DPT=23044 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:51:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.85.254 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42039 DPT=5040 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:51:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:51:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:51:07 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59183 SEQ=1 Nov 9 05:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36388 SEQ=1 Nov 9 05:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62346 SEQ=1 Nov 9 05:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50567 SEQ=1 Nov 9 05:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23434 SEQ=1 Nov 9 05:51:11 server83 letsencrypt.live.cgi: time="2025-11-09T05:51:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=apithezini WantedNames="[]" Nov 9 05:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=206 SEQ=1 Nov 9 05:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=206 SEQ=1 Nov 9 05:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14854 SEQ=1 Nov 9 05:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29686 SEQ=1 Nov 9 05:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14854 SEQ=1 Nov 9 05:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56879 SEQ=1 Nov 9 05:51:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3480 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:51:27 server83 letsencrypt.live.cgi: time="2025-11-09T05:51:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pushkar WantedNames="[]" Nov 9 05:51:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.232 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37883 DPT=30005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:51:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.18 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=9780 PROTO=TCP SPT=26200 DPT=9180 WINDOW=58122 RES=0x00 SYN URGP=0 Nov 9 05:51:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45777 SEQ=1 Nov 9 05:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10109 SEQ=1 Nov 9 05:51:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.13 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=46289 PROTO=TCP SPT=56133 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40132 SEQ=1 Nov 9 05:51:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=24468 PROTO=TCP SPT=63867 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:51:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.42 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=38290 DF PROTO=TCP SPT=53840 DPT=8123 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2362 SEQ=1 Nov 9 05:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57403 SEQ=1 Nov 9 05:51:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=24469 PROTO=TCP SPT=63867 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:51:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.42 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=38291 DF PROTO=TCP SPT=53840 DPT=8123 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:51:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.42 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=5596 DF PROTO=TCP SPT=53844 DPT=8123 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:51:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.33.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=36092 PROTO=TCP SPT=37526 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:51:42 server83 letsencrypt.live.cgi: time="2025-11-09T05:51:42+05:30" level=error msg="Failed to process AutoSSL" Username=harmainf error="Experienced fatal pre-flight error for harmainf: User is over quota: harmainf (<nil>)" Nov 9 05:51:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=24472 PROTO=TCP SPT=63867 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:51:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.33.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=36096 PROTO=TCP SPT=37526 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:51:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:51:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5277 PROTO=TCP SPT=45111 DPT=9290 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49735 SEQ=1 Nov 9 05:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12389 SEQ=1 Nov 9 05:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53226 SEQ=1 Nov 9 05:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45856 SEQ=1 Nov 9 05:51:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:51:58 server83 letsencrypt.live.cgi: time="2025-11-09T05:51:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=quantumtrust WantedNames="[]" Nov 9 05:51:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7590 DF PROTO=TCP SPT=52383 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:51:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7591 DF PROTO=TCP SPT=52383 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.200 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54362 DPT=2234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:01 server83 systemd: Started Session 307269 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307268 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307270 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307271 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307272 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307274 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307273 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307275 of user root. Nov 9 05:52:01 server83 systemd: Started Session 307276 of user root. Nov 9 05:52:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7592 DF PROTO=TCP SPT=52383 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:01 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 05:52:01 server83 systemd: Stopped Status Update Service. Nov 9 05:52:01 server83 systemd: Started Status Update Service. Nov 9 05:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7918 PROTO=TCP SPT=49956 DPT=29894 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7593 DF PROTO=TCP SPT=52383 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62775 SEQ=1 Nov 9 05:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55969 SEQ=1 Nov 9 05:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1761 SEQ=1 Nov 9 05:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33891 SEQ=1 Nov 9 05:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.175.211.127 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=28305 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=19185 Nov 9 05:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1761 SEQ=1 Nov 9 05:52:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.72.203 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1085 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 05:52:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.111.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55761 DPT=5000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7594 DF PROTO=TCP SPT=52383 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:14 server83 letsencrypt.live.cgi: time="2025-11-09T05:52:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=queenartjewels WantedNames="[]" Nov 9 05:52:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27454 SEQ=1 Nov 9 05:52:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61519 PROTO=TCP SPT=49956 DPT=25308 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35436 SEQ=1 Nov 9 05:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16067 PROTO=TCP SPT=54739 DPT=2727 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.204 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=36426 DPT=5000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40599 SEQ=1 Nov 9 05:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41972 SEQ=1 Nov 9 05:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29126 SEQ=1 Nov 9 05:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.25.99.255 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=60306 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1082 Nov 9 05:52:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40599 SEQ=1 Nov 9 05:52:29 server83 letsencrypt.live.cgi: time="2025-11-09T05:52:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=devyansh WantedNames="[]" Nov 9 05:52:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=57094 PROTO=TCP SPT=47254 DPT=14944 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:52:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25451 PROTO=TCP SPT=56698 DPT=8204 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.170.223.129 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=33179 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=7853 Nov 9 05:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44546 SEQ=1 Nov 9 05:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1912 SEQ=1 Nov 9 05:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22394 SEQ=1 Nov 9 05:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39040 SEQ=1 Nov 9 05:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22394 SEQ=1 Nov 9 05:52:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35094 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.240.130 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=22485 PROTO=TCP SPT=55287 DPT=2000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.240.170 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=39926 PROTO=TCP SPT=42611 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7595 DF PROTO=TCP SPT=53465 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:42 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.60 DST=51.210.113.204 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=16726 PROTO=UDP SPT=45497 DPT=7784 LEN=17 Nov 9 05:52:42 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.140 DST=51.210.113.204 LEN=49 TOS=0x00 PREC=0x00 TTL=48 ID=22044 PROTO=UDP SPT=53492 DPT=32410 LEN=29 Nov 9 05:52:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7596 DF PROTO=TCP SPT=53465 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.100 DST=51.210.113.204 LEN=53 TOS=0x00 PREC=0x00 TTL=48 ID=45327 PROTO=UDP SPT=56461 DPT=27020 LEN=33 Nov 9 05:52:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7597 DF PROTO=TCP SPT=53465 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:45 server83 letsencrypt.live.cgi: time="2025-11-09T05:52:45+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=zeroteacoffee WantedNames="[]" error="Account is suspended" Nov 9 05:52:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.89 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=35543 PROTO=TCP SPT=42940 DPT=3000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56014 DPT=21760 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7598 DF PROTO=TCP SPT=53465 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3472 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=43401 PROTO=TCP SPT=44928 DPT=37400 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51256 SEQ=1 Nov 9 05:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36870 SEQ=1 Nov 9 05:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13187 SEQ=1 Nov 9 05:52:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3479 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=26771 DF PROTO=ICMP TYPE=8 CODE=0 ID=36287 SEQ=23261 Nov 9 05:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26909 SEQ=1 Nov 9 05:52:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.98.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59150 DPT=3000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.126 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=10285 DF PROTO=TCP SPT=39836 DPT=27515 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:52:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7599 DF PROTO=TCP SPT=53465 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:52:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63371 PROTO=TCP SPT=46370 DPT=3106 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:52:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.120.251 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=52332 DPT=5060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4556] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4560] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4561] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4563] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4572] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4575] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:52:59 server83 NetworkManager[922]: <info> [1762647779.4584] dhcp4 (eth1): dhclient started with pid 32343 Nov 9 05:52:59 server83 dhclient[32343]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x58b3866d) Nov 9 05:53:00 server83 letsencrypt.live.cgi: time="2025-11-09T05:53:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=burripeakconstru WantedNames="[]" Nov 9 05:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:53:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:53:01 server83 systemd: Started Session 307277 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307278 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307279 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307280 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307281 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307283 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307282 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307285 of user root. Nov 9 05:53:01 server83 systemd: Started Session 307284 of user root. Nov 9 05:53:02 server83 dhclient[32343]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x58b3866d) Nov 9 05:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7537 SEQ=1 Nov 9 05:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24071 SEQ=1 Nov 9 05:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.25.83.27 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=237 ID=65223 DF PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=4858 Nov 9 05:53:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:53:05 server83 dhclient[32343]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x58b3866d) Nov 9 05:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2903 SEQ=1 Nov 9 05:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17420 SEQ=1 Nov 9 05:53:08 server83 dhclient[32343]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x58b3866d) Nov 9 05:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24071 SEQ=1 Nov 9 05:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64837 SEQ=1 Nov 9 05:53:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44674 PROTO=TCP SPT=54739 DPT=2427 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.179.175.241 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=63389 DF PROTO=ICMP TYPE=8 CODE=0 ID=11 SEQ=2590 Nov 9 05:53:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.232 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51801 DPT=9391 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.152 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54365 DPT=47058 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:53:14 server83 dhclient[32343]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x58b3866d) Nov 9 05:53:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3478 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:53:16 server83 letsencrypt.live.cgi: time="2025-11-09T05:53:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=knapc WantedNames="[]" Nov 9 05:53:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23420 SEQ=1 Nov 9 05:53:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6901 SEQ=1 Nov 9 05:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.170.223.129 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=40391 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=7853 Nov 9 05:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29680 SEQ=1 Nov 9 05:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3330 SEQ=1 Nov 9 05:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56528 SEQ=1 Nov 9 05:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8535 SEQ=1 Nov 9 05:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38286 SEQ=1 Nov 9 05:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11883 PROTO=TCP SPT=33302 DPT=4521 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:53:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.249.246.17 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5897 DF PROTO=TCP SPT=39182 DPT=2822 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:53:31 server83 dhclient[32343]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x58b3866d) Nov 9 05:53:32 server83 letsencrypt.live.cgi: time="2025-11-09T05:53:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=drvbpatil WantedNames="[]" error="Account is suspended" Nov 9 05:53:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.201 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50687 DPT=9405 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62511 SEQ=1 Nov 9 05:53:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.91.31.128 DST=51.210.113.204 LEN=32 TOS=0x14 PREC=0x00 TTL=43 ID=52570 PROTO=UDP SPT=53594 DPT=30718 LEN=12 Nov 9 05:53:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.50 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51707 DPT=26443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:53:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.61 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=44699 DPT=8990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:53:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10693 PROTO=TCP SPT=49956 DPT=27139 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:53:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62511 SEQ=1 Nov 9 05:53:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61223 SEQ=1 Nov 9 05:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61328 SEQ=1 Nov 9 05:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19360 SEQ=1 Nov 9 05:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65430 SEQ=1 Nov 9 05:53:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:53:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.233 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=32399 DF PROTO=TCP SPT=50838 DPT=8020 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:53:44 server83 NetworkManager[922]: <warn> [1762647824.4510] dhcp4 (eth1): request timed out Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4511] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4670] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32343 Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4670] dhcp4 (eth1): state changed timeout -> done Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4672] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:53:44 server83 NetworkManager[922]: <warn> [1762647824.4677] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4679] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4712] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4716] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4716] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4719] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4729] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4732] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:53:44 server83 NetworkManager[922]: <info> [1762647824.4743] dhcp4 (eth1): dhclient started with pid 1153 Nov 9 05:53:44 server83 dhclient[1153]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x7eee63b9) Nov 9 05:53:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.133.110 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19303 DPT=19303 LEN=16 Nov 9 05:53:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18749 SEQ=1 Nov 9 05:53:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:53:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24719 SEQ=1 Nov 9 05:53:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64311 SEQ=1 Nov 9 05:53:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24719 SEQ=1 Nov 9 05:53:47 server83 letsencrypt.live.cgi: time="2025-11-09T05:53:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ewo WantedNames="[]" Nov 9 05:53:50 server83 dhclient[1153]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7eee63b9) Nov 9 05:53:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26260 PROTO=TCP SPT=45082 DPT=20401 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8969 PROTO=TCP SPT=46370 DPT=1857 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:01 server83 systemd: Started Session 307286 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307287 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307291 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307292 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307293 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307290 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307288 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307289 of user root. Nov 9 05:54:01 server83 systemd: Started Session 307294 of user root. Nov 9 05:54:02 server83 letsencrypt.live.cgi: time="2025-11-09T05:54:02+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ashutosh WantedNames="[]" error="Account is suspended" Nov 9 05:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53963 SEQ=1 Nov 9 05:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26428 SEQ=1 Nov 9 05:54:03 server83 dhclient[1153]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x7eee63b9) Nov 9 05:54:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19617 SEQ=1 Nov 9 05:54:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32753 SEQ=1 Nov 9 05:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21230 SEQ=1 Nov 9 05:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40314 SEQ=1 Nov 9 05:54:09 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 05:54:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40314 SEQ=1 Nov 9 05:54:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.179.102.103 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=28415 DF PROTO=ICMP TYPE=8 CODE=0 ID=11 SEQ=2590 Nov 9 05:54:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.133.110 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19303 DPT=19303 LEN=16 Nov 9 05:54:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33712 PROTO=TCP SPT=41822 DPT=5702 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:54:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50691 DPT=18181 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:54:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23344 PROTO=TCP SPT=39353 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:54:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23345 PROTO=TCP SPT=39353 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59953 SEQ=1 Nov 9 05:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16666 SEQ=1 Nov 9 05:54:18 server83 letsencrypt.live.cgi: time="2025-11-09T05:54:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=balgovin WantedNames="[]" Nov 9 05:54:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12168 PROTO=TCP SPT=45746 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:54:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23346 PROTO=TCP SPT=39353 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:54:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61080 SEQ=1 Nov 9 05:54:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38533 SEQ=1 Nov 9 05:54:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38533 SEQ=1 Nov 9 05:54:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12169 PROTO=TCP SPT=45746 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:54:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6188 SEQ=1 Nov 9 05:54:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12171 PROTO=TCP SPT=45746 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:54:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:54:23 server83 dhclient[1153]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7eee63b9) Nov 9 05:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=124.243.174.17 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=24418 DF PROTO=ICMP TYPE=8 CODE=0 ID=17674 SEQ=50520 Nov 9 05:54:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=20135 PROTO=TCP SPT=55917 DPT=7520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:29 server83 NetworkManager[922]: <warn> [1762647869.4510] dhcp4 (eth1): request timed out Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4510] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4670] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1153 Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4670] dhcp4 (eth1): state changed timeout -> done Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4672] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:54:29 server83 NetworkManager[922]: <warn> [1762647869.4676] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4677] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4709] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4716] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4726] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4728] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:54:29 server83 NetworkManager[922]: <info> [1762647869.4739] dhcp4 (eth1): dhclient started with pid 2577 Nov 9 05:54:29 server83 dhclient[2577]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x358dba2) Nov 9 05:54:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.16 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57235 DPT=32400 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55211 SEQ=1 Nov 9 05:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62272 SEQ=1 Nov 9 05:54:33 server83 dhclient[2577]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x358dba2) Nov 9 05:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55211 SEQ=1 Nov 9 05:54:33 server83 letsencrypt.live.cgi: time="2025-11-09T05:54:33+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=arunengineerings WantedNames="[]" error="Account is suspended" Nov 9 05:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11318 SEQ=1 Nov 9 05:54:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.143 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=56447 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:54:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36530 SEQ=1 Nov 9 05:54:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9002 SEQ=1 Nov 9 05:54:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9002 SEQ=1 Nov 9 05:54:40 server83 dhclient[2577]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x358dba2) Nov 9 05:54:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.49 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=53630 PROTO=TCP SPT=50951 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24746 PROTO=TCP SPT=54739 DPT=2608 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30626 PROTO=TCP SPT=46370 DPT=2207 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2333 SEQ=1 Nov 9 05:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12369 SEQ=1 Nov 9 05:54:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=20961 PROTO=TCP SPT=57580 DPT=8083 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:54:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.70.118 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=23626 PROTO=TCP SPT=60000 DPT=4001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:49 server83 letsencrypt.live.cgi: time="2025-11-09T05:54:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fnbin WantedNames="[]" Nov 9 05:54:49 server83 dhclient[2577]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x358dba2) Nov 9 05:54:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42160 PROTO=TCP SPT=61234 DPT=5951 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:54:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54584 SEQ=1 Nov 9 05:54:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.49 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=29106 PROTO=TCP SPT=49835 DPT=7836 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:54:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16846 PROTO=TCP SPT=46370 DPT=3019 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19149 SEQ=1 Nov 9 05:55:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.214.25.125 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=12059 DF PROTO=TCP SPT=65524 DPT=3080 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 Nov 9 05:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:55:01 server83 systemd: Started Session 307296 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307300 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307297 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307295 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307298 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307299 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307301 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307302 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307303 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307304 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307307 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307306 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307309 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307310 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307308 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307305 of user root. Nov 9 05:55:01 server83 systemd: Started Session 307311 of user root. Nov 9 05:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40443 SEQ=1 Nov 9 05:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19581 SEQ=1 Nov 9 05:55:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.214.25.125 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=12060 DF PROTO=TCP SPT=65524 DPT=3080 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 Nov 9 05:55:05 server83 letsencrypt.live.cgi: time="2025-11-09T05:55:05+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=orida WantedNames="[]" error="Account is suspended" Nov 9 05:55:07 server83 dhclient[2577]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x358dba2) Nov 9 05:55:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63967 SEQ=1 Nov 9 05:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8177 SEQ=1 Nov 9 05:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19149 SEQ=1 Nov 9 05:55:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.66.75.64 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47277 PROTO=TCP SPT=65257 DPT=9071 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3471 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=4449 PROTO=TCP SPT=41443 DPT=20001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:55:13 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.77 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=45 ID=38295 DF PROTO=UDP SPT=4024 DPT=389 LEN=60 Nov 9 05:55:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=37.221.215.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=47323 PROTO=TCP SPT=47436 DPT=8282 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:14 server83 NetworkManager[922]: <warn> [1762647914.4480] dhcp4 (eth1): request timed out Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4481] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4559] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2577 Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4559] dhcp4 (eth1): state changed timeout -> done Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4561] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:55:14 server83 NetworkManager[922]: <warn> [1762647914.4563] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4565] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4592] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4594] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4594] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4596] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4605] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4606] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 05:55:14 server83 NetworkManager[922]: <info> [1762647914.4615] dhcp4 (eth1): dhclient started with pid 4250 Nov 9 05:55:14 server83 dhclient[4250]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x30f8e7c8) Nov 9 05:55:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:55:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58631 SEQ=1 Nov 9 05:55:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21899 SEQ=1 Nov 9 05:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=45519 DF PROTO=ICMP TYPE=8 CODE=0 ID=40161 SEQ=16530 Nov 9 05:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29351 SEQ=1 Nov 9 05:55:20 server83 letsencrypt.live.cgi: time="2025-11-09T05:55:20+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=groupbkmobile WantedNames="[]" error="Account is suspended" Nov 9 05:55:21 server83 dhclient[4250]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x30f8e7c8) Nov 9 05:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58631 SEQ=1 Nov 9 05:55:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3388 SEQ=1 Nov 9 05:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63057 SEQ=1 Nov 9 05:55:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3216 PROTO=TCP SPT=42689 DPT=8963 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:55:28 server83 dhclient[4250]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x30f8e7c8) Nov 9 05:55:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36104 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:55:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17949 SEQ=1 Nov 9 05:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7618 SEQ=1 Nov 9 05:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6542 SEQ=1 Nov 9 05:55:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.187 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51253 DPT=9380 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:55:35 server83 letsencrypt.live.cgi: time="2025-11-09T05:55:35+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=zurfinancial WantedNames="[]" error="Account is suspended" Nov 9 05:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18504 SEQ=1 Nov 9 05:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33878 SEQ=1 Nov 9 05:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35858 SEQ=1 Nov 9 05:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13027 SEQ=1 Nov 9 05:55:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35858 SEQ=1 Nov 9 05:55:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=571 SEQ=1 Nov 9 05:55:39 server83 dhclient[4250]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x30f8e7c8) Nov 9 05:55:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.89 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=45675 PROTO=TCP SPT=59837 DPT=4432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:55:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7600 DF PROTO=TCP SPT=57731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:55:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18696 PROTO=TCP SPT=49956 DPT=25294 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7601 DF PROTO=TCP SPT=57731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:55:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7602 DF PROTO=TCP SPT=57731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:55:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30600 SEQ=1 Nov 9 05:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7603 DF PROTO=TCP SPT=57731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15179 SEQ=1 Nov 9 05:55:51 server83 letsencrypt.live.cgi: time="2025-11-09T05:55:51+05:30" level=error msg="Failed to process AutoSSL" Username=sapmento error="Experienced fatal pre-flight error for sapmento: User is over quota: sapmento (<nil>)" Nov 9 05:55:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3470 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45251 PROTO=TCP SPT=49956 DPT=26193 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:54 server83 dhclient[4250]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x30f8e7c8) Nov 9 05:55:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22444 PROTO=TCP SPT=58603 DPT=5555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:55:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7604 DF PROTO=TCP SPT=57731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:55:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43917 DPT=4432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:55:59 server83 NetworkManager[922]: <warn> [1762647959.4432] dhcp4 (eth1): request timed out Nov 9 05:55:59 server83 NetworkManager[922]: <info> [1762647959.4433] dhcp4 (eth1): state changed unknown -> timeout Nov 9 05:55:59 server83 NetworkManager[922]: <info> [1762647959.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4250 Nov 9 05:55:59 server83 NetworkManager[922]: <info> [1762647959.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 05:55:59 server83 NetworkManager[922]: <info> [1762647959.4594] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 05:55:59 server83 NetworkManager[922]: <warn> [1762647959.4597] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 05:55:59 server83 NetworkManager[922]: <info> [1762647959.4598] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 05:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:56:01 server83 systemd: Started Session 307312 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307313 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307314 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307315 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307316 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307320 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307319 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307317 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307318 of user root. Nov 9 05:56:01 server83 systemd: Started Session 307321 of user root. Nov 9 05:56:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35131 SEQ=1 Nov 9 05:56:04 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.91.127.97 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=31849 DPT=3702 LEN=28 Nov 9 05:56:06 server83 letsencrypt.live.cgi: time="2025-11-09T05:56:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=csmandrewlombard WantedNames="[]" Nov 9 05:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7051 SEQ=1 Nov 9 05:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3172 SEQ=1 Nov 9 05:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49500 SEQ=1 Nov 9 05:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35131 SEQ=1 Nov 9 05:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31582 SEQ=1 Nov 9 05:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7004 SEQ=1 Nov 9 05:56:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.40.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45557 DPT=4432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:56:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35752 PROTO=TCP SPT=57143 DPT=8606 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3477 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:15 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 05:56:15 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 05:56:15 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 05:56:16 server83 scripts.sh: Sun Nov 9 05:56:16 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 05:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32779 SEQ=1 Nov 9 05:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22868 SEQ=1 Nov 9 05:56:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15702 SEQ=1 Nov 9 05:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65473 SEQ=1 Nov 9 05:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61542 SEQ=1 Nov 9 05:56:22 server83 letsencrypt.live.cgi: time="2025-11-09T05:56:22+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=oswalpol WantedNames="[]" error="Account is suspended" Nov 9 05:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51734 SEQ=1 Nov 9 05:56:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.110.79 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47246 DPT=43 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51114 SEQ=1 Nov 9 05:56:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:56:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=40198 PROTO=TCP SPT=47983 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7605 DF PROTO=TCP SPT=58969 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:56:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=47428 PROTO=TCP SPT=47983 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:56:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:56:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=59567 PROTO=TCP SPT=47983 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7606 DF PROTO=TCP SPT=58969 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:56:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=35942 PROTO=TCP SPT=56753 DPT=8111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=116.204.39.178 DST=51.210.113.204 LEN=54 TOS=0x00 PREC=0x00 TTL=41 ID=65374 DF PROTO=ICMP TYPE=8 CODE=0 ID=15432 SEQ=28503 Nov 9 05:56:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.51.244.147 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=58599 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21159 SEQ=1 Nov 9 05:56:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7608 DF PROTO=TCP SPT=58969 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11163 SEQ=1 Nov 9 05:56:37 server83 letsencrypt.live.cgi: time="2025-11-09T05:56:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=airflyticket WantedNames="[]" Nov 9 05:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17746 SEQ=1 Nov 9 05:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47483 SEQ=1 Nov 9 05:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3705 SEQ=1 Nov 9 05:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47483 SEQ=1 Nov 9 05:56:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7609 DF PROTO=TCP SPT=58969 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 05:56:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.56.235 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=6405 DF PROTO=TCP SPT=40652 DPT=1707 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 05:56:49 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40967 SEQ=1 Nov 9 05:56:53 server83 letsencrypt.live.cgi: time="2025-11-09T05:56:53+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=royalindiapacker WantedNames="[]" error="Account is suspended" Nov 9 05:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25940 SEQ=1 Nov 9 05:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21694 SEQ=1 Nov 9 05:56:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53543 PROTO=TCP SPT=61234 DPT=5941 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:56:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.171.25.13 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=41444 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:56:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.121.239 DST=51.210.113.204 LEN=53 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=UDP SPT=59842 DPT=102 LEN=33 Nov 9 05:56:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.92.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57666 DPT=43 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:57:01 server83 systemd: Started Session 307322 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307324 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307326 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307328 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307327 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307323 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307325 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307330 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307329 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307331 of user root. Nov 9 05:57:01 server83 systemd: Started Session 307332 of user root. Nov 9 05:57:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3476 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:57:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19300 SEQ=1 Nov 9 05:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53414 SEQ=1 Nov 9 05:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11445 SEQ=1 Nov 9 05:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11445 SEQ=1 Nov 9 05:57:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41419 SEQ=1 Nov 9 05:57:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44914 PROTO=TCP SPT=51412 DPT=5888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:57:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13923 SEQ=1 Nov 9 05:57:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30520 SEQ=1 Nov 9 05:57:08 server83 letsencrypt.live.cgi: time="2025-11-09T05:57:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hapagexpressdeli WantedNames="[]" Nov 9 05:57:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30839 SEQ=1 Nov 9 05:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.26.171.140 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=22242 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1082 Nov 9 05:57:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.36 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=18785 PROTO=TCP SPT=57309 DPT=34445 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:57:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9127 PROTO=TCP SPT=41158 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9128 PROTO=TCP SPT=41158 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37359 PROTO=TCP SPT=56227 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9129 PROTO=TCP SPT=41158 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37360 PROTO=TCP SPT=56227 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9130 PROTO=TCP SPT=41158 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37361 PROTO=TCP SPT=56227 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61953 SEQ=1 Nov 9 05:57:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38550 SEQ=1 Nov 9 05:57:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3475 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25567 SEQ=1 Nov 9 05:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31664 SEQ=1 Nov 9 05:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16269 SEQ=1 Nov 9 05:57:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59402 SEQ=1 Nov 9 05:57:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.44 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=58572 PROTO=TCP SPT=35117 DPT=46944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:57:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.205 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=24012 PROTO=TCP SPT=53168 DPT=6004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:57:24 server83 letsencrypt.live.cgi: time="2025-11-09T05:57:24+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=rajshree WantedNames="[]" error="Account is suspended" Nov 9 05:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38550 SEQ=1 Nov 9 05:57:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33060 DF PROTO=TCP SPT=47890 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=8770 DF PROTO=ICMP TYPE=8 CODE=0 ID=40446 SEQ=54280 Nov 9 05:57:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.177.58.174 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=37590 DF PROTO=ICMP TYPE=8 CODE=0 ID=11 SEQ=2590 Nov 9 05:57:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33061 DF PROTO=TCP SPT=47890 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33062 DF PROTO=TCP SPT=47890 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33063 DF PROTO=TCP SPT=47890 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43607 SEQ=1 Nov 9 05:57:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.71.41.65 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=55754 PROTO=TCP SPT=61004 DPT=2000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:57:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.225 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=16392 DF PROTO=TCP SPT=19643 DPT=8015 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:57:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.104.65 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=55912 DPT=7473 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:57:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40167 PROTO=TCP SPT=41377 DPT=4016 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:57:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3468 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29673 SEQ=1 Nov 9 05:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18942 SEQ=1 Nov 9 05:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45896 SEQ=1 Nov 9 05:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15261 SEQ=1 Nov 9 05:57:39 server83 letsencrypt.live.cgi: time="2025-11-09T05:57:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=reddkart WantedNames="[]" Nov 9 05:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43607 SEQ=1 Nov 9 05:57:42 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.91.127.97 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=31849 DPT=3702 LEN=28 Nov 9 05:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34163 PROTO=TCP SPT=46370 DPT=1490 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:57:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=12608 DF PROTO=TCP SPT=34870 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13625 PROTO=TCP SPT=60285 DPT=4805 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:57:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=12609 DF PROTO=TCP SPT=34870 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=8076 DF PROTO=TCP SPT=34878 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29537 PROTO=TCP SPT=64966 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=8077 DF PROTO=TCP SPT=34878 DPT=4190 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 05:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42967 SEQ=1 Nov 9 05:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6705 SEQ=1 Nov 9 05:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20248 SEQ=1 Nov 9 05:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20993 SEQ=1 Nov 9 05:57:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49450 PROTO=TCP SPT=53791 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29540 PROTO=TCP SPT=64966 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49451 PROTO=TCP SPT=53791 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29541 PROTO=TCP SPT=64966 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49452 PROTO=TCP SPT=53791 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 05:57:55 server83 letsencrypt.live.cgi: time="2025-11-09T05:57:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=royalinfrakota WantedNames="[]" Nov 9 05:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13735 PROTO=TCP SPT=33478 DPT=9103 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23027 PROTO=TCP SPT=61234 DPT=5991 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:58:01 server83 systemd: Started Session 307333 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307334 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307335 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307336 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307338 of user root. Nov 9 05:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 05:58:01 server83 systemd: Started Session 307339 of user metalarts. Nov 9 05:58:01 server83 systemd: Started Session 307337 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307340 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307341 of user root. Nov 9 05:58:01 server83 systemd: Started Session 307342 of user root. Nov 9 05:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 05:58:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.8.173.13 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=50372 DF PROTO=ICMP TYPE=8 CODE=0 ID=9998 SEQ=51310 Nov 9 05:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11805 SEQ=1 Nov 9 05:58:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=50787 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=116.204.109.93 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=40 ID=59363 DF PROTO=ICMP TYPE=8 CODE=0 ID=19787 SEQ=48962 Nov 9 05:58:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3154 SEQ=1 Nov 9 05:58:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60524 SEQ=1 Nov 9 05:58:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11994 SEQ=1 Nov 9 05:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23653 SEQ=1 Nov 9 05:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3154 SEQ=1 Nov 9 05:58:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=45080 DPT=11434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3474 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:58:10 server83 letsencrypt.live.cgi: time="2025-11-09T05:58:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=courierdelservic WantedNames="[]" Nov 9 05:58:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.39 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19639 PROTO=TCP SPT=28434 DPT=41313 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:58:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50066 DPT=2443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21316 PROTO=TCP SPT=46370 DPT=1992 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:58:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49938 SEQ=1 Nov 9 05:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 05:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 05:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42459 SEQ=1 Nov 9 05:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42459 SEQ=1 Nov 9 05:58:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=1 Nov 9 05:58:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50324 SEQ=1 Nov 9 05:58:24 server83 systemd: Started Session c2838 of user root. Nov 9 05:58:24 server83 scripts.sh: Load Average: 2.86 , 2.72 Nov 9 05:58:24 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 05:58:24 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 05:58:24 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 05:58:24 server83 scripts.sh: HTTPD Status: inactive Nov 9 05:58:24 server83 scripts.sh: MySQL Status: active Nov 9 05:58:24 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 05:58:24 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 05:58:24 server83 scripts.sh: SSHD Status: active Nov 9 05:58:24 server83 scripts.sh: FTP Status: active Nov 9 05:58:24 server83 scripts.sh: LiteSpeed Status: Active Nov 9 05:58:24 server83 scripts.sh: Imunify Status: Active Nov 9 05:58:24 server83 scripts.sh: cPanel Status: active Nov 9 05:58:24 server83 scripts.sh: Memory Status: 11/31 GB - 37.11% Nov 9 05:58:24 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 05:58:24 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 05:58:24 server83 scripts.sh: Local Version: 4.4.5 Nov 9 05:58:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.39 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51842 DPT=9028 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=20493 PROTO=TCP SPT=52926 DPT=1962 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:58:25 server83 imunify-auditd-log-reader[9638]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:58:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.176.81.108 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=29864 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=7853 Nov 9 05:58:26 server83 letsencrypt.live.cgi: time="2025-11-09T05:58:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=krishnaiti WantedNames="[]" Nov 9 05:58:28 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 05:58:31 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 05:58:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24224 SEQ=1 Nov 9 05:58:33 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 05:58:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11300 SEQ=1 Nov 9 05:58:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.81.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43362 DPT=5440 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31271 SEQ=1 Nov 9 05:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4951 SEQ=1 Nov 9 05:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44527 SEQ=1 Nov 9 05:58:38 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 05:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31271 SEQ=1 Nov 9 05:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4951 SEQ=1 Nov 9 05:58:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34011 PROTO=TCP SPT=46507 DPT=4362 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:42 server83 letsencrypt.live.cgi: time="2025-11-09T05:58:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sanatanhinduvahi WantedNames="[]" Nov 9 05:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=42581 PROTO=TCP SPT=61234 DPT=5962 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:58:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=15413 PROTO=TCP SPT=46743 DPT=2222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:58:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 05:58:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=11194 DF PROTO=TCP SPT=38602 DPT=9467 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8819 SEQ=1 Nov 9 05:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42319 SEQ=1 Nov 9 05:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31735 SEQ=1 Nov 9 05:58:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=31947 PROTO=TCP SPT=56185 DPT=7906 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:58:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27341 SEQ=1 Nov 9 05:58:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.74.50.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47888 DPT=5440 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:58:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=28243 PROTO=TCP SPT=49778 DPT=3128 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 05:58:57 server83 letsencrypt.live.cgi: time="2025-11-09T05:58:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=edelhiprivatetax WantedNames="[]" error="Account is suspended" Nov 9 05:58:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.219 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=52209 DF PROTO=TCP SPT=20203 DPT=10004 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:58:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=6283 PROTO=TCP SPT=61234 DPT=5943 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:59:01 server83 systemd: Started Session 307343 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307344 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307346 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307347 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307345 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307348 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307350 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307349 of user root. Nov 9 05:59:01 server83 systemd: Started Session 307351 of user root. Nov 9 05:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.245.219.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=16821 PROTO=TCP SPT=61010 DPT=9000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:59:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.193 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=55290 DPT=42014 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62464 SEQ=1 Nov 9 05:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62464 SEQ=1 Nov 9 05:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51494 SEQ=1 Nov 9 05:59:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24913 SEQ=1 Nov 9 05:59:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57046 SEQ=1 Nov 9 05:59:12 server83 letsencrypt.live.cgi: time="2025-11-09T05:59:12+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bme2024 WantedNames="[]" error="Account is suspended" Nov 9 05:59:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48168 SEQ=1 Nov 9 05:59:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33650 SEQ=1 Nov 9 05:59:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51544 PROTO=TCP SPT=40263 DPT=8015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54268 DPT=8168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.150 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=108 ID=23354 DF PROTO=ICMP TYPE=8 CODE=0 ID=13245 SEQ=24123 Nov 9 05:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18351 SEQ=1 Nov 9 05:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19646 SEQ=1 Nov 9 05:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45219 SEQ=1 Nov 9 05:59:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=55222 DF PROTO=TCP SPT=55799 DPT=9550 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 05:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.25.99.255 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=48925 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1082 Nov 9 05:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45219 SEQ=1 Nov 9 05:59:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55476 PROTO=TCP SPT=45082 DPT=25529 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:59:28 server83 letsencrypt.live.cgi: time="2025-11-09T05:59:28+05:30" level=error msg="Failed to process AutoSSL" Username=razaonli error="Experienced fatal pre-flight error for razaonli: User is over quota: razaonli (<nil>)" Nov 9 05:59:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.239.4.211 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=28568 PROTO=TCP SPT=39762 DPT=5440 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27501 PROTO=TCP SPT=45776 DPT=4974 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34671 SEQ=1 Nov 9 05:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9829 SEQ=1 Nov 9 05:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45355 SEQ=1 Nov 9 05:59:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36344 SEQ=1 Nov 9 05:59:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57216 PROTO=TCP SPT=61234 DPT=5919 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 05:59:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.203.245.192 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=18016 PROTO=TCP SPT=41928 DPT=771 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:35 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 05:59:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.85.254 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47533 DPT=42014 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:38 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 05:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10657 SEQ=1 Nov 9 05:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13277 SEQ=1 Nov 9 05:59:39 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 05:59:39 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 05:59:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:59:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 05:59:40 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 05:59:40 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 05:59:40 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 05:59:40 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 05:59:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=26510 PROTO=TCP SPT=44628 DPT=3878 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 05:59:43 server83 letsencrypt.live.cgi: time="2025-11-09T05:59:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mobileco WantedNames="[]" Nov 9 05:59:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.115 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=47564 PROTO=TCP SPT=45966 DPT=42014 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 05:59:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 05:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37476 SEQ=1 Nov 9 05:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1735 SEQ=1 Nov 9 05:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56232 SEQ=1 Nov 9 05:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35430 SEQ=1 Nov 9 05:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56232 SEQ=1 Nov 9 05:59:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50116 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 05:59:59 server83 letsencrypt.live.cgi: time="2025-11-09T05:59:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wwwfineline WantedNames="[]" Nov 9 06:00:01 server83 systemd: Started Session 307352 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307354 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307355 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307357 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307356 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307353 of user root. Nov 9 06:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:00:01 server83 systemd: Started Session 307358 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307359 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307362 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307361 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307363 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307360 of user root. Nov 9 06:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 06:00:01 server83 systemd: Started Session 307364 of user sanatanhinduvahi. Nov 9 06:00:01 server83 systemd: Started Session 307366 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307365 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307367 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307368 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307370 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307369 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307372 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307371 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307379 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307377 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307378 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307380 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307374 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307375 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307373 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307376 of user root. Nov 9 06:00:01 server83 systemd: Started Session 307381 of user root. Nov 9 06:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 06:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4688 SEQ=1 Nov 9 06:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32742 SEQ=1 Nov 9 06:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15636 SEQ=1 Nov 9 06:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.27.244.234 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=27142 DF PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=4858 Nov 9 06:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41212 SEQ=1 Nov 9 06:00:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51767 SEQ=1 Nov 9 06:00:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27850 SEQ=1 Nov 9 06:00:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61478 SEQ=1 Nov 9 06:00:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41408 SEQ=1 Nov 9 06:00:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:00:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vedatkoselaw WantedNames="[]" Nov 9 06:00:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.12 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=9701 PROTO=TCP SPT=26200 DPT=21100 WINDOW=39134 RES=0x00 SYN URGP=0 Nov 9 06:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53164 SEQ=1 Nov 9 06:00:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36134 SEQ=1 Nov 9 06:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30381 SEQ=1 Nov 9 06:00:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=150.107.36.236 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=31204 PROTO=TCP SPT=45559 DPT=9089 WINDOW=64938 RES=0x00 SYN URGP=0 Nov 9 06:00:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.26 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51664 DPT=9688 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:00:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1956 SEQ=1 Nov 9 06:00:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.25.188.175 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=236 ID=33948 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=18462 Nov 9 06:00:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:00:30 server83 letsencrypt.live.cgi: time="2025-11-09T06:00:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bangkokangel WantedNames="[]" Nov 9 06:00:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32898 SEQ=1 Nov 9 06:00:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50517 SEQ=1 Nov 9 06:00:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4467 PROTO=TCP SPT=48696 DPT=5836 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:00:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33047 SEQ=1 Nov 9 06:00:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.245.90.252 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=11619 DF PROTO=ICMP TYPE=8 CODE=0 ID=43103 SEQ=11548 Nov 9 06:00:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51911 SEQ=1 Nov 9 06:00:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.140 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=49772 PROTO=TCP SPT=49367 DPT=9600 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:00:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20506 SEQ=1 Nov 9 06:00:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.92 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49878 DPT=45836 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:00:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64833 PROTO=TCP SPT=45727 DPT=30337 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:00:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3467 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:00:46 server83 letsencrypt.live.cgi: time="2025-11-09T06:00:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=djcsmcoi WantedNames="[]" Nov 9 06:00:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:00:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12880 PROTO=TCP SPT=61234 DPT=5903 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57508 SEQ=1 Nov 9 06:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18898 SEQ=1 Nov 9 06:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56739 SEQ=1 Nov 9 06:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56627 SEQ=1 Nov 9 06:00:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15169 SEQ=1 Nov 9 06:00:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.223.104.85 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=48232 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37677 SEQ=1 Nov 9 06:00:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=41145 PROTO=TCP SPT=47254 DPT=4648 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:00:57 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.190 DST=145.239.177.179 LEN=92 TOS=0x08 PREC=0x40 TTL=31 ID=45358 PROTO=UDP SPT=28246 DPT=17185 LEN=72 Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4494] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4499] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4500] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4503] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4513] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4516] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:00:59 server83 NetworkManager[922]: <info> [1762648259.4529] dhcp4 (eth1): dhclient started with pid 22103 Nov 9 06:00:59 server83 dhclient[22103]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6db7a6c5) Nov 9 06:01:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.93 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=34285 PROTO=TCP SPT=7060 DPT=3390 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:01:01 server83 systemd: Started Session 307384 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307385 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307383 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307386 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307387 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307388 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307382 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307389 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307391 of user root. Nov 9 06:01:01 server83 systemd: Started Session 307390 of user root. Nov 9 06:01:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:01:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18315 PROTO=TCP SPT=43448 DPT=2686 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:03 server83 dhclient[22103]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6db7a6c5) Nov 9 06:01:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3347 PROTO=TCP SPT=45082 DPT=20401 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12346 SEQ=1 Nov 9 06:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19814 SEQ=1 Nov 9 06:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38595 SEQ=1 Nov 9 06:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38595 SEQ=1 Nov 9 06:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27701 SEQ=1 Nov 9 06:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41062 SEQ=1 Nov 9 06:01:11 server83 letsencrypt.live.cgi: time="2025-11-09T06:01:11+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=nashikvegicultur WantedNames="[]" error="Account is suspended" Nov 9 06:01:13 server83 dhclient[22103]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x6db7a6c5) Nov 9 06:01:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36454 PROTO=TCP SPT=46370 DPT=1883 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.19 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=1088 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:01:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9025 SEQ=1 Nov 9 06:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3224 SEQ=1 Nov 9 06:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30694 SEQ=1 Nov 9 06:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11562 SEQ=1 Nov 9 06:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=1 Nov 9 06:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23800 SEQ=1 Nov 9 06:01:22 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:01:22 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:01:22 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:01:22 server83 dhclient[22103]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x6db7a6c5) Nov 9 06:01:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.116 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52792 DPT=9512 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:01:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=58216 PROTO=TCP SPT=44644 DPT=3878 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:01:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.44 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24332 PROTO=TCP SPT=34748 DPT=5654 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:01:27 server83 letsencrypt.live.cgi: time="2025-11-09T06:01:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kngddegreecolleg WantedNames="[]" Nov 9 06:01:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.212.149 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=7312 DF PROTO=TCP SPT=41463 DPT=11116 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:01:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3466 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48331 SEQ=1 Nov 9 06:01:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39045 SEQ=1 Nov 9 06:01:31 server83 dhclient[22103]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x6db7a6c5) Nov 9 06:01:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=55551 DPT=9158 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:01:32 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:01:32 server83 systemd: Stopped Status Update Service. Nov 9 06:01:32 server83 systemd: Started Status Update Service. Nov 9 06:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59873 SEQ=1 Nov 9 06:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43541 SEQ=1 Nov 9 06:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=40140 DF PROTO=ICMP TYPE=8 CODE=0 ID=64447 SEQ=54833 Nov 9 06:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43541 SEQ=1 Nov 9 06:01:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28639 SEQ=1 Nov 9 06:01:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38562 PROTO=TCP SPT=38337 DPT=7547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:01:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37072 SEQ=1 Nov 9 06:01:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8330 PROTO=TCP SPT=45727 DPT=31369 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.127 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=14564 PROTO=TCP SPT=45410 DPT=889 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:01:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3465 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:42 server83 letsencrypt.live.cgi: time="2025-11-09T06:01:42+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=autoshippings WantedNames="[]" error="Account is suspended" Nov 9 06:01:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20228 PROTO=TCP SPT=44644 DPT=34573 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:01:44 server83 NetworkManager[922]: <warn> [1762648304.4374] dhcp4 (eth1): request timed out Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4374] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4534] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22103 Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4535] dhcp4 (eth1): state changed timeout -> done Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4537] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:01:44 server83 NetworkManager[922]: <warn> [1762648304.4541] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4543] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4576] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4580] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4580] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4584] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4594] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4597] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:01:44 server83 NetworkManager[922]: <info> [1762648304.4608] dhcp4 (eth1): dhclient started with pid 27371 Nov 9 06:01:44 server83 dhclient[27371]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0xc3714f3) Nov 9 06:01:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43609 PROTO=TCP SPT=57993 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:01:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:01:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28901 SEQ=1 Nov 9 06:01:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5846 SEQ=1 Nov 9 06:01:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36785 SEQ=1 Nov 9 06:01:51 server83 dhclient[27371]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0xc3714f3) Nov 9 06:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9906 SEQ=1 Nov 9 06:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54069 SEQ=1 Nov 9 06:01:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50639 DPT=34566 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3965 SEQ=1 Nov 9 06:01:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60275 PROTO=TCP SPT=49956 DPT=29345 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:01:57 server83 letsencrypt.live.cgi: time="2025-11-09T06:01:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=newgatehousef WantedNames="[]" Nov 9 06:02:00 server83 dhclient[27371]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0xc3714f3) Nov 9 06:02:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:02:01 server83 systemd: Started Session 307392 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307393 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307394 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307395 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307397 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307398 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307396 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307399 of user root. Nov 9 06:02:01 server83 systemd: Started Session 307400 of user root. Nov 9 06:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:02:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:02:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6354 SEQ=1 Nov 9 06:02:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63955 PROTO=TCP SPT=49956 DPT=27792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:02:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=51174 PROTO=TCP SPT=44628 DPT=48094 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:02:03 server83 pam_imunify_daemon.bin: time="2025-11-09T06:02:03+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 06:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56747 SEQ=1 Nov 9 06:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23883 SEQ=1 Nov 9 06:02:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=64743 PROTO=TCP SPT=32505 DPT=8010 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:02:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3473 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:02:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24988 PROTO=TCP SPT=45727 DPT=33487 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4218 SEQ=1 Nov 9 06:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43215 SEQ=1 Nov 9 06:02:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53014 SEQ=1 Nov 9 06:02:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.84 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56614 DPT=9949 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:02:13 server83 letsencrypt.live.cgi: time="2025-11-09T06:02:13+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=usbexpress WantedNames="[]" error="Account is suspended" Nov 9 06:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.129.154 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=4596 DF PROTO=TCP SPT=43159 DPT=10135 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:02:15 server83 dhclient[27371]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xc3714f3) Nov 9 06:02:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.22.71.191 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=47 ID=8966 DF PROTO=ICMP TYPE=8 CODE=0 ID=3584 SEQ=26902 Nov 9 06:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58179 SEQ=1 Nov 9 06:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32492 SEQ=1 Nov 9 06:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20451 SEQ=1 Nov 9 06:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25889 SEQ=1 Nov 9 06:02:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35185 PROTO=TCP SPT=45727 DPT=34075 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:02:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=2940 DF PROTO=ICMP TYPE=8 CODE=0 ID=35532 SEQ=56087 Nov 9 06:02:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15778 SEQ=1 Nov 9 06:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44027 SEQ=1 Nov 9 06:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.98.165.154 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=21194 PROTO=TCP SPT=39889 DPT=771 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:02:27 server83 dhclient[27371]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0xc3714f3) Nov 9 06:02:28 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.159.36.140 DST=145.239.177.179 LEN=110 TOS=0x00 PREC=0x00 TTL=49 ID=1338 DF PROTO=UDP SPT=1434 DPT=5060 LEN=90 Nov 9 06:02:28 server83 letsencrypt.live.cgi: time="2025-11-09T06:02:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=parakhngo WantedNames="[]" Nov 9 06:02:29 server83 NetworkManager[922]: <warn> [1762648349.4503] dhcp4 (eth1): request timed out Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27371 Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:02:29 server83 NetworkManager[922]: <warn> [1762648349.4587] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4588] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4620] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4624] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4625] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4628] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4638] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4641] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:02:29 server83 NetworkManager[922]: <info> [1762648349.4651] dhcp4 (eth1): dhclient started with pid 725 Nov 9 06:02:29 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x69803030) Nov 9 06:02:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7610 DF PROTO=TCP SPT=50221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7611 DF PROTO=TCP SPT=50221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7612 DF PROTO=TCP SPT=50274 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7613 DF PROTO=TCP SPT=50274 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62871 SEQ=1 Nov 9 06:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53273 SEQ=1 Nov 9 06:02:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7614 DF PROTO=TCP SPT=50221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56588 SEQ=1 Nov 9 06:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52130 SEQ=1 Nov 9 06:02:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3464 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:02:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7615 DF PROTO=TCP SPT=50274 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7616 DF PROTO=TCP SPT=50221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:36 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x69803030) Nov 9 06:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7617 DF PROTO=TCP SPT=50274 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49683 SEQ=1 Nov 9 06:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24819 PROTO=TCP SPT=40419 DPT=8950 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:02:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:02:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=63569 PROTO=TCP SPT=56114 DPT=7801 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:02:43 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x69803030) Nov 9 06:02:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7618 DF PROTO=TCP SPT=50221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.87 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=35664 PROTO=TCP SPT=48259 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:02:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7619 DF PROTO=TCP SPT=50274 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58452 SEQ=1 Nov 9 06:02:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=60552 DPT=8293 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:02:53 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x69803030) Nov 9 06:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29227 SEQ=1 Nov 9 06:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23439 SEQ=1 Nov 9 06:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21760 SEQ=1 Nov 9 06:02:54 server83 letsencrypt.live.cgi: time="2025-11-09T06:02:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=blue WantedNames="[]" Nov 9 06:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22282 SEQ=1 Nov 9 06:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:03:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:03:01 server83 systemd: Started Session 307403 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307405 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307401 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307402 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307406 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307407 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307408 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307404 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307409 of user root. Nov 9 06:03:01 server83 systemd: Started Session 307410 of user root. Nov 9 06:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47382 SEQ=1 Nov 9 06:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33032 SEQ=1 Nov 9 06:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1169 SEQ=1 Nov 9 06:03:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.112.8.25 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=35228 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=1124 Nov 9 06:03:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33032 SEQ=1 Nov 9 06:03:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7620 DF PROTO=TCP SPT=51159 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:03:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=52227 PROTO=TCP SPT=44644 DPT=82 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:03:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7621 DF PROTO=TCP SPT=51159 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21352 SEQ=1 Nov 9 06:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7622 DF PROTO=TCP SPT=51159 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:03:08 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x69803030) Nov 9 06:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51648 SEQ=1 Nov 9 06:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21352 SEQ=1 Nov 9 06:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51648 SEQ=1 Nov 9 06:03:09 server83 letsencrypt.live.cgi: time="2025-11-09T06:03:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=djkishanoffice WantedNames="[]" Nov 9 06:03:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.158.98 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=46 ID=0 DF PROTO=TCP SPT=59626 DPT=6006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:03:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.142.154.87 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=59980 PROTO=TCP SPT=58914 DPT=343 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:03:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7623 DF PROTO=TCP SPT=51159 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:03:14 server83 NetworkManager[922]: <warn> [1762648394.4389] dhcp4 (eth1): request timed out Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4389] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4468] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 725 Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4468] dhcp4 (eth1): state changed timeout -> done Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4470] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:03:14 server83 NetworkManager[922]: <warn> [1762648394.4473] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4474] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4501] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4503] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4503] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4505] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4513] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4514] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:03:14 server83 NetworkManager[922]: <info> [1762648394.4523] dhcp4 (eth1): dhclient started with pid 6769 Nov 9 06:03:14 server83 dhclient[6769]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x3286291b) Nov 9 06:03:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27691 PROTO=TCP SPT=35524 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:03:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30732 SEQ=1 Nov 9 06:03:19 server83 dhclient[6769]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3286291b) Nov 9 06:03:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7624 DF PROTO=TCP SPT=51159 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:03:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:03:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=975 SEQ=1 Nov 9 06:03:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32529 SEQ=1 Nov 9 06:03:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.131 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=59032 DF PROTO=TCP SPT=44594 DPT=8100 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:03:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54954 DPT=2006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=975 SEQ=1 Nov 9 06:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.131 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=59033 DF PROTO=TCP SPT=44594 DPT=8100 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=37243 DF PROTO=TCP SPT=44600 DPT=8100 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:03:25 server83 letsencrypt.live.cgi: time="2025-11-09T06:03:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wbcdoccsl WantedNames="[]" Nov 9 06:03:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=37244 DF PROTO=TCP SPT=44600 DPT=8100 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:03:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=55223 DF PROTO=TCP SPT=45738 DPT=8100 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:03:26 server83 dhclient[6769]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x3286291b) Nov 9 06:03:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=59965 PROTO=TCP SPT=56146 DPT=3010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:03:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.10 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56760 DPT=6969 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:03:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27538 SEQ=1 Nov 9 06:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44217 SEQ=1 Nov 9 06:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55308 SEQ=1 Nov 9 06:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52195 SEQ=1 Nov 9 06:03:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29675 PROTO=TCP SPT=46370 DPT=1999 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19492 SEQ=1 Nov 9 06:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58445 SEQ=1 Nov 9 06:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34985 SEQ=1 Nov 9 06:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20939 SEQ=1 Nov 9 06:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=9670 DF PROTO=ICMP TYPE=8 CODE=0 ID=16900 SEQ=20971 Nov 9 06:03:38 server83 dhclient[6769]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x3286291b) Nov 9 06:03:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=129.212.188.167 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=48433 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:03:39 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 06:03:41 server83 letsencrypt.live.cgi: time="2025-11-09T06:03:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=server83dl WantedNames="[]" Nov 9 06:03:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.40 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24504 PROTO=TCP SPT=31892 DPT=34200 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:03:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:03:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29165 SEQ=1 Nov 9 06:03:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2504 SEQ=1 Nov 9 06:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58065 SEQ=1 Nov 9 06:03:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=28548 PROTO=TCP SPT=61234 DPT=5910 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20008 SEQ=1 Nov 9 06:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23212 SEQ=1 Nov 9 06:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15633 SEQ=1 Nov 9 06:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.38 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56315 DPT=45118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:03:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31022 SEQ=1 Nov 9 06:03:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:03:56 server83 letsencrypt.live.cgi: time="2025-11-09T06:03:56+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=jaiswalenter WantedNames="[]" error="Account is suspended" Nov 9 06:03:59 server83 dhclient[6769]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3286291b) Nov 9 06:03:59 server83 NetworkManager[922]: <warn> [1762648439.4450] dhcp4 (eth1): request timed out Nov 9 06:03:59 server83 NetworkManager[922]: <info> [1762648439.4450] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:03:59 server83 NetworkManager[922]: <info> [1762648439.4610] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6769 Nov 9 06:03:59 server83 NetworkManager[922]: <info> [1762648439.4610] dhcp4 (eth1): state changed timeout -> done Nov 9 06:03:59 server83 NetworkManager[922]: <info> [1762648439.4612] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:03:59 server83 NetworkManager[922]: <warn> [1762648439.4618] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:03:59 server83 NetworkManager[922]: <info> [1762648439.4621] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:03:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3472 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:03:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.125 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51248 DPT=5988 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7625 DF PROTO=TCP SPT=48253 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:04:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:01 server83 systemd: Started Session 307411 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307412 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307414 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307415 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307413 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307416 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307417 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307418 of user root. Nov 9 06:04:01 server83 systemd: Started Session 307419 of user root. Nov 9 06:04:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7626 DF PROTO=TCP SPT=48253 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:04:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7627 DF PROTO=TCP SPT=48253 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26445 PROTO=TCP SPT=37570 DPT=4427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62225 SEQ=1 Nov 9 06:04:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14025 SEQ=1 Nov 9 06:04:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11324 SEQ=1 Nov 9 06:04:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14025 SEQ=1 Nov 9 06:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.112.95 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=61781 PROTO=TCP SPT=60000 DPT=36422 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7628 DF PROTO=TCP SPT=48253 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:04:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62225 SEQ=1 Nov 9 06:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=513 SEQ=1 Nov 9 06:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39086 SEQ=1 Nov 9 06:04:11 server83 letsencrypt.live.cgi: time="2025-11-09T06:04:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=scuin WantedNames="[]" Nov 9 06:04:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10242 PROTO=TCP SPT=56185 DPT=7909 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:04:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7629 DF PROTO=TCP SPT=48253 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:04:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.177.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49104 DPT=3010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1139 SEQ=1 Nov 9 06:04:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43682 PROTO=TCP SPT=46370 DPT=1644 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:04:17 server83 pam_imunify_daemon.bin: time="2025-11-09T06:04:17+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:04:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15333 SEQ=1 Nov 9 06:04:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36143 SEQ=1 Nov 9 06:04:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16459 SEQ=1 Nov 9 06:04:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1139 SEQ=1 Nov 9 06:04:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.92 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55168 DPT=8836 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=203.55.131.5 DST=145.239.177.179 LEN=52 TOS=0x08 PREC=0x20 TTL=48 ID=39540 PROTO=TCP SPT=46034 DPT=4430 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:28 server83 letsencrypt.live.cgi: time="2025-11-09T06:04:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=alnoorherbalco WantedNames="[]" Nov 9 06:04:34 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:34 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=5101 PROTO=TCP SPT=44644 DPT=39594 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=59880 DPT=11434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32068 SEQ=1 Nov 9 06:04:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32250 SEQ=1 Nov 9 06:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1970 SEQ=1 Nov 9 06:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56044 SEQ=1 Nov 9 06:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59744 SEQ=1 Nov 9 06:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22880 SEQ=1 Nov 9 06:04:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51377 PROTO=TCP SPT=46370 DPT=2277 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:04:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40269 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:44 server83 letsencrypt.live.cgi: time="2025-11-09T06:04:44+05:30" level=error msg="Failed to process AutoSSL" Username=akhandbooks error="Experienced fatal pre-flight error for akhandbooks: User is over quota: akhandbooks (<nil>)" Nov 9 06:04:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.237 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50228 DPT=8845 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39291 SEQ=1 Nov 9 06:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:04:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11853 SEQ=1 Nov 9 06:04:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37337 DPT=30013 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12194 SEQ=1 Nov 9 06:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11853 SEQ=1 Nov 9 06:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16141 SEQ=1 Nov 9 06:04:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35185 PROTO=TCP SPT=45727 DPT=30596 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:04:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.120 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4339 DF PROTO=TCP SPT=37174 DPT=5725 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:04:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.214.25.125 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=2950 DF PROTO=TCP SPT=2466 DPT=21 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:04:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:04:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:04:59 server83 letsencrypt.live.cgi: time="2025-11-09T06:04:59+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=anytimepacker WantedNames="[]" error="Account is suspended" Nov 9 06:05:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.214.25.125 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=2951 DF PROTO=TCP SPT=2466 DPT=21 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:05:01 server83 systemd: Started Session 307420 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307421 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307424 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307425 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307423 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307422 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307426 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307429 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307428 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307427 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307430 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307431 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307432 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307433 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307434 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307436 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307435 of user root. Nov 9 06:05:01 server83 systemd: Started Session 307437 of user root. Nov 9 06:05:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14794 SEQ=1 Nov 9 06:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=115 SEQ=1 Nov 9 06:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=115 SEQ=1 Nov 9 06:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54369 SEQ=1 Nov 9 06:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.112.8.235 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=35481 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=1124 Nov 9 06:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25372 SEQ=1 Nov 9 06:05:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:05:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:05:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=3159 PROTO=TCP SPT=44628 DPT=46762 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:05:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:05:14+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=unfbonline WantedNames="[]" error="Account is suspended" Nov 9 06:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30716 SEQ=1 Nov 9 06:05:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54135 PROTO=TCP SPT=45727 DPT=34851 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:05:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59832 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=190.92.234.166 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=54182 DF PROTO=ICMP TYPE=8 CODE=0 ID=51924 SEQ=51418 Nov 9 06:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44389 SEQ=1 Nov 9 06:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65490 SEQ=1 Nov 9 06:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16112 SEQ=1 Nov 9 06:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10887 SEQ=1 Nov 9 06:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63041 SEQ=1 Nov 9 06:05:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:05:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54212 DPT=46827 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:29 server83 letsencrypt.live.cgi: time="2025-11-09T06:05:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=smartjyotish WantedNames="[]" Nov 9 06:05:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26342 SEQ=1 Nov 9 06:05:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4607 PROTO=TCP SPT=48905 DPT=4834 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.143.152.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46463 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45759 DPT=19000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47047 SEQ=1 Nov 9 06:05:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=54513 DF PROTO=ICMP TYPE=8 CODE=0 ID=55917 SEQ=59766 Nov 9 06:05:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55925 DPT=19000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5990 SEQ=1 Nov 9 06:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41255 SEQ=1 Nov 9 06:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47327 SEQ=1 Nov 9 06:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53196 SEQ=1 Nov 9 06:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.51.193 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5170 DF PROTO=TCP SPT=45992 DPT=508 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:05:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40868 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:45 server83 letsencrypt.live.cgi: time="2025-11-09T06:05:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kjssinvestments WantedNames="[]" Nov 9 06:05:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:05:47 server83 scripts.sh: Sun Nov 9 06:05:47 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 06:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48201 SEQ=1 Nov 9 06:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27639 SEQ=1 Nov 9 06:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18542 SEQ=1 Nov 9 06:05:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.200.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=47057 DPT=6006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:05:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26317 SEQ=1 Nov 9 06:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39049 SEQ=1 Nov 9 06:05:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53676 DPT=9570 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:05:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.47 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55785 DPT=9168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:06:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=59887 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:06:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8455 PROTO=TCP SPT=56698 DPT=8220 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:06:01 server83 letsencrypt.live.cgi: time="2025-11-09T06:06:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=harz WantedNames="[]" Nov 9 06:06:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3292 SEQ=1 Nov 9 06:06:01 server83 systemd: Started Session 307438 of user root. Nov 9 06:06:01 server83 systemd: Started Session 307439 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307440 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307442 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307441 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307443 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307444 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307445 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307446 of user root. Nov 9 06:06:02 server83 systemd: Started Session 307447 of user root. Nov 9 06:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52059 SEQ=1 Nov 9 06:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4611 SEQ=1 Nov 9 06:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21316 SEQ=1 Nov 9 06:06:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.112.8.25 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=58968 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=1124 Nov 9 06:06:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31533 PROTO=TCP SPT=61234 DPT=5996 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:06:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36221 SEQ=1 Nov 9 06:06:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36221 SEQ=1 Nov 9 06:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25023 SEQ=1 Nov 9 06:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52059 SEQ=1 Nov 9 06:06:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:06:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.19 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=407 PROTO=TCP SPT=60919 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:06:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20675 SEQ=1 Nov 9 06:06:17 server83 letsencrypt.live.cgi: time="2025-11-09T06:06:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=skmvhedu WantedNames="[]" Nov 9 06:06:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11126 SEQ=1 Nov 9 06:06:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.27 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=14874 PROTO=TCP SPT=45382 DPT=2017 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7332 SEQ=1 Nov 9 06:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6506 SEQ=1 Nov 9 06:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9645 SEQ=1 Nov 9 06:06:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9238 SEQ=1 Nov 9 06:06:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3471 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:06:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37699 PROTO=TCP SPT=61234 DPT=5988 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:06:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3463 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:06:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46846 SEQ=1 Nov 9 06:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59584 SEQ=1 Nov 9 06:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59584 SEQ=1 Nov 9 06:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15826 SEQ=1 Nov 9 06:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28320 SEQ=1 Nov 9 06:06:32 server83 letsencrypt.live.cgi: time="2025-11-09T06:06:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nakgoldyx WantedNames="[]" Nov 9 06:06:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8732 PROTO=TCP SPT=52373 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62926 SEQ=1 Nov 9 06:06:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8733 PROTO=TCP SPT=52373 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22455 PROTO=TCP SPT=42875 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8734 PROTO=TCP SPT=52373 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8735 PROTO=TCP SPT=52373 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22456 PROTO=TCP SPT=42875 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8736 PROTO=TCP SPT=52373 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22458 PROTO=TCP SPT=42875 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:06:38 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 06:06:39 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:06:39 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:06:39 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:06:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=41506 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:06:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:06:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.52.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50484 DPT=2221 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:06:46 server83 imunify360-php-daemon[734]: /home2/banklemassage/public_html/smini.php: ProactiveModel.Host should not be empty Nov 9 06:06:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17127 SEQ=1 Nov 9 06:06:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21569 SEQ=1 Nov 9 06:06:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9219 SEQ=1 Nov 9 06:06:48 server83 letsencrypt.live.cgi: time="2025-11-09T06:06:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=swargiyabhagwant WantedNames="[]" Nov 9 06:06:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9219 SEQ=1 Nov 9 06:06:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38015 SEQ=1 Nov 9 06:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51203 SEQ=1 Nov 9 06:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38015 SEQ=1 Nov 9 06:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51203 SEQ=1 Nov 9 06:06:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17001 PROTO=TCP SPT=56972 DPT=8406 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:06:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=32358 PROTO=TCP SPT=46536 DPT=31004 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:06:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35219 PROTO=TCP SPT=61234 DPT=5992 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:07:01 server83 systemd: Started Session 307450 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307448 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307449 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307452 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307451 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307454 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307453 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307455 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307456 of user root. Nov 9 06:07:01 server83 systemd: Started Session 307457 of user root. Nov 9 06:07:01 server83 pam_imunify_daemon.bin: time="2025-11-09T06:07:01+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3470 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:07:04 server83 letsencrypt.live.cgi: time="2025-11-09T06:07:04+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=assumekart WantedNames="[]" error="Account is suspended" Nov 9 06:07:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:07:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.7 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53076 DPT=47695 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=677 DF PROTO=TCP SPT=35504 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.11 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56526 DPT=602 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=678 DF PROTO=TCP SPT=35504 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13831 SEQ=1 Nov 9 06:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56068 SEQ=1 Nov 9 06:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3123 SEQ=1 Nov 9 06:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=679 DF PROTO=TCP SPT=35504 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54653 SEQ=1 Nov 9 06:07:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=680 DF PROTO=TCP SPT=35504 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50418 DPT=3978 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:07:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58499 PROTO=TCP SPT=33592 DPT=4843 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:07:19 server83 letsencrypt.live.cgi: time="2025-11-09T06:07:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nextera WantedNames="[]" Nov 9 06:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=681 DF PROTO=TCP SPT=35504 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39485 SEQ=1 Nov 9 06:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34581 SEQ=1 Nov 9 06:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58099 SEQ=1 Nov 9 06:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58099 SEQ=1 Nov 9 06:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10348 SEQ=1 Nov 9 06:07:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.92 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51606 DPT=6800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:07:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8562 SEQ=1 Nov 9 06:07:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25062 SEQ=1 Nov 9 06:07:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27517 SEQ=1 Nov 9 06:07:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34696 SEQ=1 Nov 9 06:07:34 server83 letsencrypt.live.cgi: time="2025-11-09T06:07:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=nilindia WantedNames="[]" error="Account is suspended" Nov 9 06:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59669 SEQ=1 Nov 9 06:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59596 SEQ=1 Nov 9 06:07:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.159 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6033 DF PROTO=TCP SPT=56137 DPT=9591 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57135 SEQ=1 Nov 9 06:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=682 DF PROTO=TCP SPT=35504 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=52733 PROTO=TCP SPT=47238 DPT=44914 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58385 SEQ=1 Nov 9 06:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5911 DF PROTO=TCP SPT=42386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5912 DF PROTO=TCP SPT=42386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.251.67.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=18120 PROTO=TCP SPT=42582 DPT=3022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:07:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5913 DF PROTO=TCP SPT=42386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5914 DF PROTO=TCP SPT=42386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:50 server83 letsencrypt.live.cgi: time="2025-11-09T06:07:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crocotailor WantedNames="[]" Nov 9 06:07:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.12 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=16827 PROTO=TCP SPT=26200 DPT=16002 WINDOW=7204 RES=0x00 SYN URGP=0 Nov 9 06:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48993 SEQ=1 Nov 9 06:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37337 SEQ=1 Nov 9 06:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52896 SEQ=1 Nov 9 06:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24649 SEQ=1 Nov 9 06:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6728 SEQ=1 Nov 9 06:07:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5915 DF PROTO=TCP SPT=42386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:07:55 server83 systemd: Started Session c2839 of user root. Nov 9 06:07:55 server83 scripts.sh: Load Average: 4.20 , 4.00 Nov 9 06:07:55 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 06:07:55 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 06:07:55 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 06:07:55 server83 scripts.sh: HTTPD Status: inactive Nov 9 06:07:55 server83 scripts.sh: MySQL Status: active Nov 9 06:07:55 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 06:07:55 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 06:07:55 server83 scripts.sh: SSHD Status: active Nov 9 06:07:55 server83 scripts.sh: FTP Status: active Nov 9 06:07:55 server83 scripts.sh: LiteSpeed Status: Active Nov 9 06:07:55 server83 scripts.sh: Imunify Status: Active Nov 9 06:07:55 server83 scripts.sh: cPanel Status: active Nov 9 06:07:55 server83 scripts.sh: Memory Status: 11/31 GB - 38.12% Nov 9 06:07:55 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 06:07:55 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 06:07:55 server83 scripts.sh: Local Version: 4.4.5 Nov 9 06:07:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53995 PROTO=TCP SPT=45082 DPT=19317 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:07:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=22248 PROTO=TCP SPT=44628 DPT=25639 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:08:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29393 PROTO=TCP SPT=50691 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:08:01 server83 systemd: Started Session 307459 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307460 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307461 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307463 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307462 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307458 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307464 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307465 of user root. Nov 9 06:08:01 server83 systemd: Started Session 307466 of user root. Nov 9 06:08:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29394 PROTO=TCP SPT=50691 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5816 PROTO=TCP SPT=61234 DPT=5982 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25258 PROTO=TCP SPT=35965 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29395 PROTO=TCP SPT=50691 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13308 SEQ=1 Nov 9 06:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47317 SEQ=1 Nov 9 06:08:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25259 PROTO=TCP SPT=35965 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29396 PROTO=TCP SPT=50691 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29397 PROTO=TCP SPT=50691 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7631 DF PROTO=TCP SPT=57216 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25261 PROTO=TCP SPT=35965 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:05 server83 letsencrypt.live.cgi: time="2025-11-09T06:08:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=icttradeup WantedNames="[]" Nov 9 06:08:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25262 PROTO=TCP SPT=35965 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:08:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7632 DF PROTO=TCP SPT=57216 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30434 SEQ=1 Nov 9 06:08:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55474 DPT=32398 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43382 SEQ=1 Nov 9 06:08:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.215 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53281 DPT=47239 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7633 DF PROTO=TCP SPT=57216 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.127 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=1653 DPT=1434 LEN=9 Nov 9 06:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57992 PROTO=TCP SPT=41554 DPT=4515 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53385 SEQ=1 Nov 9 06:08:18 server83 pam_imunify_daemon.bin: time="2025-11-09T06:08:18+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 06:08:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7634 DF PROTO=TCP SPT=57216 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64773 SEQ=1 Nov 9 06:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53385 SEQ=1 Nov 9 06:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.43 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=35309 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41192 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 06:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 06:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41193 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:22 server83 letsencrypt.live.cgi: time="2025-11-09T06:08:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hecgold2 WantedNames="[]" Nov 9 06:08:22 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:08:22 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 06:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41194 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:08:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=148.153.56.174 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=39870 PROTO=TCP SPT=36927 DPT=4899 WINDOW=64838 RES=0x00 SYN URGP=0 Nov 9 06:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3469 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.17 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=47057 PROTO=TCP SPT=45125 DPT=20256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41195 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3462 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=20348 DF PROTO=ICMP TYPE=8 CODE=0 ID=54170 SEQ=1 Nov 9 06:08:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16224 SEQ=1 Nov 9 06:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16224 SEQ=1 Nov 9 06:08:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=106.75.153.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=54138 PROTO=TCP SPT=58914 DPT=8529 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4177 SEQ=1 Nov 9 06:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=20493 DF PROTO=ICMP TYPE=8 CODE=0 ID=54170 SEQ=2 Nov 9 06:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=20534 DF PROTO=ICMP TYPE=8 CODE=0 ID=54170 SEQ=1 Nov 9 06:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6026 PROTO=TCP SPT=46370 DPT=3287 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41196 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42574 DPT=1314 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:38 server83 letsencrypt.live.cgi: time="2025-11-09T06:08:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gterchs2476 WantedNames="[]" Nov 9 06:08:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.254 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=64965 DF PROTO=TCP SPT=20384 DPT=9738 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18655 SEQ=1 Nov 9 06:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17539 SEQ=1 Nov 9 06:08:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29436 PROTO=TCP SPT=46370 DPT=2826 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.224 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53004 DPT=2001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.95.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53222 DPT=1314 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5917 DF PROTO=TCP SPT=42386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=42.63.70.211 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=47385 PROTO=TCP SPT=50899 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:08:46 server83 imunify360-php-daemon[734]: /home2/banklemassage/public_html/smini.php: ProactiveModel.Host should not be empty Nov 9 06:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3468 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7635 DF PROTO=TCP SPT=58414 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7636 DF PROTO=TCP SPT=58414 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41197 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32612 SEQ=1 Nov 9 06:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=24854 DF PROTO=ICMP TYPE=8 CODE=0 ID=11950 SEQ=23097 Nov 9 06:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28096 SEQ=1 Nov 9 06:08:53 server83 letsencrypt.live.cgi: time="2025-11-09T06:08:53+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=appphooltool WantedNames="[]" error="Account is suspended" Nov 9 06:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56728 SEQ=1 Nov 9 06:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17827 SEQ=1 Nov 9 06:08:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39359 SEQ=1 Nov 9 06:08:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10608 PROTO=TCP SPT=41356 DPT=23000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:08:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7638 DF PROTO=TCP SPT=58414 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:08:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=38193 PROTO=TCP SPT=47279 DPT=10812 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:08:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4954] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4959] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4960] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4963] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4974] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4976] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:08:59 server83 NetworkManager[922]: <info> [1762648739.4989] dhcp4 (eth1): dhclient started with pid 17848 Nov 9 06:08:59 server83 dhclient[17848]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x22c7244c) Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 systemd: Started Session 307468 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307472 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307470 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307473 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307469 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307467 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307474 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307476 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307471 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307475 of user root. Nov 9 06:09:01 server83 systemd: Started Session 307477 of user root. Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:09:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7639 DF PROTO=TCP SPT=58414 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:09:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44221 SEQ=1 Nov 9 06:09:06 server83 dhclient[17848]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x22c7244c) Nov 9 06:09:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54050 SEQ=1 Nov 9 06:09:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33837 SEQ=1 Nov 9 06:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=58864 DPT=9210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21075 DF PROTO=TCP SPT=37810 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33988 SEQ=1 Nov 9 06:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32540 SEQ=1 Nov 9 06:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21076 DF PROTO=TCP SPT=37810 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39492 SEQ=1 Nov 9 06:09:08 server83 letsencrypt.live.cgi: time="2025-11-09T06:09:08+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=todaytution WantedNames="[]" error="Account is suspended" Nov 9 06:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21077 DF PROTO=TCP SPT=37810 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37221 PROTO=TCP SPT=34800 DPT=9852 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21078 DF PROTO=TCP SPT=37810 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7640 DF PROTO=TCP SPT=59075 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:09:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7641 DF PROTO=TCP SPT=59075 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:09:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7642 DF PROTO=TCP SPT=59075 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:09:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.252 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=23141 DF PROTO=TCP SPT=55049 DPT=9667 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45307 SEQ=1 Nov 9 06:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42572 SEQ=1 Nov 9 06:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11056 SEQ=1 Nov 9 06:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45307 SEQ=1 Nov 9 06:09:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41654 PROTO=TCP SPT=45727 DPT=32391 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19606 SEQ=1 Nov 9 06:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35924 PROTO=TCP SPT=49956 DPT=25021 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:09:21 server83 dhclient[17848]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x22c7244c) Nov 9 06:09:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22179 SEQ=1 Nov 9 06:09:24 server83 letsencrypt.live.cgi: time="2025-11-09T06:09:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=stevendixlerllp WantedNames="[]" Nov 9 06:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41198 DF PROTO=TCP SPT=58580 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48786 PROTO=TCP SPT=43457 DPT=2728 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:09:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7644 DF PROTO=TCP SPT=59075 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:09:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27207 PROTO=TCP SPT=45727 DPT=33775 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24039 SEQ=1 Nov 9 06:09:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.89.163 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=40272 PROTO=UDP SPT=41296 DPT=5093 LEN=9 Nov 9 06:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57005 SEQ=1 Nov 9 06:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54351 SEQ=1 Nov 9 06:09:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39406 PROTO=TCP SPT=61234 DPT=5961 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:09:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7210 SEQ=1 Nov 9 06:09:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57005 SEQ=1 Nov 9 06:09:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54351 SEQ=1 Nov 9 06:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11650 SEQ=1 Nov 9 06:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47161 SEQ=1 Nov 9 06:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.207 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56932 DPT=1028 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21080 DF PROTO=TCP SPT=37810 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:09:39 server83 dhclient[17848]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x22c7244c) Nov 9 06:09:39 server83 letsencrypt.live.cgi: time="2025-11-09T06:09:39+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=liquiditytradeli WantedNames="[]" error="Account is suspended" Nov 9 06:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7074 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.79 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=27990 DF PROTO=TCP SPT=12677 DPT=212 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7075 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=61771 PROTO=TCP SPT=56256 DPT=8013 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:09:42 server83 aibolit_wrapper[22084]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626487825811548.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626487825813574.txt --log=/tmp/malware_cleaner_log_17626487825816264.txt --progress=/tmp/malware_cleaner_progress_17626487825815672.json --csv_result=/tmp/revisium_csvfile_17626487825815930.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:09:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7076 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:44 server83 NetworkManager[922]: <warn> [1762648784.4379] dhcp4 (eth1): request timed out Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4380] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4539] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17848 Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4540] dhcp4 (eth1): state changed timeout -> done Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4542] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:09:44 server83 NetworkManager[922]: <warn> [1762648784.4547] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4549] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4582] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4587] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4588] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4591] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4602] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4605] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:09:44 server83 NetworkManager[922]: <info> [1762648784.4617] dhcp4 (eth1): dhclient started with pid 22300 Nov 9 06:09:44 server83 dhclient[22300]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x795aadf5) Nov 9 06:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.207.179 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=5786 DF PROTO=TCP SPT=43656 DPT=3026 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:09:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28768 SEQ=1 Nov 9 06:09:46 server83 aibolit_wrapper[22611]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626487869286998.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626487869288258.txt --log=/tmp/malware_cleaner_log_17626487869289678.txt --progress=/tmp/malware_cleaner_progress_17626487869289362.json --csv_result=/tmp/revisium_csvfile_17626487869289506.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:09:47 server83 dhclient[22300]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x795aadf5) Nov 9 06:09:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32995 SEQ=1 Nov 9 06:09:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30980 SEQ=1 Nov 9 06:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7077 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33042 SEQ=1 Nov 9 06:09:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32995 SEQ=1 Nov 9 06:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44675 SEQ=1 Nov 9 06:09:53 server83 aibolit_wrapper[23324]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626487933392322.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626487933394444.txt --progress=/tmp/malware_cleaner_progress_17626487933394234.json --csv_result=/tmp/revisium_csvfile_17626487933394330.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:09:53 server83 dhclient[22300]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x795aadf5) Nov 9 06:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26594 SEQ=1 Nov 9 06:09:54 server83 letsencrypt.live.cgi: time="2025-11-09T06:09:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=asiapesticides WantedNames="[]" error="Account is suspended" Nov 9 06:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7078 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:09:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44230 PROTO=TCP SPT=61234 DPT=5971 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:10:00 server83 dhclient[22300]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x795aadf5) Nov 9 06:10:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.162 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=8771 PROTO=TCP SPT=51986 DPT=6066 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:10:01 server83 systemd: Started Session 307479 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307478 of user root. Nov 9 06:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:10:01 server83 systemd: Started Session 307480 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307482 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307483 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307481 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307484 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307486 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307485 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307490 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307491 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307487 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307488 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307489 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307492 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307493 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307494 of user root. Nov 9 06:10:01 server83 systemd: Started Session 307495 of user root. Nov 9 06:10:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.152.190 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=28218 PROTO=TCP SPT=34256 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:10:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41489 SEQ=1 Nov 9 06:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57985 SEQ=1 Nov 9 06:10:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.127 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52054 DPT=9012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:10:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62148 PROTO=TCP SPT=49956 DPT=28085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1894 SEQ=1 Nov 9 06:10:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:10:10 server83 letsencrypt.live.cgi: time="2025-11-09T06:10:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mpsoft WantedNames="[]" Nov 9 06:10:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21081 DF PROTO=TCP SPT=37810 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7079 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:14 server83 dhclient[22300]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x795aadf5) Nov 9 06:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.85 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=4405 PROTO=TCP SPT=6592 DPT=2181 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:10:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28240 SEQ=1 Nov 9 06:10:18 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35730 SEQ=1 Nov 9 06:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33185 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33186 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=64151 DF PROTO=ICMP TYPE=8 CODE=0 ID=41920 SEQ=1 Nov 9 06:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31434 SEQ=1 Nov 9 06:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26386 SEQ=1 Nov 9 06:10:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=64210 DF PROTO=ICMP TYPE=8 CODE=0 ID=41920 SEQ=1 Nov 9 06:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37571 SEQ=1 Nov 9 06:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33187 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=64297 DF PROTO=ICMP TYPE=8 CODE=0 ID=41920 SEQ=1 Nov 9 06:10:25 server83 letsencrypt.live.cgi: time="2025-11-09T06:10:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=skiind WantedNames="[]" Nov 9 06:10:25 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=109.236.61.23 DST=145.239.177.179 LEN=36 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=16561 DPT=123 LEN=16 Nov 9 06:10:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.127.226.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=64535 DF PROTO=ICMP TYPE=8 CODE=0 ID=41920 SEQ=1 Nov 9 06:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33188 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:29 server83 NetworkManager[922]: <warn> [1762648829.4503] dhcp4 (eth1): request timed out Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22300 Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:10:29 server83 NetworkManager[922]: <warn> [1762648829.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4671] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4701] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4703] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4704] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4705] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4714] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4716] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:10:29 server83 NetworkManager[922]: <info> [1762648829.4731] dhcp4 (eth1): dhclient started with pid 27301 Nov 9 06:10:29 server83 dhclient[27301]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x10dee7cf) Nov 9 06:10:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61942 PROTO=TCP SPT=47279 DPT=39183 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:10:31 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28953 SEQ=1 Nov 9 06:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29833 SEQ=1 Nov 9 06:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57739 SEQ=1 Nov 9 06:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33189 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28953 SEQ=1 Nov 9 06:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10038 SEQ=1 Nov 9 06:10:37 server83 dhclient[27301]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x10dee7cf) Nov 9 06:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40017 SEQ=1 Nov 9 06:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27452 SEQ=1 Nov 9 06:10:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.110 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=12000 PROTO=TCP SPT=36241 DPT=9050 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48817 SEQ=1 Nov 9 06:10:41 server83 letsencrypt.live.cgi: time="2025-11-09T06:10:41+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=earthvaidic WantedNames="[]" error="Account is suspended" Nov 9 06:10:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.194.251.17 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=5466 DF PROTO=TCP SPT=45088 DPT=4215 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:10:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:10:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3461 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:10:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7080 DF PROTO=TCP SPT=37968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47434 SEQ=1 Nov 9 06:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18860 SEQ=1 Nov 9 06:10:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18860 SEQ=1 Nov 9 06:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.123 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=15478 DF PROTO=TCP SPT=29615 DPT=9749 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33190 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:10:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25869 SEQ=1 Nov 9 06:10:54 server83 dhclient[27301]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x10dee7cf) Nov 9 06:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63749 SEQ=1 Nov 9 06:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.245.90.252 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=43658 DF PROTO=ICMP TYPE=8 CODE=0 ID=43103 SEQ=33317 Nov 9 06:10:56 server83 letsencrypt.live.cgi: time="2025-11-09T06:10:56+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=adhirajenterpris WantedNames="[]" error="Account is suspended" Nov 9 06:10:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.65.234 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=3411 DF PROTO=TCP SPT=47543 DPT=5750 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:11:01 server83 systemd: Started Session 307498 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307497 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307499 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307496 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307500 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307501 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307502 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307503 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307504 of user root. Nov 9 06:11:01 server83 systemd: Started Session 307505 of user root. Nov 9 06:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:11:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=144.48.4.124 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=22372 DF PROTO=TCP SPT=50324 DPT=8080 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:11:03 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:11:03 server83 systemd: Stopped Status Update Service. Nov 9 06:11:03 server83 systemd: Started Status Update Service. Nov 9 06:11:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7645 DF PROTO=TCP SPT=61675 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:11:04 server83 dhclient[27301]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x10dee7cf) Nov 9 06:11:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7646 DF PROTO=TCP SPT=61675 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.210 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54554 DPT=4369 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=33711 PROTO=TCP SPT=61234 DPT=5908 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61148 SEQ=1 Nov 9 06:11:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35413 SEQ=1 Nov 9 06:11:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36565 SEQ=1 Nov 9 06:11:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.157.173 DST=145.239.177.179 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=3774 DF PROTO=TCP SPT=48078 DPT=2793 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:11:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7647 DF PROTO=TCP SPT=61675 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51964 DF PROTO=TCP SPT=36318 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38309 SEQ=1 Nov 9 06:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19857 SEQ=1 Nov 9 06:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51965 DF PROTO=TCP SPT=36318 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7648 DF PROTO=TCP SPT=61675 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:11:11 server83 letsencrypt.live.cgi: time="2025-11-09T06:11:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=canonsexpress WantedNames="[]" Nov 9 06:11:14 server83 NetworkManager[922]: <warn> [1762648874.4503] dhcp4 (eth1): request timed out Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27301 Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:11:14 server83 NetworkManager[922]: <warn> [1762648874.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4719] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4730] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4733] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:11:14 server83 NetworkManager[922]: <info> [1762648874.4745] dhcp4 (eth1): dhclient started with pid 31669 Nov 9 06:11:14 server83 dhclient[31669]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4f40ed84) Nov 9 06:11:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51967 DF PROTO=TCP SPT=36318 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.93 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53633 DPT=8858 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:11:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61668 SEQ=1 Nov 9 06:11:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:11:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64641 SEQ=1 Nov 9 06:11:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11697 SEQ=1 Nov 9 06:11:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7649 DF PROTO=TCP SPT=61675 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11697 SEQ=1 Nov 9 06:11:21 server83 dhclient[31669]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4f40ed84) Nov 9 06:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38635 SEQ=1 Nov 9 06:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42995 SEQ=1 Nov 9 06:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20188 SEQ=1 Nov 9 06:11:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51074 DPT=8811 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38354 SEQ=1 Nov 9 06:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51968 DF PROTO=TCP SPT=36318 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33191 DF PROTO=TCP SPT=42612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.114.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44396 DPT=13228 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:11:27 server83 letsencrypt.live.cgi: time="2025-11-09T06:11:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vandanaagarwal WantedNames="[]" Nov 9 06:11:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.20 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=3267 PROTO=TCP SPT=48484 DPT=3003 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:11:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6388 PROTO=TCP SPT=48873 DPT=8989 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31635 SEQ=1 Nov 9 06:11:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14358 PROTO=TCP SPT=48873 DPT=1080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=3094 DF PROTO=ICMP TYPE=8 CODE=0 ID=63084 SEQ=12229 Nov 9 06:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22577 SEQ=1 Nov 9 06:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61320 SEQ=1 Nov 9 06:11:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20137 PROTO=TCP SPT=48873 DPT=5678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64758 PROTO=TCP SPT=48873 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64056 PROTO=TCP SPT=48873 DPT=8118 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:36 server83 dhclient[31669]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x4f40ed84) Nov 9 06:11:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.182 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39993 DPT=13228 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:11:38 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.152 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=35 ID=44456 PROTO=UDP SPT=24519 DPT=4786 LEN=32 Nov 9 06:11:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22577 SEQ=1 Nov 9 06:11:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40127 PROTO=TCP SPT=48873 DPT=8082 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51969 DF PROTO=TCP SPT=36318 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:42 server83 letsencrypt.live.cgi: time="2025-11-09T06:11:42+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=saishraddhaaspir WantedNames="[]" error="Account is suspended" Nov 9 06:11:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32856 DF PROTO=TCP SPT=37808 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32857 DF PROTO=TCP SPT=37808 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53540 PROTO=TCP SPT=48873 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32858 DF PROTO=TCP SPT=37808 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:11:46 server83 imunify360-php-daemon[734]: /home2/banklemassage/public_html/smini.php: ProactiveModel.Host should not be empty Nov 9 06:11:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10424 PROTO=TCP SPT=48873 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:11:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:11:48 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:11:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.159 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=1247 PROTO=TCP SPT=17652 DPT=5900 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54607 SEQ=1 Nov 9 06:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22050 SEQ=1 Nov 9 06:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18872 SEQ=1 Nov 9 06:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3845 SEQ=1 Nov 9 06:11:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:11:50 server83 dhclient[31669]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x4f40ed84) Nov 9 06:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22101 PROTO=TCP SPT=48873 DPT=1111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:51 server83 pam_imunify_daemon.bin: time="2025-11-09T06:11:51+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24643 SEQ=1 Nov 9 06:11:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39460 PROTO=TCP SPT=61234 DPT=5922 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:11:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3845 SEQ=1 Nov 9 06:11:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.11 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=46543 PROTO=TCP SPT=48127 DPT=26470 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:11:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.17 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=48856 PROTO=TCP SPT=26200 DPT=7272 WINDOW=60648 RES=0x00 SYN URGP=0 Nov 9 06:11:58 server83 letsencrypt.live.cgi: time="2025-11-09T06:11:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sobiyaju WantedNames="[]" Nov 9 06:11:59 server83 NetworkManager[922]: <warn> [1762648919.4503] dhcp4 (eth1): request timed out Nov 9 06:11:59 server83 NetworkManager[922]: <info> [1762648919.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:11:59 server83 NetworkManager[922]: <info> [1762648919.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31669 Nov 9 06:11:59 server83 NetworkManager[922]: <info> [1762648919.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 06:11:59 server83 NetworkManager[922]: <info> [1762648919.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:11:59 server83 NetworkManager[922]: <warn> [1762648919.4668] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:11:59 server83 NetworkManager[922]: <info> [1762648919.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:12:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33478 SEQ=1 Nov 9 06:12:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56983 PROTO=TCP SPT=35710 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39467 SEQ=1 Nov 9 06:12:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20094 SEQ=1 Nov 9 06:12:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56984 PROTO=TCP SPT=35710 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:01 server83 systemd: Started Session 307506 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307508 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307507 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307511 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307509 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307510 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307513 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307514 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307512 of user root. Nov 9 06:12:01 server83 systemd: Started Session 307515 of user root. Nov 9 06:12:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:12:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:12:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18900 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12063 SEQ=1 Nov 9 06:12:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18901 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56986 PROTO=TCP SPT=35710 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=872 PROTO=TCP SPT=61234 DPT=5966 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18902 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56987 PROTO=TCP SPT=35710 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18903 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18904 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:12:08 server83 PAM-hulk[2093]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 06:12:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1782 SEQ=1 Nov 9 06:12:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15536 SEQ=1 Nov 9 06:12:11 server83 PAM-hulk[2254]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 06:12:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=51970 DF PROTO=TCP SPT=36318 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:12:14+05:30" level=error msg="Failed to process AutoSSL" Username=rnpdegreecollege error="Experienced fatal pre-flight error for rnpdegreecollege: User is over quota: rnpdegreecollege (<nil>)" Nov 9 06:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32861 DF PROTO=TCP SPT=37808 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41921 SEQ=1 Nov 9 06:12:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7242 SEQ=1 Nov 9 06:12:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22994 PROTO=TCP SPT=54739 DPT=2602 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50984 SEQ=1 Nov 9 06:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2745 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2746 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6937 PROTO=TCP SPT=49956 DPT=26869 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7242 SEQ=1 Nov 9 06:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.73 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=65323 PROTO=TCP SPT=50677 DPT=2288 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=38831 DF PROTO=ICMP TYPE=8 CODE=0 ID=4623 SEQ=27511 Nov 9 06:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2747 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:12:29 server83 letsencrypt.live.cgi: time="2025-11-09T06:12:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shivkali WantedNames="[]" Nov 9 06:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2748 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=40.192.6.196 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=242 ID=47832 DF PROTO=ICMP TYPE=8 CODE=0 ID=13 SEQ=21772 Nov 9 06:12:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=27675 PROTO=TCP SPT=47254 DPT=35366 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:12:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21094 SEQ=1 Nov 9 06:12:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63976 SEQ=1 Nov 9 06:12:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49521 SEQ=1 Nov 9 06:12:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6003 SEQ=1 Nov 9 06:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.173.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35525 DPT=2288 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2749 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.12.59.118 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=14529 PROTO=TCP SPT=55672 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:12:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=52315 PROTO=TCP SPT=47919 DPT=9090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=190.92.217.56 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=41802 DF PROTO=ICMP TYPE=8 CODE=0 ID=48408 SEQ=10865 Nov 9 06:12:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3466 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.115.78 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1088 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:12:43 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:12:43 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:12:45 server83 letsencrypt.live.cgi: time="2025-11-09T06:12:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=serverwebmpsoft WantedNames="[]" Nov 9 06:12:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:12:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32862 DF PROTO=TCP SPT=37808 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:12:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45733 SEQ=1 Nov 9 06:12:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38430 SEQ=1 Nov 9 06:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10247 SEQ=1 Nov 9 06:12:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3459 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60228 SEQ=1 Nov 9 06:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18567 SEQ=1 Nov 9 06:12:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3465 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:12:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10247 SEQ=1 Nov 9 06:12:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26992 SEQ=1 Nov 9 06:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2750 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:13:00 server83 letsencrypt.live.cgi: time="2025-11-09T06:13:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fxbrastrading WantedNames="[]" Nov 9 06:13:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3005 PROTO=TCP SPT=47513 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:01 server83 systemd: Started Session 307517 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307518 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307519 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307520 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307516 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307521 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307522 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307523 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307524 of user root. Nov 9 06:13:01 server83 systemd: Started Session 307525 of user root. Nov 9 06:13:02 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 06:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3006 PROTO=TCP SPT=47513 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6693 PROTO=TCP SPT=44865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3007 PROTO=TCP SPT=47513 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6694 PROTO=TCP SPT=44865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3008 PROTO=TCP SPT=47513 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6695 PROTO=TCP SPT=44865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44609 SEQ=1 Nov 9 06:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3009 PROTO=TCP SPT=47513 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48195 SEQ=1 Nov 9 06:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6696 PROTO=TCP SPT=44865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14901 SEQ=1 Nov 9 06:13:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.227.170.243 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=8483 PROTO=TCP SPT=61008 DPT=5552 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:13:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6697 PROTO=TCP SPT=44865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26729 SEQ=1 Nov 9 06:13:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56165 SEQ=1 Nov 9 06:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30077 SEQ=1 Nov 9 06:13:09 server83 PAM-hulk[4101]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 06:13:10 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 06:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48180 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3458 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48181 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:13 server83 pam_imunify_daemon.bin: time="2025-11-09T06:13:13+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 06:13:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48182 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:16 server83 letsencrypt.live.cgi: time="2025-11-09T06:13:16+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=siddharthmushroo WantedNames="[]" error="Account is suspended" Nov 9 06:13:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39472 PROTO=TCP SPT=41552 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39473 PROTO=TCP SPT=41552 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22942 SEQ=1 Nov 9 06:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48183 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56333 PROTO=TCP SPT=39199 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39474 PROTO=TCP SPT=41552 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48170 SEQ=1 Nov 9 06:13:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52496 SEQ=1 Nov 9 06:13:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56335 PROTO=TCP SPT=39199 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27685 SEQ=1 Nov 9 06:13:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24465 SEQ=1 Nov 9 06:13:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56337 PROTO=TCP SPT=39199 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48184 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2751 DF PROTO=TCP SPT=50750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14721 PROTO=TCP SPT=54965 DPT=9733 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:13:31 server83 letsencrypt.live.cgi: time="2025-11-09T06:13:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=yovonto1 WantedNames="[]" Nov 9 06:13:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.254.167.143 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=18252 DF PROTO=TCP SPT=19276 DPT=30083 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 06:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49881 SEQ=1 Nov 9 06:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11456 SEQ=1 Nov 9 06:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3918 SEQ=1 Nov 9 06:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37365 SEQ=1 Nov 9 06:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37365 SEQ=1 Nov 9 06:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11325 SEQ=1 Nov 9 06:13:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48185 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3464 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:13:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46021 DF PROTO=TCP SPT=51864 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.82.47.15 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50398 DPT=102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:13:46 server83 letsencrypt.live.cgi: time="2025-11-09T06:13:46+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vandangitafarm WantedNames="[]" error="Account is suspended" Nov 9 06:13:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46022 DF PROTO=TCP SPT=51864 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=36710 PROTO=TCP SPT=43328 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=36711 PROTO=TCP SPT=43328 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44928 PROTO=TCP SPT=56772 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41180 SEQ=1 Nov 9 06:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=42451 DF PROTO=ICMP TYPE=8 CODE=0 ID=61036 SEQ=31626 Nov 9 06:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4148 SEQ=1 Nov 9 06:13:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44930 PROTO=TCP SPT=56772 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50381 SEQ=1 Nov 9 06:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51592 SEQ=1 Nov 9 06:13:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3270 PROTO=TCP SPT=43448 DPT=2800 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:13:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.58.120 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=46 ID=4639 DF PROTO=TCP SPT=48144 DPT=3504 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46025 DF PROTO=TCP SPT=51864 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:01 server83 systemd: Started Session 307527 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307528 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307526 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307529 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307531 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307532 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307530 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307533 of user root. Nov 9 06:14:01 server83 systemd: Started Session 307534 of user root. Nov 9 06:14:02 server83 letsencrypt.live.cgi: time="2025-11-09T06:14:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=profitswingtrade WantedNames="[]" Nov 9 06:14:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38847 PROTO=TCP SPT=57007 DPT=5855 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:14:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.210.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50603 DPT=26656 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:14:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33096 SEQ=1 Nov 9 06:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48814 SEQ=1 Nov 9 06:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8687 SEQ=1 Nov 9 06:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48186 DF PROTO=TCP SPT=56856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46026 DF PROTO=TCP SPT=51864 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:17 server83 letsencrypt.live.cgi: time="2025-11-09T06:14:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=balmaha WantedNames="[]" Nov 9 06:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34331 SEQ=1 Nov 9 06:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19545 SEQ=1 Nov 9 06:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14156 SEQ=1 Nov 9 06:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44619 SEQ=1 Nov 9 06:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57912 SEQ=1 Nov 9 06:14:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=16.112.8.235 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=57550 DF PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=1124 Nov 9 06:14:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53569 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6817 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.191 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=58127 PROTO=TCP SPT=2843 DPT=1961 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6818 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6819 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6820 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:33 server83 letsencrypt.live.cgi: time="2025-11-09T06:14:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vaseraorg WantedNames="[]" Nov 9 06:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25642 SEQ=1 Nov 9 06:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37736 SEQ=1 Nov 9 06:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25411 SEQ=1 Nov 9 06:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57576 SEQ=1 Nov 9 06:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52553 SEQ=1 Nov 9 06:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47742 SEQ=1 Nov 9 06:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6821 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=37627 PROTO=TCP SPT=46058 DPT=44496 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:14:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:14:48 server83 letsencrypt.live.cgi: time="2025-11-09T06:14:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ggbghost WantedNames="[]" Nov 9 06:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46027 DF PROTO=TCP SPT=51864 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.149.19 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=20997 PROTO=TCP SPT=50526 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37286 SEQ=1 Nov 9 06:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57219 SEQ=1 Nov 9 06:14:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=40.124.173.7 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=33930 PROTO=TCP SPT=56340 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59159 SEQ=1 Nov 9 06:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37286 SEQ=1 Nov 9 06:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60959 SEQ=1 Nov 9 06:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6822 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:14:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5435 PROTO=TCP SPT=45727 DPT=30488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:14:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.128 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=2109 PROTO=TCP SPT=57007 DPT=21300 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:01 server83 systemd: Started Session 307535 of user root. Nov 9 06:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:01 server83 systemd: Started Session 307537 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307540 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307539 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307536 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307538 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307541 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307543 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307542 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307544 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307545 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307546 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307549 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307548 of user root. Nov 9 06:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 06:15:01 server83 systemd: Started Session 307547 of user sanatanhinduvahi. Nov 9 06:15:01 server83 systemd: Started Session 307550 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307553 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307551 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307552 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307554 of user root. Nov 9 06:15:01 server83 systemd: Started Session 307555 of user root. Nov 9 06:15:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 06:15:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:15:04 server83 letsencrypt.live.cgi: time="2025-11-09T06:15:04+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=shriinterior WantedNames="[]" error="Account is suspended" Nov 9 06:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2352 SEQ=1 Nov 9 06:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20483 SEQ=1 Nov 9 06:15:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.110.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43995 DPT=26656 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:15:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.146.138 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=19305 DPT=19305 LEN=16 Nov 9 06:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33323 SEQ=1 Nov 9 06:15:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=86 DF PROTO=TCP SPT=50338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=87 DF PROTO=TCP SPT=50338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:18 server83 scripts.sh: Sun Nov 9 06:15:18 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 06:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=88 DF PROTO=TCP SPT=50338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:15:19 server83 letsencrypt.live.cgi: time="2025-11-09T06:15:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bluehavenfin WantedNames="[]" Nov 9 06:15:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38768 SEQ=1 Nov 9 06:15:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7904 SEQ=1 Nov 9 06:15:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:22 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:22 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:15:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.11 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=17580 DF PROTO=TCP SPT=25189 DPT=22100 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58711 SEQ=1 Nov 9 06:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=89 DF PROTO=TCP SPT=50338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6911 SEQ=1 Nov 9 06:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58711 SEQ=1 Nov 9 06:15:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:15:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7650 DF PROTO=TCP SPT=49742 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7651 DF PROTO=TCP SPT=49742 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6823 DF PROTO=TCP SPT=51894 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=90 DF PROTO=TCP SPT=50338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7652 DF PROTO=TCP SPT=49742 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:15:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.139.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52692 DPT=2455 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:15:35 server83 letsencrypt.live.cgi: time="2025-11-09T06:15:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crytostrategies WantedNames="[]" Nov 9 06:15:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54767 SEQ=1 Nov 9 06:15:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28737 SEQ=1 Nov 9 06:15:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17348 SEQ=1 Nov 9 06:15:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22100 PROTO=TCP SPT=58292 DPT=40000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:15:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7653 DF PROTO=TCP SPT=49742 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:15:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.87 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=3505 DF PROTO=TCP SPT=48008 DPT=3689 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:15:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.136.82 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=49154 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28066 SEQ=1 Nov 9 06:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47567 SEQ=1 Nov 9 06:15:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7654 DF PROTO=TCP SPT=49742 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.159 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49787 DPT=25789 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:15:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=91 DF PROTO=TCP SPT=50338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60808 SEQ=1 Nov 9 06:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=28151 PROTO=TCP SPT=50959 DPT=34477 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8473 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4390 SEQ=1 Nov 9 06:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54756 PROTO=TCP SPT=47254 DPT=37511 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:15:50 server83 letsencrypt.live.cgi: time="2025-11-09T06:15:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=digiplast WantedNames="[]" Nov 9 06:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8474 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:15:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41187 SEQ=1 Nov 9 06:15:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27118 SEQ=1 Nov 9 06:15:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8475 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18193 SEQ=1 Nov 9 06:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4390 SEQ=1 Nov 9 06:15:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.128 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1728 PROTO=TCP SPT=13825 DPT=8008 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8476 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:15:59 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 06:16:00 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 06:16:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.194.27 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=50777 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:16:01 server83 systemd: Started Session 307559 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307558 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307556 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307560 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307561 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307557 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307562 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307563 of user root. Nov 9 06:16:01 server83 systemd: Started Session 307564 of user root. Nov 9 06:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:16:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47875 SEQ=1 Nov 9 06:16:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47875 SEQ=1 Nov 9 06:16:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=48401 DF PROTO=ICMP TYPE=8 CODE=0 ID=35400 SEQ=23726 Nov 9 06:16:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:16:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8477 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26512 SEQ=1 Nov 9 06:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24575 SEQ=1 Nov 9 06:16:07 server83 letsencrypt.live.cgi: time="2025-11-09T06:16:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=yodtricd WantedNames="[]" Nov 9 06:16:07 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:16:07 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:16:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7655 DF PROTO=TCP SPT=50485 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4002 SEQ=1 Nov 9 06:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=58620 DF PROTO=ICMP TYPE=8 CODE=0 ID=30607 SEQ=64293 Nov 9 06:16:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7656 DF PROTO=TCP SPT=50485 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:16:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7657 DF PROTO=TCP SPT=50485 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:16:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18228 PROTO=TCP SPT=57557 DPT=4734 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38541 PROTO=TCP SPT=49956 DPT=26017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:16:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=62672 PROTO=TCP SPT=44928 DPT=6888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:16:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=8017 PROTO=TCP SPT=56506 DPT=3393 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:16:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7658 DF PROTO=TCP SPT=50485 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=15576 PROTO=TCP SPT=34381 DPT=15443 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=21650 PROTO=TCP SPT=56972 DPT=8417 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:16:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51160 SEQ=1 Nov 9 06:16:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51674 SEQ=1 Nov 9 06:16:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57286 SEQ=1 Nov 9 06:16:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20730 SEQ=1 Nov 9 06:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8478 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16060 SEQ=1 Nov 9 06:16:23 server83 letsencrypt.live.cgi: time="2025-11-09T06:16:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=deasoft WantedNames="[]" Nov 9 06:16:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41510 SEQ=1 Nov 9 06:16:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7659 DF PROTO=TCP SPT=50485 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:16:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10795 PROTO=TCP SPT=61234 DPT=5907 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:16:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.98 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51374 DPT=4117 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42588 DF PROTO=TCP SPT=36926 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58928 SEQ=1 Nov 9 06:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39228 SEQ=1 Nov 9 06:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11098 SEQ=1 Nov 9 06:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54715 SEQ=1 Nov 9 06:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7614 SEQ=1 Nov 9 06:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42590 DF PROTO=TCP SPT=36926 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51020 PROTO=TCP SPT=62333 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51021 PROTO=TCP SPT=62333 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57390 PROTO=TCP SPT=58840 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51022 PROTO=TCP SPT=62333 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42591 DF PROTO=TCP SPT=36926 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57391 PROTO=TCP SPT=58840 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19204 SEQ=1 Nov 9 06:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31606 SEQ=1 Nov 9 06:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19204 SEQ=1 Nov 9 06:16:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57392 PROTO=TCP SPT=58840 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:39 server83 letsencrypt.live.cgi: time="2025-11-09T06:16:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dbschenkerlogs WantedNames="[]" Nov 9 06:16:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=163.181.254.234 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=52 ID=51744 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=1 Nov 9 06:16:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57394 PROTO=TCP SPT=58840 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:16:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.126.41 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=47198 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42592 DF PROTO=TCP SPT=36926 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=163.181.254.234 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=52 ID=54712 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=7 Nov 9 06:16:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63092 SEQ=1 Nov 9 06:16:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=163.181.254.234 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=52 ID=55244 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=8 Nov 9 06:16:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23501 SEQ=1 Nov 9 06:16:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7065 SEQ=1 Nov 9 06:16:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:16:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55838 SEQ=1 Nov 9 06:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33039 SEQ=1 Nov 9 06:16:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.242.196 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=44359 DPT=40101 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:16:54 server83 letsencrypt.live.cgi: time="2025-11-09T06:16:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=fecundmcu WantedNames="[]" error="Account is suspended" Nov 9 06:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52899 SEQ=1 Nov 9 06:16:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17455 PROTO=TCP SPT=43457 DPT=2490 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:16:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8479 DF PROTO=TCP SPT=34722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4954] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4960] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4961] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4966] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4977] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4981] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:16:59 server83 NetworkManager[922]: <info> [1762649219.4993] dhcp4 (eth1): dhclient started with pid 11585 Nov 9 06:16:59 server83 dhclient[11585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x494983e7) Nov 9 06:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42593 DF PROTO=TCP SPT=36926 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:17:01 server83 systemd: Started Session 307565 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307566 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307567 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307568 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307569 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307570 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307571 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307573 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307574 of user root. Nov 9 06:17:01 server83 systemd: Started Session 307572 of user root. Nov 9 06:17:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:17:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:17:05 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:17:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50707 SEQ=1 Nov 9 06:17:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36763 SEQ=1 Nov 9 06:17:06 server83 aibolit_wrapper[11904]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626492262589074.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626492262590680.txt --log=/tmp/malware_cleaner_log_17626492262592072.txt --progress=/tmp/malware_cleaner_progress_17626492262591718.json --csv_result=/tmp/revisium_csvfile_17626492262591884.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:17:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:17:07 server83 dhclient[11585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x494983e7) Nov 9 06:17:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3456 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38829 SEQ=1 Nov 9 06:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46002 SEQ=1 Nov 9 06:17:09 server83 letsencrypt.live.cgi: time="2025-11-09T06:17:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vivekfinelinearc WantedNames="[]" Nov 9 06:17:10 server83 aibolit_wrapper[12107]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626492305377300.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626492305378150.txt --log=/tmp/malware_cleaner_log_17626492305379146.txt --progress=/tmp/malware_cleaner_progress_17626492305378914.json --csv_result=/tmp/revisium_csvfile_17626492305379026.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:17:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3455 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:17:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35694 SEQ=1 Nov 9 06:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34882 SEQ=1 Nov 9 06:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5168 SEQ=1 Nov 9 06:17:19 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51772 SEQ=1 Nov 9 06:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5138 SEQ=1 Nov 9 06:17:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36101 PROTO=TCP SPT=45082 DPT=951 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:17:21 server83 aibolit_wrapper[12338]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626492412080648.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626492412082158.txt --log=/tmp/malware_cleaner_log_17626492412084382.txt --progress=/tmp/malware_cleaner_progress_17626492412083824.json --csv_result=/tmp/revisium_csvfile_17626492412084114.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34882 SEQ=1 Nov 9 06:17:25 server83 letsencrypt.live.cgi: time="2025-11-09T06:17:25+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ngetin1 WantedNames="[]" error="Account is suspended" Nov 9 06:17:25 server83 aibolit_wrapper[12469]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626492454559784.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626492454560600.txt --log=/tmp/malware_cleaner_log_17626492454561362.txt --progress=/tmp/malware_cleaner_progress_17626492454561162.json --csv_result=/tmp/revisium_csvfile_17626492454561252.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:17:26 server83 systemd: Started Session c2840 of user root. Nov 9 06:17:26 server83 scripts.sh: Load Average: 5.28 , 5.09 Nov 9 06:17:26 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 06:17:26 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 06:17:26 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 06:17:26 server83 scripts.sh: HTTPD Status: inactive Nov 9 06:17:26 server83 scripts.sh: MySQL Status: active Nov 9 06:17:26 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 06:17:26 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 06:17:26 server83 scripts.sh: SSHD Status: active Nov 9 06:17:26 server83 scripts.sh: FTP Status: active Nov 9 06:17:26 server83 scripts.sh: LiteSpeed Status: Active Nov 9 06:17:26 server83 scripts.sh: Imunify Status: Active Nov 9 06:17:26 server83 scripts.sh: cPanel Status: active Nov 9 06:17:26 server83 scripts.sh: Memory Status: 13/31 GB - 42.96% Nov 9 06:17:26 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 06:17:26 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 06:17:26 server83 scripts.sh: Local Version: 4.4.5 Nov 9 06:17:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60624 PROTO=TCP SPT=34303 DPT=9229 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:17:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51307 DPT=40101 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:17:28 server83 dhclient[11585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x494983e7) Nov 9 06:17:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.100.36.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x20 TTL=50 ID=45451 DF PROTO=TCP SPT=53162 DPT=5960 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:17:29 server83 aibolit_wrapper[12642]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626492497027056.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626492497028382.txt --log=/tmp/malware_cleaner_log_17626492497030190.txt --progress=/tmp/malware_cleaner_progress_17626492497029690.json --csv_result=/tmp/revisium_csvfile_17626492497029906.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:17:31 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20114 SEQ=1 Nov 9 06:17:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.12 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=29180 PROTO=TCP SPT=26200 DPT=10018 WINDOW=2404 RES=0x00 SYN URGP=0 Nov 9 06:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42594 DF PROTO=TCP SPT=36926 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:17:37 server83 dhclient[11585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x494983e7) Nov 9 06:17:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17057 SEQ=1 Nov 9 06:17:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46934 SEQ=1 Nov 9 06:17:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17008 SEQ=1 Nov 9 06:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60237 SEQ=1 Nov 9 06:17:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3463 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:17:40 server83 letsencrypt.live.cgi: time="2025-11-09T06:17:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bmomails WantedNames="[]" Nov 9 06:17:44 server83 NetworkManager[922]: <warn> [1762649264.4503] dhcp4 (eth1): request timed out Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11585 Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:17:44 server83 NetworkManager[922]: <warn> [1762649264.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4672] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4703] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4707] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4707] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4711] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4721] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4724] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:17:44 server83 NetworkManager[922]: <info> [1762649264.4736] dhcp4 (eth1): dhclient started with pid 13030 Nov 9 06:17:44 server83 dhclient[13030]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x55263e9f) Nov 9 06:17:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38279 PROTO=TCP SPT=61234 DPT=5954 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:17:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42211 PROTO=TCP SPT=61234 DPT=5911 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45796 SEQ=1 Nov 9 06:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.203.178.231 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=10936 DF PROTO=TCP SPT=28485 DPT=8545 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18782 SEQ=1 Nov 9 06:17:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.203.178.231 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=10937 DF PROTO=TCP SPT=28485 DPT=8545 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:17:51 server83 dhclient[13030]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x55263e9f) Nov 9 06:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6356 SEQ=1 Nov 9 06:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18782 SEQ=1 Nov 9 06:17:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.203.90.246 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=37860 PROTO=TCP SPT=61002 DPT=8090 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.172 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=109 ID=16222 DF PROTO=ICMP TYPE=8 CODE=0 ID=42313 SEQ=30049 Nov 9 06:17:56 server83 letsencrypt.live.cgi: time="2025-11-09T06:17:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=splinstr WantedNames="[]" Nov 9 06:18:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30524 PROTO=TCP SPT=44928 DPT=6888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:18:01 server83 systemd: Started Session 307576 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307575 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307579 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307580 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307581 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307577 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307578 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307582 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307583 of user root. Nov 9 06:18:01 server83 systemd: Started Session 307584 of user root. Nov 9 06:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:18:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52396 DPT=48870 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37299 SEQ=1 Nov 9 06:18:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44576 SEQ=1 Nov 9 06:18:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11279 SEQ=1 Nov 9 06:18:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63523 SEQ=1 Nov 9 06:18:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:18:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:18:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:18:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56830 DPT=10259 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3454 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47349 SEQ=1 Nov 9 06:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29099 SEQ=1 Nov 9 06:18:10 server83 dhclient[13030]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x55263e9f) Nov 9 06:18:12 server83 letsencrypt.live.cgi: time="2025-11-09T06:18:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=freedomgroup WantedNames="[]" Nov 9 06:18:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41990 PROTO=TCP SPT=61234 DPT=5970 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:18:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3971 PROTO=TCP SPT=53077 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14163 SEQ=1 Nov 9 06:18:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55202 SEQ=1 Nov 9 06:18:19 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:18:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43910 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:20 server83 dhclient[13030]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x55263e9f) Nov 9 06:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 06:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 06:18:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7952 SEQ=1 Nov 9 06:18:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59077 SEQ=1 Nov 9 06:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7952 SEQ=1 Nov 9 06:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14163 SEQ=1 Nov 9 06:18:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=18414 PROTO=TCP SPT=56506 DPT=3393 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:18:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.102 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56390 DPT=6672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:27 server83 letsencrypt.live.cgi: time="2025-11-09T06:18:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shoebato WantedNames="[]" Nov 9 06:18:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=19903 PROTO=TCP SPT=48713 DPT=34184 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:18:29 server83 NetworkManager[922]: <warn> [1762649309.4387] dhcp4 (eth1): request timed out Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4388] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4467] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13030 Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4467] dhcp4 (eth1): state changed timeout -> done Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4470] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:18:29 server83 NetworkManager[922]: <warn> [1762649309.4475] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4477] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4508] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4512] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4513] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4515] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4525] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4527] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:18:29 server83 NetworkManager[922]: <info> [1762649309.4540] dhcp4 (eth1): dhclient started with pid 14289 Nov 9 06:18:29 server83 dhclient[14289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x6320fe39) Nov 9 06:18:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=15245 PROTO=TCP SPT=56337 DPT=1110 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:18:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:18:30 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:18:31 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:18:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51960 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54486 SEQ=1 Nov 9 06:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19652 SEQ=1 Nov 9 06:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58054 SEQ=1 Nov 9 06:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12894 SEQ=1 Nov 9 06:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12550 SEQ=1 Nov 9 06:18:32 server83 dhclient[14289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6320fe39) Nov 9 06:18:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.33 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=34577 PROTO=TCP SPT=41964 DPT=31915 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:18:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7660 DF PROTO=TCP SPT=54080 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:18:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7661 DF PROTO=TCP SPT=54080 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:18:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62756 PROTO=TCP SPT=46370 DPT=3143 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:18:39 server83 dhclient[14289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x6320fe39) Nov 9 06:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7662 DF PROTO=TCP SPT=54080 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23204 SEQ=1 Nov 9 06:18:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.159 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51500 DPT=45976 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7663 DF PROTO=TCP SPT=54080 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:18:43 server83 letsencrypt.live.cgi: time="2025-11-09T06:18:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=biomass WantedNames="[]" Nov 9 06:18:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62887 PROTO=TCP SPT=44778 DPT=8721 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46916 SEQ=1 Nov 9 06:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37694 SEQ=1 Nov 9 06:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50048 SEQ=1 Nov 9 06:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25654 SEQ=1 Nov 9 06:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46916 SEQ=1 Nov 9 06:18:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7664 DF PROTO=TCP SPT=54080 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:18:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31255 SEQ=1 Nov 9 06:18:53 server83 dhclient[14289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6320fe39) Nov 9 06:18:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.247.224 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52833 DPT=5443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:18:58 server83 letsencrypt.live.cgi: time="2025-11-09T06:18:58+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=naneshiti WantedNames="[]" error="Account is suspended" Nov 9 06:19:00 server83 dhclient[14289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x6320fe39) Nov 9 06:19:01 server83 systemd: Started Session 307585 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307586 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307587 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307589 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307588 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307590 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307591 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307592 of user root. Nov 9 06:19:01 server83 systemd: Started Session 307593 of user root. Nov 9 06:19:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51653 PROTO=TCP SPT=38585 DPT=4777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.36 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47037 DPT=7443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1666 SEQ=1 Nov 9 06:19:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32910 SEQ=1 Nov 9 06:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40800 SEQ=1 Nov 9 06:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50230 SEQ=1 Nov 9 06:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28678 SEQ=1 Nov 9 06:19:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=3010 PROTO=TCP SPT=44912 DPT=13619 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:19:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42897 SEQ=1 Nov 9 06:19:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28678 SEQ=1 Nov 9 06:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42663 SEQ=1 Nov 9 06:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21203 SEQ=1 Nov 9 06:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.111 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=26714 PROTO=TCP SPT=56484 DPT=5904 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:19:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=32973 PROTO=TCP SPT=56649 DPT=10179 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:19:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:19:14+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=phooltool WantedNames="[]" error="Account is suspended" Nov 9 06:19:14 server83 NetworkManager[922]: <warn> [1762649354.4403] dhcp4 (eth1): request timed out Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4403] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4563] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 14289 Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4563] dhcp4 (eth1): state changed timeout -> done Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4566] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:19:14 server83 NetworkManager[922]: <warn> [1762649354.4572] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4575] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4609] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4614] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4616] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4621] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4632] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4636] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:19:14 server83 NetworkManager[922]: <info> [1762649354.4648] dhcp4 (eth1): dhclient started with pid 15323 Nov 9 06:19:14 server83 dhclient[15323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7451f3fc) Nov 9 06:19:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=42059 PROTO=TCP SPT=55387 DPT=9901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46820 SEQ=1 Nov 9 06:19:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.56.61.130 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=5124 PROTO=UDP SPT=35702 DPT=10074 LEN=32 Nov 9 06:19:22 server83 dhclient[15323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7451f3fc) Nov 9 06:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22035 SEQ=1 Nov 9 06:19:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=43566 DPT=9901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9022 SEQ=1 Nov 9 06:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22061 SEQ=1 Nov 9 06:19:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7665 DF PROTO=TCP SPT=55301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:19:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7666 DF PROTO=TCP SPT=55301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:19:29 server83 letsencrypt.live.cgi: time="2025-11-09T06:19:29+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=kaplmail WantedNames="[]" error="Account is suspended" Nov 9 06:19:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44696 PROTO=TCP SPT=37926 DPT=7648 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7667 DF PROTO=TCP SPT=55301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:19:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.90 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52359 DPT=44304 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3613 SEQ=1 Nov 9 06:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44111 SEQ=1 Nov 9 06:19:34 server83 dhclient[15323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7451f3fc) Nov 9 06:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7668 DF PROTO=TCP SPT=55301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.231.83 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=50444 PROTO=TCP SPT=61007 DPT=1245 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39014 SEQ=1 Nov 9 06:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50542 SEQ=1 Nov 9 06:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61422 SEQ=1 Nov 9 06:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62005 SEQ=1 Nov 9 06:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29350 SEQ=1 Nov 9 06:19:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7291 PROTO=TCP SPT=48697 DPT=25933 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:19:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3462 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:19:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7669 DF PROTO=TCP SPT=55301 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:19:44 server83 letsencrypt.live.cgi: time="2025-11-09T06:19:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=rahiprint WantedNames="[]" error="Account is suspended" Nov 9 06:19:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.54.31.44 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=39157 PROTO=TCP SPT=26200 DPT=5278 WINDOW=18742 RES=0x00 SYN URGP=0 Nov 9 06:19:46 server83 dhclient[15323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x7451f3fc) Nov 9 06:19:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49367 DPT=8412 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34280 PROTO=TCP SPT=43739 DPT=2655 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:19:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20766 SEQ=1 Nov 9 06:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39750 SEQ=1 Nov 9 06:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49519 SEQ=1 Nov 9 06:19:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=18745 DF PROTO=TCP SPT=24085 DPT=22735 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:19:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7183 PROTO=TCP SPT=47655 DPT=8558 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51557 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64544 SEQ=1 Nov 9 06:19:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=45529 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:19:59 server83 NetworkManager[922]: <warn> [1762649399.4422] dhcp4 (eth1): request timed out Nov 9 06:19:59 server83 NetworkManager[922]: <info> [1762649399.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:19:59 server83 NetworkManager[922]: <info> [1762649399.4502] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15323 Nov 9 06:19:59 server83 NetworkManager[922]: <info> [1762649399.4502] dhcp4 (eth1): state changed timeout -> done Nov 9 06:19:59 server83 NetworkManager[922]: <info> [1762649399.4505] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:19:59 server83 NetworkManager[922]: <warn> [1762649399.4512] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:19:59 server83 NetworkManager[922]: <info> [1762649399.4515] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:19:59 server83 letsencrypt.live.cgi: time="2025-11-09T06:19:59+05:30" level=error msg="Failed to process AutoSSL" Username=ijspvidyalaya error="Experienced fatal pre-flight error for ijspvidyalaya: User is over quota: ijspvidyalaya (<nil>)" Nov 9 06:20:01 server83 systemd: Started Session 307594 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307595 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307596 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307597 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307601 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307602 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307604 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307598 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307599 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307603 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307600 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307605 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307607 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307608 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307609 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307610 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307606 of user root. Nov 9 06:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:20:01 server83 systemd: Started Session 307611 of user root. Nov 9 06:20:01 server83 systemd: Started Session 307612 of user root. Nov 9 06:20:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56921 SEQ=1 Nov 9 06:20:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.158 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53153 DPT=3333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62962 PROTO=TCP SPT=33460 DPT=4500 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58425 PROTO=TCP SPT=43572 DPT=6425 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5155 SEQ=1 Nov 9 06:20:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=49264 PROTO=TCP SPT=56114 DPT=7801 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:20:08 server83 PAM-hulk[16527]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 06:20:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=48372 PROTO=TCP SPT=55975 DPT=7613 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:20:11 server83 PAM-hulk[16738]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 06:20:14 server83 PAM-hulk[16788]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 06:20:15 server83 letsencrypt.live.cgi: time="2025-11-09T06:20:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bnkmail WantedNames="[]" Nov 9 06:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52038 SEQ=1 Nov 9 06:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36873 SEQ=1 Nov 9 06:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42546 SEQ=1 Nov 9 06:20:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12180 SEQ=1 Nov 9 06:20:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:20:31 server83 letsencrypt.live.cgi: time="2025-11-09T06:20:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vedicrasoi WantedNames="[]" Nov 9 06:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32035 SEQ=1 Nov 9 06:20:34 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:20:34 server83 systemd: Stopped Status Update Service. Nov 9 06:20:34 server83 systemd: Started Status Update Service. Nov 9 06:20:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.246 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50247 DPT=6568 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1931 SEQ=1 Nov 9 06:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64908 SEQ=1 Nov 9 06:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39567 SEQ=1 Nov 9 06:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52615 DPT=9668 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=36348 PROTO=TCP SPT=41012 DPT=19117 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:46 server83 letsencrypt.live.cgi: time="2025-11-09T06:20:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=spsphulpur WantedNames="[]" Nov 9 06:20:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26252 SEQ=1 Nov 9 06:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1661 SEQ=1 Nov 9 06:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26252 SEQ=1 Nov 9 06:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1661 SEQ=1 Nov 9 06:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33004 SEQ=1 Nov 9 06:20:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=203.55.131.3 DST=51.210.113.204 LEN=52 TOS=0x08 PREC=0x20 TTL=48 ID=50723 PROTO=TCP SPT=42294 DPT=2122 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45129 SEQ=1 Nov 9 06:20:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.53 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39179 DPT=14994 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:20:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.82.47.51 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=54966 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.94 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53376 DPT=2053 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52604 DPT=1194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:01 server83 systemd: Started Session 307613 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307614 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307616 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307615 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307617 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307618 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307620 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307619 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307621 of user root. Nov 9 06:21:01 server83 systemd: Started Session 307622 of user root. Nov 9 06:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27806 SEQ=1 Nov 9 06:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27806 SEQ=1 Nov 9 06:21:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.126.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=44528 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=662 SEQ=1 Nov 9 06:21:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.144 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=45555 PROTO=TCP SPT=55260 DPT=9002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:21:02 server83 letsencrypt.live.cgi: time="2025-11-09T06:21:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=deenanathvidhima WantedNames="[]" Nov 9 06:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18516 SEQ=1 Nov 9 06:21:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:21:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.204 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=44562 DPT=2000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40104 SEQ=1 Nov 9 06:21:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62541 SEQ=1 Nov 9 06:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29562 SEQ=1 Nov 9 06:21:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38289 PROTO=TCP SPT=48355 DPT=5606 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=52669 PROTO=TCP SPT=48713 DPT=35104 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:21:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=42540 DPT=37777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:21:17 server83 letsencrypt.live.cgi: time="2025-11-09T06:21:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=launcheracademy WantedNames="[]" Nov 9 06:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43532 SEQ=1 Nov 9 06:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43743 SEQ=1 Nov 9 06:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24527 SEQ=1 Nov 9 06:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17488 SEQ=1 Nov 9 06:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17488 SEQ=1 Nov 9 06:21:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=141.82.3.32 DST=145.239.177.179 LEN=46 TOS=0x00 PREC=0x00 TTL=35 ID=16456 PROTO=UDP SPT=49337 DPT=12333 LEN=26 Nov 9 06:21:30 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.90 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=34 ID=55754 PROTO=UDP SPT=19829 DPT=2362 LEN=22 Nov 9 06:21:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60131 SEQ=1 Nov 9 06:21:33 server83 letsencrypt.live.cgi: time="2025-11-09T06:21:33+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=newdelhitouristt WantedNames="[]" error="Account is suspended" Nov 9 06:21:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26686 SEQ=1 Nov 9 06:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16945 SEQ=1 Nov 9 06:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32263 SEQ=1 Nov 9 06:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.216 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=112 ID=62761 DF PROTO=ICMP TYPE=8 CODE=0 ID=21667 SEQ=61819 Nov 9 06:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26686 SEQ=1 Nov 9 06:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11830 SEQ=1 Nov 9 06:21:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.139 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=15321 PROTO=TCP SPT=47742 DPT=21310 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:21:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6957 PROTO=TCP SPT=45727 DPT=31859 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:21:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:21:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:21:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:21:48 server83 letsencrypt.live.cgi: time="2025-11-09T06:21:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shchikitsalay WantedNames="[]" Nov 9 06:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6541 SEQ=1 Nov 9 06:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31390 SEQ=1 Nov 9 06:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36985 SEQ=1 Nov 9 06:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17381 SEQ=1 Nov 9 06:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17381 SEQ=1 Nov 9 06:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29701 SEQ=1 Nov 9 06:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11483 SEQ=1 Nov 9 06:21:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3461 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:21:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.110.239.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=19355 PROTO=TCP SPT=61012 DPT=8001 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:21:59 server83 pam_imunify_daemon.bin: time="2025-11-09T06:21:59+05:30" level=warning msg="Send stats for 9 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=9 Nov 9 06:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:01 server83 systemd: Started Session 307623 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307624 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307625 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307626 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307627 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307628 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307629 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307630 of user root. Nov 9 06:22:01 server83 systemd: Started Session 307631 of user root. Nov 9 06:22:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52929 DPT=45731 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31977 SEQ=1 Nov 9 06:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48331 SEQ=1 Nov 9 06:22:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31765 SEQ=1 Nov 9 06:22:04 server83 letsencrypt.live.cgi: time="2025-11-09T06:22:04+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=razawebe WantedNames="[]" error="Account is suspended" Nov 9 06:22:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50629 DPT=8172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:22:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40639 SEQ=1 Nov 9 06:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40639 SEQ=1 Nov 9 06:22:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:22:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:22:07 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:22:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.86.135 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1090 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:22:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=124.198.132.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48622 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:22:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53837 SEQ=1 Nov 9 06:22:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25147 SEQ=1 Nov 9 06:22:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26913 SEQ=1 Nov 9 06:22:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29797 SEQ=1 Nov 9 06:22:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53837 SEQ=1 Nov 9 06:22:19 server83 letsencrypt.live.cgi: time="2025-11-09T06:22:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=lgcenergyglobal WantedNames="[]" Nov 9 06:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27341 SEQ=1 Nov 9 06:22:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41323 PROTO=TCP SPT=61234 DPT=5997 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:22:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46310 SEQ=1 Nov 9 06:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23994 SEQ=1 Nov 9 06:22:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.4 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=55692 PROTO=TCP SPT=26200 DPT=45667 WINDOW=39071 RES=0x00 SYN URGP=0 Nov 9 06:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46310 SEQ=1 Nov 9 06:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=45114 DF PROTO=ICMP TYPE=8 CODE=0 ID=17918 SEQ=55618 Nov 9 06:22:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=61536 DF PROTO=TCP SPT=46514 DPT=5090 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48695 PROTO=TCP SPT=45727 DPT=32895 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:22:35 server83 letsencrypt.live.cgi: time="2025-11-09T06:22:35+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=reliableallumini WantedNames="[]" error="Account is suspended" Nov 9 06:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=51674 DF PROTO=TCP SPT=46540 DPT=5090 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.193 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53621 DPT=9505 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19186 DF PROTO=TCP SPT=60808 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14005 PROTO=TCP SPT=48782 DPT=5800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9427 SEQ=1 Nov 9 06:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34696 SEQ=1 Nov 9 06:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48746 SEQ=1 Nov 9 06:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51458 SEQ=1 Nov 9 06:22:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=37554 DF PROTO=TCP SPT=46666 DPT=8006 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63807 SEQ=1 Nov 9 06:22:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52590 DF PROTO=TCP SPT=43574 DPT=30287 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:41 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 06:22:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19189 DF PROTO=TCP SPT=60808 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=46526 DF PROTO=TCP SPT=60316 DPT=10250 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:22:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7670 DF PROTO=TCP SPT=58581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:22:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7671 DF PROTO=TCP SPT=58581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:22:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14491 PROTO=TCP SPT=49956 DPT=25468 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28100 SEQ=1 Nov 9 06:22:51 server83 letsencrypt.live.cgi: time="2025-11-09T06:22:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mdssansthan WantedNames="[]" Nov 9 06:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18132 SEQ=1 Nov 9 06:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41778 SEQ=1 Nov 9 06:22:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:53 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 06:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26007 SEQ=1 Nov 9 06:22:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=60184 DF PROTO=TCP SPT=47168 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28100 SEQ=1 Nov 9 06:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31380 SEQ=1 Nov 9 06:22:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.63 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=36540 DF PROTO=TCP SPT=47174 DPT=9100 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 06:22:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7673 DF PROTO=TCP SPT=58581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:22:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:22:59 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 06:23:01 server83 systemd: Started Session 307632 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307633 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307636 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307635 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307638 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307637 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307634 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307639 of user root. Nov 9 06:23:01 server83 systemd: Started Session 307640 of user root. Nov 9 06:23:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25882 SEQ=1 Nov 9 06:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40114 SEQ=1 Nov 9 06:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11888 SEQ=1 Nov 9 06:23:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25882 SEQ=1 Nov 9 06:23:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7674 DF PROTO=TCP SPT=58581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:23:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.19.160 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36654 DPT=25000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60404 SEQ=1 Nov 9 06:23:08 server83 letsencrypt.live.cgi: time="2025-11-09T06:23:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=besthotelmassage WantedNames="[]" Nov 9 06:23:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.2 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=46726 DF PROTO=TCP SPT=17674 DPT=13323 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50059 PROTO=TCP SPT=61000 DPT=29235 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:23:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=29353 PROTO=TCP SPT=1852 DPT=39420 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32005 SEQ=1 Nov 9 06:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43771 SEQ=1 Nov 9 06:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42098 SEQ=1 Nov 9 06:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41352 SEQ=1 Nov 9 06:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1124 PROTO=TCP SPT=45727 DPT=31134 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=621 SEQ=1 Nov 9 06:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8866 SEQ=1 Nov 9 06:23:23 server83 letsencrypt.live.cgi: time="2025-11-09T06:23:23+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=panaceaclinic WantedNames="[]" error="Account is suspended" Nov 9 06:23:25 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.78 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=36055 DF PROTO=UDP SPT=46750 DPT=17 LEN=9 Nov 9 06:23:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42763 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:23:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6854 SEQ=1 Nov 9 06:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36901 SEQ=1 Nov 9 06:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55886 SEQ=1 Nov 9 06:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53656 SEQ=1 Nov 9 06:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6854 SEQ=1 Nov 9 06:23:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=28956 PROTO=TCP SPT=61234 DPT=5989 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:23:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39519 PROTO=TCP SPT=56949 DPT=8512 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:23:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47884 PROTO=TCP SPT=38312 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17465 SEQ=1 Nov 9 06:23:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47885 PROTO=TCP SPT=38312 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:23:40 server83 letsencrypt.live.cgi: time="2025-11-09T06:23:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bindagro WantedNames="[]" Nov 9 06:23:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20970 PROTO=TCP SPT=43972 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47886 PROTO=TCP SPT=38312 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:40 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 06:23:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:23:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.73 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=55140 PROTO=TCP SPT=51375 DPT=6653 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:23:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20971 PROTO=TCP SPT=43972 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20972 PROTO=TCP SPT=43972 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20974 PROTO=TCP SPT=43972 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:45 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 06:23:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=62531 PROTO=TCP SPT=46160 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39112 SEQ=1 Nov 9 06:23:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36749 SEQ=1 Nov 9 06:23:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39112 SEQ=1 Nov 9 06:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=62533 PROTO=TCP SPT=46160 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58748 SEQ=1 Nov 9 06:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36749 SEQ=1 Nov 9 06:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28483 SEQ=1 Nov 9 06:23:50 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:23:50 server83 imunify-auditd-log-reader[9638]: lost 36 message sequences Nov 9 06:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30414 SEQ=1 Nov 9 06:23:56 server83 letsencrypt.live.cgi: time="2025-11-09T06:23:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shoeswoes WantedNames="[]" Nov 9 06:24:01 server83 systemd: Started Session 307642 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307641 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307643 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307645 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307647 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307648 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307644 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307646 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307650 of user root. Nov 9 06:24:01 server83 systemd: Started Session 307649 of user root. Nov 9 06:24:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3459 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:24:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49327 DPT=6653 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:24:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5350 SEQ=1 Nov 9 06:24:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35777 SEQ=1 Nov 9 06:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21899 SEQ=1 Nov 9 06:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58451 SEQ=1 Nov 9 06:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58451 SEQ=1 Nov 9 06:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5350 SEQ=1 Nov 9 06:24:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:24:10 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 06:24:11 server83 letsencrypt.live.cgi: time="2025-11-09T06:24:11+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=americaexp WantedNames="[]" error="Account is suspended" Nov 9 06:24:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=42348 PROTO=TCP SPT=56114 DPT=7803 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:24:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13671 SEQ=1 Nov 9 06:24:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:24:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36931 SEQ=1 Nov 9 06:24:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1181 SEQ=1 Nov 9 06:24:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64875 SEQ=1 Nov 9 06:24:22 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:24:22 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:24:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3458 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:24:27 server83 letsencrypt.live.cgi: time="2025-11-09T06:24:27+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=agarwalshiftinge WantedNames="[]" error="Account is suspended" Nov 9 06:24:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56313 DPT=3394 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:24:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44714 SEQ=1 Nov 9 06:24:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62735 PROTO=TCP SPT=49956 DPT=26604 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61461 SEQ=1 Nov 9 06:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37111 SEQ=1 Nov 9 06:24:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55736 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8137 SEQ=1 Nov 9 06:24:42 server83 letsencrypt.live.cgi: time="2025-11-09T06:24:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bereniketechnolo WantedNames="[]" Nov 9 06:24:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33137 DPT=8010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:24:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:24:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8708 PROTO=TCP SPT=37767 DPT=8082 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:24:48 server83 scripts.sh: Sun Nov 9 06:24:48 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 06:24:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=953 PROTO=TCP SPT=47780 DPT=44314 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8411 SEQ=1 Nov 9 06:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38885 SEQ=1 Nov 9 06:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8411 SEQ=1 Nov 9 06:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28758 SEQ=1 Nov 9 06:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17386 SEQ=1 Nov 9 06:24:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:24:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=52620 PROTO=TCP SPT=61234 DPT=5958 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:24:57 server83 letsencrypt.live.cgi: time="2025-11-09T06:24:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=giftmilega WantedNames="[]" error="Account is suspended" Nov 9 06:24:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.174 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57145 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4955] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4959] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4960] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4963] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4972] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4975] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:24:59 server83 NetworkManager[922]: <info> [1762649699.4985] dhcp4 (eth1): dhclient started with pid 25898 Nov 9 06:24:59 server83 dhclient[25898]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2819d69f) Nov 9 06:25:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50391 PROTO=TCP SPT=55444 DPT=6466 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:25:01 server83 systemd: Started Session 307654 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307653 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307651 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307655 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307656 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307657 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307652 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307658 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307660 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307659 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307661 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307663 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307662 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307665 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307664 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307666 of user root. Nov 9 06:25:01 server83 systemd: Started Session 307667 of user root. Nov 9 06:25:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33397 SEQ=1 Nov 9 06:25:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59900 SEQ=1 Nov 9 06:25:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10851 SEQ=1 Nov 9 06:25:06 server83 dhclient[25898]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2819d69f) Nov 9 06:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1103 SEQ=1 Nov 9 06:25:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10449 PROTO=TCP SPT=46370 DPT=1102 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:25:13 server83 letsencrypt.live.cgi: time="2025-11-09T06:25:13+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=cadcamacademy WantedNames="[]" error="Account is suspended" Nov 9 06:25:14 server83 dhclient[25898]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x2819d69f) Nov 9 06:25:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.58 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52113 DPT=45867 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:25:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.130 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9666 DF PROTO=TCP SPT=33923 DPT=2332 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5616 SEQ=1 Nov 9 06:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9219 SEQ=1 Nov 9 06:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9219 SEQ=1 Nov 9 06:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51271 SEQ=1 Nov 9 06:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18391 SEQ=1 Nov 9 06:25:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7675 DF PROTO=TCP SPT=62672 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:25:24 server83 dhclient[25898]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x2819d69f) Nov 9 06:25:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7676 DF PROTO=TCP SPT=62672 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:25:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7677 DF PROTO=TCP SPT=62672 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:25:28 server83 letsencrypt.live.cgi: time="2025-11-09T06:25:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mofepgovgh WantedNames="[]" Nov 9 06:25:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26713 PROTO=TCP SPT=36307 DPT=4769 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:25:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7678 DF PROTO=TCP SPT=62672 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61778 SEQ=1 Nov 9 06:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52481 SEQ=1 Nov 9 06:25:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35656 PROTO=TCP SPT=49956 DPT=29798 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42538 SEQ=1 Nov 9 06:25:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56479 DPT=8070 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61825 SEQ=1 Nov 9 06:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42538 SEQ=1 Nov 9 06:25:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54676 PROTO=TCP SPT=49956 DPT=26018 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:25:38 server83 dhclient[25898]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x2819d69f) Nov 9 06:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34429 SEQ=1 Nov 9 06:25:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20739 SEQ=1 Nov 9 06:25:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7679 DF PROTO=TCP SPT=62672 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:25:43 server83 letsencrypt.live.cgi: time="2025-11-09T06:25:43+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=globalindiatrips WantedNames="[]" error="Account is suspended" Nov 9 06:25:44 server83 NetworkManager[922]: <warn> [1762649744.4447] dhcp4 (eth1): request timed out Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4447] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4526] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25898 Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4526] dhcp4 (eth1): state changed timeout -> done Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4528] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:25:44 server83 NetworkManager[922]: <warn> [1762649744.4532] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4535] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4566] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4570] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4571] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4575] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4584] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4587] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:25:44 server83 NetworkManager[922]: <info> [1762649744.4597] dhcp4 (eth1): dhclient started with pid 26999 Nov 9 06:25:44 server83 dhclient[26999]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4aa4c7d0) Nov 9 06:25:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43713 PROTO=TCP SPT=47069 DPT=6896 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:25:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:25:49 server83 dhclient[26999]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4aa4c7d0) Nov 9 06:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54739 SEQ=1 Nov 9 06:25:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38135 PROTO=TCP SPT=57770 DPT=5004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12185 SEQ=1 Nov 9 06:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43887 SEQ=1 Nov 9 06:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43887 SEQ=1 Nov 9 06:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12185 SEQ=1 Nov 9 06:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23593 SEQ=1 Nov 9 06:25:57 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=49.12.219.178 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=64626 DF PROTO=ICMP TYPE=8 CODE=0 ID=41177 SEQ=17970 Nov 9 06:25:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=24153 DF PROTO=TCP SPT=19716 DPT=212 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:25:59 server83 letsencrypt.live.cgi: time="2025-11-09T06:25:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=visoedu WantedNames="[]" Nov 9 06:25:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52554 DPT=23389 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:26:01 server83 dhclient[26999]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x4aa4c7d0) Nov 9 06:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:26:01 server83 systemd: Started Session 307668 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307669 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307670 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307671 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307673 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307672 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307674 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307675 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307676 of user root. Nov 9 06:26:01 server83 systemd: Started Session 307677 of user root. Nov 9 06:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10268 SEQ=1 Nov 9 06:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25184 SEQ=1 Nov 9 06:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3633 SEQ=1 Nov 9 06:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6179 SEQ=1 Nov 9 06:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47284 PROTO=TCP SPT=47019 DPT=5034 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17437 SEQ=1 Nov 9 06:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54117 SEQ=1 Nov 9 06:26:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:26:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cryptologicinsur WantedNames="[]" Nov 9 06:26:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55875 DPT=20000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:26:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3451 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:26:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52091 SEQ=1 Nov 9 06:26:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61451 SEQ=1 Nov 9 06:26:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49267 SEQ=1 Nov 9 06:26:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43469 PROTO=TCP SPT=45727 DPT=33629 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:26:21 server83 dhclient[26999]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x4aa4c7d0) Nov 9 06:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52091 SEQ=1 Nov 9 06:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40638 SEQ=1 Nov 9 06:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4036 SEQ=1 Nov 9 06:26:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=61258 PROTO=TCP SPT=44487 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=61259 PROTO=TCP SPT=44487 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.147 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=787 PROTO=TCP SPT=5403 DPT=23938 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:26:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56357 PROTO=TCP SPT=55465 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=61260 PROTO=TCP SPT=44487 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56358 PROTO=TCP SPT=55465 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:29 server83 NetworkManager[922]: <warn> [1762649789.4520] dhcp4 (eth1): request timed out Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4520] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4680] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26999 Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4680] dhcp4 (eth1): state changed timeout -> done Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4681] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:26:29 server83 NetworkManager[922]: <warn> [1762649789.4684] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4685] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4713] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4715] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4715] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4717] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4725] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4727] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:26:29 server83 NetworkManager[922]: <info> [1762649789.4734] dhcp4 (eth1): dhclient started with pid 27920 Nov 9 06:26:29 server83 dhclient[27920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x530fd2ac) Nov 9 06:26:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56359 PROTO=TCP SPT=55465 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:30 server83 letsencrypt.live.cgi: time="2025-11-09T06:26:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=xyz WantedNames="[]" Nov 9 06:26:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:26:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56361 PROTO=TCP SPT=55465 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17066 SEQ=1 Nov 9 06:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39933 SEQ=1 Nov 9 06:26:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59912 SEQ=1 Nov 9 06:26:34 server83 aibolit_wrapper[28080]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626497948426712.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626497948429214.txt --progress=/tmp/malware_cleaner_progress_17626497948428870.json --csv_result=/tmp/revisium_csvfile_17626497948429014.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:26:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=27821 PROTO=TCP SPT=47263 DPT=41953 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:26:35 server83 dhclient[27920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x530fd2ac) Nov 9 06:26:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39640 SEQ=1 Nov 9 06:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31971 SEQ=1 Nov 9 06:26:43 server83 dhclient[27920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x530fd2ac) Nov 9 06:26:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7680 DF PROTO=TCP SPT=64832 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:26:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7681 DF PROTO=TCP SPT=64832 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:26:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44613 PROTO=TCP SPT=45727 DPT=32670 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:26:46 server83 letsencrypt.live.cgi: time="2025-11-09T06:26:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sgpvtiti WantedNames="[]" Nov 9 06:26:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7682 DF PROTO=TCP SPT=64832 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56983 SEQ=1 Nov 9 06:26:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7683 DF PROTO=TCP SPT=64832 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:26:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.106 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53837 DPT=48428 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:26:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38833 SEQ=1 Nov 9 06:26:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9461 SEQ=1 Nov 9 06:26:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55412 SEQ=1 Nov 9 06:26:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12453 PROTO=TCP SPT=54611 DPT=5278 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:26:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42837 DPT=23389 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:26:57 server83 systemd: Started Session c2841 of user root. Nov 9 06:26:57 server83 scripts.sh: Load Average: 5.03 , 5.97 Nov 9 06:26:57 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 06:26:57 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 06:26:57 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 06:26:57 server83 scripts.sh: HTTPD Status: inactive Nov 9 06:26:57 server83 scripts.sh: MySQL Status: active Nov 9 06:26:57 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 06:26:57 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 06:26:57 server83 scripts.sh: SSHD Status: active Nov 9 06:26:57 server83 scripts.sh: FTP Status: active Nov 9 06:26:57 server83 scripts.sh: LiteSpeed Status: Active Nov 9 06:26:57 server83 scripts.sh: Imunify Status: Active Nov 9 06:26:57 server83 scripts.sh: cPanel Status: active Nov 9 06:26:57 server83 scripts.sh: Memory Status: 12/31 GB - 40.28% Nov 9 06:26:57 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 06:26:57 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 06:26:57 server83 scripts.sh: Local Version: 4.4.5 Nov 9 06:26:58 server83 dhclient[27920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x530fd2ac) Nov 9 06:26:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.9 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=49839 DF PROTO=TCP SPT=58237 DPT=44446 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:26:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7684 DF PROTO=TCP SPT=64832 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:01 server83 letsencrypt.live.cgi: time="2025-11-09T06:27:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mbldegre WantedNames="[]" Nov 9 06:27:01 server83 systemd: Started Session 307679 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307680 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307681 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307678 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307685 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307686 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307683 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307687 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307684 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307682 of user root. Nov 9 06:27:01 server83 systemd: Started Session 307688 of user root. Nov 9 06:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7292 SEQ=1 Nov 9 06:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3204 SEQ=1 Nov 9 06:27:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.153 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=4681 PROTO=TCP SPT=53661 DPT=17778 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27133 SEQ=1 Nov 9 06:27:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:27:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:27:07 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38878 SEQ=1 Nov 9 06:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3204 SEQ=1 Nov 9 06:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33378 SEQ=1 Nov 9 06:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55461 SEQ=1 Nov 9 06:27:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3450 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:27:14 server83 NetworkManager[922]: <warn> [1762649834.4400] dhcp4 (eth1): request timed out Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4401] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4560] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27920 Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4560] dhcp4 (eth1): state changed timeout -> done Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4562] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:27:14 server83 NetworkManager[922]: <warn> [1762649834.4567] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4569] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4603] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4607] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4608] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4612] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4622] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4625] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:27:14 server83 NetworkManager[922]: <info> [1762649834.4637] dhcp4 (eth1): dhclient started with pid 28965 Nov 9 06:27:14 server83 dhclient[28965]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x4d4efbfb) Nov 9 06:27:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=190.110.229.13 DST=51.210.113.204 LEN=74 TOS=0x00 PREC=0x20 TTL=42 ID=27305 DF PROTO=UDP SPT=8080 DPT=1027 LEN=54 Nov 9 06:27:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.163.15.217 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=41298 PROTO=TCP SPT=38317 DPT=45000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53696 DPT=1222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:17 server83 dhclient[28965]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4d4efbfb) Nov 9 06:27:17 server83 letsencrypt.live.cgi: time="2025-11-09T06:27:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mercantiletrusth WantedNames="[]" Nov 9 06:27:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16253 SEQ=1 Nov 9 06:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.246.20.251 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=49 ID=3632 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=3 Nov 9 06:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30174 SEQ=1 Nov 9 06:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14804 SEQ=1 Nov 9 06:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16253 SEQ=1 Nov 9 06:27:19 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 06:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=113.44.112.143 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=40 ID=42516 DF PROTO=ICMP TYPE=8 CODE=0 ID=21829 SEQ=33351 Nov 9 06:27:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7685 DF PROTO=TCP SPT=49411 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.106.57.122 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=13749 PROTO=TCP SPT=45941 DPT=45000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24088 SEQ=1 Nov 9 06:27:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7686 DF PROTO=TCP SPT=49411 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:22 server83 dhclient[28965]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4d4efbfb) Nov 9 06:27:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.26.115.195 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=44934 PROTO=TCP SPT=55638 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7687 DF PROTO=TCP SPT=49411 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25613 PROTO=TCP SPT=57143 DPT=8604 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30061 SEQ=1 Nov 9 06:27:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=26654 PROTO=UDP SPT=64209 DPT=64243 LEN=20 Nov 9 06:27:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:27:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7688 DF PROTO=TCP SPT=49411 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:31 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:27:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.123 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=52467 DF PROTO=TCP SPT=27553 DPT=10005 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:27:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.40.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59349 DPT=4118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3457 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:27:33 server83 dhclient[28965]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x4d4efbfb) Nov 9 06:27:33 server83 letsencrypt.live.cgi: time="2025-11-09T06:27:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rockyardclub WantedNames="[]" Nov 9 06:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52283 SEQ=1 Nov 9 06:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25968 SEQ=1 Nov 9 06:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8235 SEQ=1 Nov 9 06:27:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7689 DF PROTO=TCP SPT=49411 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:27:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=6198 DF PROTO=ICMP TYPE=8 CODE=0 ID=51006 SEQ=45872 Nov 9 06:27:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24098 SEQ=1 Nov 9 06:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39717 SEQ=1 Nov 9 06:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50904 SEQ=1 Nov 9 06:27:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18624 SEQ=1 Nov 9 06:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.250.141.173 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=39865 DF PROTO=TCP SPT=40889 DPT=8888 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 06:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.254 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54813 DPT=9172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.214 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49690 DPT=8887 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:27:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:27:47 server83 dhclient[28965]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4d4efbfb) Nov 9 06:27:49 server83 letsencrypt.live.cgi: time="2025-11-09T06:27:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=coinmarketcapfin WantedNames="[]" Nov 9 06:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54659 SEQ=1 Nov 9 06:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56910 SEQ=1 Nov 9 06:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42184 SEQ=1 Nov 9 06:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48909 SEQ=1 Nov 9 06:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42184 SEQ=1 Nov 9 06:27:54 server83 dhclient[28965]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4d4efbfb) Nov 9 06:27:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.85 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=22421 PROTO=TCP SPT=18617 DPT=8001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:27:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.17 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45826 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:27:59 server83 NetworkManager[922]: <warn> [1762649879.4411] dhcp4 (eth1): request timed out Nov 9 06:27:59 server83 NetworkManager[922]: <info> [1762649879.4411] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:27:59 server83 NetworkManager[922]: <info> [1762649879.4490] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28965 Nov 9 06:27:59 server83 NetworkManager[922]: <info> [1762649879.4490] dhcp4 (eth1): state changed timeout -> done Nov 9 06:27:59 server83 NetworkManager[922]: <info> [1762649879.4492] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:27:59 server83 NetworkManager[922]: <warn> [1762649879.4497] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:27:59 server83 NetworkManager[922]: <info> [1762649879.4499] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:28:01 server83 systemd: Started Session 307689 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307693 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307691 of user root. Nov 9 06:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 06:28:01 server83 systemd: Started Session 307694 of user metalarts. Nov 9 06:28:01 server83 systemd: Started Session 307690 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307695 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307692 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307696 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307697 of user root. Nov 9 06:28:01 server83 systemd: Started Session 307698 of user root. Nov 9 06:28:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 06:28:05 server83 letsencrypt.live.cgi: time="2025-11-09T06:28:05+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vardhmancomputer WantedNames="[]" error="Account is suspended" Nov 9 06:28:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19637 PROTO=TCP SPT=45727 DPT=34301 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49465 SEQ=1 Nov 9 06:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7392 SEQ=1 Nov 9 06:28:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=13876 PROTO=TCP SPT=44928 DPT=13219 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55700 SEQ=1 Nov 9 06:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38714 SEQ=1 Nov 9 06:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11707 SEQ=1 Nov 9 06:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38714 SEQ=1 Nov 9 06:28:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=36284 PROTO=TCP SPT=47254 DPT=38112 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:28:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.36.97.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=5224 DF PROTO=TCP SPT=42855 DPT=11597 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:28:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.42.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60594 DPT=4118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:28:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:28:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=31344 DF PROTO=ICMP TYPE=8 CODE=0 ID=54161 SEQ=53459 Nov 9 06:28:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3456 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:20 server83 letsencrypt.live.cgi: time="2025-11-09T06:28:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=munshilaljewels WantedNames="[]" Nov 9 06:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 06:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 06:28:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21130 SEQ=1 Nov 9 06:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61506 SEQ=1 Nov 9 06:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14897 SEQ=1 Nov 9 06:28:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3449 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3455 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45784 PROTO=TCP SPT=37395 DPT=5188 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:28:29 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=145.239.83.37 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=48 ID=33115 DF PROTO=ICMP TYPE=8 CODE=0 ID=16721 SEQ=35225 Nov 9 06:28:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16468 SEQ=1 Nov 9 06:28:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48758 SEQ=1 Nov 9 06:28:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63187 SEQ=1 Nov 9 06:28:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.238 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49656 DPT=8819 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44723 SEQ=1 Nov 9 06:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30466 SEQ=1 Nov 9 06:28:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.217.194.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33313 DPT=790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:28:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2977 PROTO=TCP SPT=45727 DPT=31675 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.49 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=13060 PROTO=TCP SPT=46074 DPT=7836 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:28:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18727 SEQ=1 Nov 9 06:28:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54880 SEQ=1 Nov 9 06:28:35 server83 letsencrypt.live.cgi: time="2025-11-09T06:28:35+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=friendsinfotech WantedNames="[]" error="Account is suspended" Nov 9 06:28:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42485 PROTO=TCP SPT=46370 DPT=2392 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=10499 DF PROTO=ICMP TYPE=8 CODE=0 ID=19566 SEQ=15421 Nov 9 06:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54880 SEQ=1 Nov 9 06:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18727 SEQ=1 Nov 9 06:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4991 SEQ=1 Nov 9 06:28:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.93.201.79 DST=145.239.177.179 LEN=442 TOS=0x18 PREC=0xA0 TTL=50 ID=48353 DF PROTO=UDP SPT=5233 DPT=5060 LEN=422 Nov 9 06:28:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=63132 PROTO=TCP SPT=60476 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:28:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3448 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65319 PROTO=TCP SPT=46370 DPT=1831 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.36.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=49616 DPT=1911 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35293 SEQ=1 Nov 9 06:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41458 SEQ=1 Nov 9 06:28:51 server83 letsencrypt.live.cgi: time="2025-11-09T06:28:51+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=prakrti WantedNames="[]" error="Account is suspended" Nov 9 06:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64135 SEQ=1 Nov 9 06:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41458 SEQ=1 Nov 9 06:29:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.116.120 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=23840 DF PROTO=TCP SPT=24864 DPT=3479 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 06:29:01 server83 systemd: Started Session 307701 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307702 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307699 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307703 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307700 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307704 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307705 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307707 of user root. Nov 9 06:29:01 server83 systemd: Started Session 307706 of user root. Nov 9 06:29:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17607 SEQ=1 Nov 9 06:29:06 server83 letsencrypt.live.cgi: time="2025-11-09T06:29:06+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ppdhpurtaxiservi WantedNames="[]" error="Account is suspended" Nov 9 06:29:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28758 SEQ=1 Nov 9 06:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12370 SEQ=1 Nov 9 06:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60171 SEQ=1 Nov 9 06:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44876 SEQ=1 Nov 9 06:29:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3454 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:29:21 server83 letsencrypt.live.cgi: time="2025-11-09T06:29:21+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=desertviewresort WantedNames="[]" error="Account is suspended" Nov 9 06:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35653 SEQ=1 Nov 9 06:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42826 SEQ=1 Nov 9 06:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.129.81.225 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=50 ID=58974 DF PROTO=ICMP TYPE=8 CODE=0 ID=36078 SEQ=14298 Nov 9 06:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50705 SEQ=1 Nov 9 06:29:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18865 PROTO=TCP SPT=51087 DPT=1900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:29:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48906 PROTO=TCP SPT=58603 DPT=43389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35653 SEQ=1 Nov 9 06:29:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=34196 PROTO=TCP SPT=56033 DPT=7722 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=57771 DPT=10002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:29:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.82 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=54745 DF PROTO=TCP SPT=26925 DPT=264 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:29:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55392 SEQ=1 Nov 9 06:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21837 SEQ=1 Nov 9 06:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26157 SEQ=1 Nov 9 06:29:36 server83 letsencrypt.live.cgi: time="2025-11-09T06:29:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=urkartin WantedNames="[]" Nov 9 06:29:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=21342 PROTO=TCP SPT=61234 DPT=5948 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23402 SEQ=1 Nov 9 06:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65292 SEQ=1 Nov 9 06:29:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:29:46 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:29:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:29:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29102 PROTO=TCP SPT=45727 DPT=31100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:29:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52821 SEQ=1 Nov 9 06:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55272 SEQ=1 Nov 9 06:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57743 SEQ=1 Nov 9 06:29:52 server83 letsencrypt.live.cgi: time="2025-11-09T06:29:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=besttrav WantedNames="[]" Nov 9 06:29:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52821 SEQ=1 Nov 9 06:29:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=10085 PROTO=TCP SPT=44928 DPT=13219 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:30:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.34 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=10653 PROTO=TCP SPT=40299 DPT=3900 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:30:01 server83 systemd: Started Session 307710 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307709 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307711 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307712 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307714 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307715 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307717 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307708 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307719 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307716 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307713 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307718 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307720 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307722 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307721 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307723 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307725 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307724 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307726 of user root. Nov 9 06:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 06:30:01 server83 systemd: Started Session 307727 of user sanatanhinduvahi. Nov 9 06:30:01 server83 systemd: Started Session 307730 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307729 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307728 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307732 of user root. Nov 9 06:30:01 server83 systemd: Started Session 307731 of user root. Nov 9 06:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43970 SEQ=1 Nov 9 06:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 06:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6591 SEQ=1 Nov 9 06:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61855 SEQ=1 Nov 9 06:30:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.139 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=115 ID=14711 PROTO=TCP SPT=23320 DPT=8181 WINDOW=37681 RES=0x00 SYN URGP=0 Nov 9 06:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30146 SEQ=1 Nov 9 06:30:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=53125 PROTO=TCP SPT=48713 DPT=34734 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31648 SEQ=1 Nov 9 06:30:05 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:30:05 server83 systemd: Stopped Status Update Service. Nov 9 06:30:05 server83 systemd: Started Status Update Service. Nov 9 06:30:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45617 PROTO=TCP SPT=43739 DPT=2546 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:30:08 server83 letsencrypt.live.cgi: time="2025-11-09T06:30:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rnassociate WantedNames="[]" Nov 9 06:30:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43970 SEQ=1 Nov 9 06:30:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16767 PROTO=TCP SPT=44928 DPT=35366 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:30:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28610 PROTO=TCP SPT=35516 DPT=5826 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35710 DPT=37777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.251.67.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=33916 PROTO=TCP SPT=42566 DPT=3022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:30:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.42 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58083 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16132 SEQ=1 Nov 9 06:30:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54632 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.20 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50822 DPT=9894 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:30 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.95 DST=145.239.177.179 LEN=56 TOS=0x00 PREC=0x00 TTL=34 ID=50719 PROTO=UDP SPT=7503 DPT=27036 LEN=36 Nov 9 06:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37358 SEQ=1 Nov 9 06:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21940 SEQ=1 Nov 9 06:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58422 SEQ=1 Nov 9 06:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62786 SEQ=1 Nov 9 06:30:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=49528 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40870 SEQ=1 Nov 9 06:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4961 SEQ=1 Nov 9 06:30:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37660 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3680 PROTO=TCP SPT=49956 DPT=26125 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8060 SEQ=1 Nov 9 06:30:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:30:39 server83 letsencrypt.live.cgi: time="2025-11-09T06:30:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=spmgdcbhadohiorg WantedNames="[]" Nov 9 06:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=16118 DF PROTO=ICMP TYPE=8 CODE=0 ID=35775 SEQ=26466 Nov 9 06:30:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53158 PROTO=TCP SPT=43448 DPT=2712 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:30:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60766 PROTO=TCP SPT=44648 DPT=8022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.223.104.85 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34766 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:30:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64529 SEQ=1 Nov 9 06:30:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13072 SEQ=1 Nov 9 06:30:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=6888 DF PROTO=ICMP TYPE=8 CODE=0 ID=25780 SEQ=40895 Nov 9 06:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19981 SEQ=1 Nov 9 06:30:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.150.101.57 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=TCP SPT=49602 DPT=1911 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16056 SEQ=1 Nov 9 06:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9324 SEQ=1 Nov 9 06:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16056 SEQ=1 Nov 9 06:30:54 server83 letsencrypt.live.cgi: time="2025-11-09T06:30:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=josedevhousing WantedNames="[]" Nov 9 06:30:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.96 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=33998 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:01 server83 systemd: Started Session 307734 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307733 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307735 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307737 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307739 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307741 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307738 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307740 of user root. Nov 9 06:31:01 server83 systemd: Started Session 307736 of user root. Nov 9 06:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1384 SEQ=1 Nov 9 06:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64574 SEQ=1 Nov 9 06:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64370 SEQ=1 Nov 9 06:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64574 SEQ=1 Nov 9 06:31:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49148 PROTO=TCP SPT=61234 DPT=5937 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21250 SEQ=1 Nov 9 06:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10534 SEQ=1 Nov 9 06:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35817 SEQ=1 Nov 9 06:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57848 SEQ=1 Nov 9 06:31:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30648 PROTO=TCP SPT=41497 DPT=4190 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:10 server83 letsencrypt.live.cgi: time="2025-11-09T06:31:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vikramshilaunive WantedNames="[]" Nov 9 06:31:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35996 PROTO=TCP SPT=46370 DPT=3183 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:31:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.102.42.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=41840 DPT=5060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8206 PROTO=TCP SPT=40629 DPT=9631 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.169 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49435 DPT=8872 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.9 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51019 DPT=9197 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5867 SEQ=1 Nov 9 06:31:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=50346 DPT=9900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1185 PROTO=TCP SPT=33980 DPT=6386 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21688 SEQ=1 Nov 9 06:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29916 SEQ=1 Nov 9 06:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21688 SEQ=1 Nov 9 06:31:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.45 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1090 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:31:25 server83 letsencrypt.live.cgi: time="2025-11-09T06:31:25+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=elitestocktotrad WantedNames="[]" error="Account is suspended" Nov 9 06:31:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.63 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=56696 DPT=44818 LEN=32 Nov 9 06:31:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=1.0.0.1 DST=145.239.177.179 LEN=88 TOS=0x00 PREC=0x00 TTL=52 ID=45570 DF PROTO=UDP SPT=53 DPT=41527 LEN=68 Nov 9 06:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60395 SEQ=1 Nov 9 06:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59574 SEQ=1 Nov 9 06:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28416 SEQ=1 Nov 9 06:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33538 SEQ=1 Nov 9 06:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27106 SEQ=1 Nov 9 06:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=21164 DF PROTO=ICMP TYPE=8 CODE=0 ID=17169 SEQ=1651 Nov 9 06:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52540 SEQ=1 Nov 9 06:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53872 SEQ=1 Nov 9 06:31:41 server83 letsencrypt.live.cgi: time="2025-11-09T06:31:41+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=facevalueaesthet WantedNames="[]" error="Account is suspended" Nov 9 06:31:42 server83 pam_imunify_daemon.bin: time="2025-11-09T06:31:42+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:31:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:31:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.137 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63513 PROTO=TCP SPT=31338 DPT=10000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54854 SEQ=1 Nov 9 06:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9920 SEQ=1 Nov 9 06:31:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=62192 PROTO=TCP SPT=56185 DPT=7904 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40044 SEQ=1 Nov 9 06:31:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=5830 PROTO=TCP SPT=47648 DPT=8099 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31491 SEQ=1 Nov 9 06:31:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.106.48.199 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=54686 PROTO=TCP SPT=53587 DPT=9997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9920 SEQ=1 Nov 9 06:31:56 server83 letsencrypt.live.cgi: time="2025-11-09T06:31:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=webstaxpress WantedNames="[]" Nov 9 06:31:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7690 DF PROTO=TCP SPT=54543 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:31:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7691 DF PROTO=TCP SPT=54543 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:32:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18477 PROTO=TCP SPT=46370 DPT=3231 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:32:01 server83 systemd: Started Session 307743 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307744 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307742 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307745 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307746 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307747 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307748 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307749 of user root. Nov 9 06:32:01 server83 systemd: Started Session 307750 of user root. Nov 9 06:32:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7692 DF PROTO=TCP SPT=54543 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:32:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:32:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3447 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:32:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.251 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50837 DPT=1236 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51399 SEQ=1 Nov 9 06:32:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=23262 DF PROTO=ICMP TYPE=8 CODE=0 ID=17169 SEQ=60282 Nov 9 06:32:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46159 SEQ=1 Nov 9 06:32:04 server83 aibolit_wrapper[15691]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626501245855104.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626501245856490.txt --log=/tmp/malware_cleaner_log_17626501245857826.txt --progress=/tmp/malware_cleaner_progress_17626501245857456.json --csv_result=/tmp/revisium_csvfile_17626501245857630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:32:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7693 DF PROTO=TCP SPT=54543 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:32:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61701 SEQ=1 Nov 9 06:32:08 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:32:08 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:32:08 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56361 SEQ=1 Nov 9 06:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58920 SEQ=1 Nov 9 06:32:11 server83 letsencrypt.live.cgi: time="2025-11-09T06:32:11+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=eauit WantedNames="[]" error="Account is suspended" Nov 9 06:32:12 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 06:32:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:32:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:32:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7694 DF PROTO=TCP SPT=54543 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:32:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.234 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=61258 PROTO=TCP SPT=49988 DPT=17955 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:32:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6193 PROTO=TCP SPT=40236 DPT=9957 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:32:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53089 SEQ=1 Nov 9 06:32:19 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:32:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=10528 DF PROTO=ICMP TYPE=8 CODE=0 ID=4562 SEQ=36020 Nov 9 06:32:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22599 SEQ=1 Nov 9 06:32:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.254 DST=51.210.113.204 LEN=167 TOS=0x00 PREC=0x00 TTL=35 ID=63230 PROTO=UDP SPT=15610 DPT=19158 LEN=147 Nov 9 06:32:27 server83 letsencrypt.live.cgi: time="2025-11-09T06:32:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=assetcorporation WantedNames="[]" Nov 9 06:32:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.76 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59100 PROTO=TCP SPT=39266 DPT=4317 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:32:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.190.163.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=56901 DPT=9700 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:32:31 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26744 SEQ=1 Nov 9 06:32:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10629 PROTO=TCP SPT=46529 DPT=7085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53460 SEQ=1 Nov 9 06:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53460 SEQ=1 Nov 9 06:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13009 SEQ=1 Nov 9 06:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=8275 PROTO=TCP SPT=56033 DPT=7719 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20554 SEQ=1 Nov 9 06:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13283 SEQ=1 Nov 9 06:32:42 server83 letsencrypt.live.cgi: time="2025-11-09T06:32:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dsgsgfsd WantedNames="[]" Nov 9 06:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:32:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:32:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3446 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16537 SEQ=1 Nov 9 06:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54182 SEQ=1 Nov 9 06:32:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3445 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11208 SEQ=1 Nov 9 06:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54182 SEQ=1 Nov 9 06:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53579 SEQ=1 Nov 9 06:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53579 SEQ=1 Nov 9 06:32:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.77 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49262 DPT=9342 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:32:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39923 PROTO=TCP SPT=42695 DPT=4143 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:32:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.206.139 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4407 DF PROTO=TCP SPT=40706 DPT=11877 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:32:58 server83 letsencrypt.live.cgi: time="2025-11-09T06:32:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=drscollegemirzap WantedNames="[]" Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4884] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4889] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4891] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4896] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4907] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4911] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:32:59 server83 NetworkManager[922]: <info> [1762650179.4924] dhcp4 (eth1): dhclient started with pid 22326 Nov 9 06:32:59 server83 dhclient[22326]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x760285cb) Nov 9 06:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:33:01 server83 systemd: Started Session 307751 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307752 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307753 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307754 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307755 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307757 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307756 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307758 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307760 of user root. Nov 9 06:33:01 server83 systemd: Started Session 307759 of user root. Nov 9 06:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51564 DPT=20000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:05 server83 dhclient[22326]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x760285cb) Nov 9 06:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7695 DF PROTO=TCP SPT=56063 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7696 DF PROTO=TCP SPT=56089 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7697 DF PROTO=TCP SPT=56063 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.225.46.12 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=16002 DF PROTO=TCP SPT=53922 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:33:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.225.46.12 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=16003 DF PROTO=TCP SPT=53922 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 06:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43164 SEQ=1 Nov 9 06:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38762 SEQ=1 Nov 9 06:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26746 SEQ=1 Nov 9 06:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12231 SEQ=1 Nov 9 06:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19322 SEQ=1 Nov 9 06:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28303 SEQ=1 Nov 9 06:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25386 PROTO=TCP SPT=50894 DPT=5363 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7701 DF PROTO=TCP SPT=56063 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7702 DF PROTO=TCP SPT=56089 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:33:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=globalairdrop WantedNames="[]" Nov 9 06:33:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:33:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.120.223 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=7192 DF PROTO=TCP SPT=42469 DPT=1770 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:33:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.169 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55077 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3890 SEQ=1 Nov 9 06:33:20 server83 dhclient[22326]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x760285cb) Nov 9 06:33:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7703 DF PROTO=TCP SPT=56063 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7704 DF PROTO=TCP SPT=56089 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:33:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16967 SEQ=1 Nov 9 06:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41605 SEQ=1 Nov 9 06:33:29 server83 dhclient[22326]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x760285cb) Nov 9 06:33:29 server83 letsencrypt.live.cgi: time="2025-11-09T06:33:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fetishworldwide WantedNames="[]" Nov 9 06:33:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.159 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17951 PROTO=TCP SPT=64888 DPT=22522 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3192 SEQ=1 Nov 9 06:33:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61238 SEQ=1 Nov 9 06:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.23 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57088 DPT=467 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28709 SEQ=1 Nov 9 06:33:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52256 PROTO=TCP SPT=59086 DPT=2200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:38 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 06:33:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.121.84.50 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54002 DPT=8008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:40 server83 dhclient[22326]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x760285cb) Nov 9 06:33:40 server83 pam_imunify_daemon.bin: time="2025-11-09T06:33:40+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:33:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65323 PROTO=TCP SPT=56949 DPT=8524 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:33:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.235.100.142 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=52293 PROTO=TCP SPT=54637 DPT=9997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:33:44 server83 NetworkManager[922]: <warn> [1762650224.4503] dhcp4 (eth1): request timed out Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22326 Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:33:44 server83 NetworkManager[922]: <warn> [1762650224.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4706] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4711] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4712] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4716] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4727] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4731] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:33:44 server83 NetworkManager[922]: <info> [1762650224.4744] dhcp4 (eth1): dhclient started with pid 27698 Nov 9 06:33:44 server83 dhclient[27698]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x252dd83e) Nov 9 06:33:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:33:45 server83 letsencrypt.live.cgi: time="2025-11-09T06:33:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rebuildorg WantedNames="[]" Nov 9 06:33:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:33:51 server83 dhclient[27698]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x252dd83e) Nov 9 06:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12600 SEQ=1 Nov 9 06:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38871 SEQ=1 Nov 9 06:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56592 SEQ=1 Nov 9 06:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43107 SEQ=1 Nov 9 06:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43107 SEQ=1 Nov 9 06:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28355 SEQ=1 Nov 9 06:33:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.71 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=58258 DF PROTO=TCP SPT=20401 DPT=3269 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:33:59 server83 dhclient[27698]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x252dd83e) Nov 9 06:34:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1322 PROTO=TCP SPT=60598 DPT=7071 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:34:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11415 PROTO=TCP SPT=59243 DPT=7114 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:34:01 server83 letsencrypt.live.cgi: time="2025-11-09T06:34:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=lifestylemassage WantedNames="[]" Nov 9 06:34:01 server83 systemd: Started Session 307762 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307764 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307763 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307761 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307765 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307766 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307767 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307768 of user root. Nov 9 06:34:01 server83 systemd: Started Session 307769 of user root. Nov 9 06:34:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55177 DPT=1194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:34:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38923 PROTO=TCP SPT=46370 DPT=1826 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:34:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24740 PROTO=TCP SPT=61234 DPT=5950 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35657 SEQ=1 Nov 9 06:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49437 SEQ=1 Nov 9 06:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34822 SEQ=1 Nov 9 06:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52325 SEQ=1 Nov 9 06:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37811 SEQ=1 Nov 9 06:34:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.107 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56705 DPT=18015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:34:13 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:34:13 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:34:13 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:34:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7705 DF PROTO=TCP SPT=57674 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:34:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7706 DF PROTO=TCP SPT=57674 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:34:16 server83 dhclient[27698]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x252dd83e) Nov 9 06:34:16 server83 letsencrypt.live.cgi: time="2025-11-09T06:34:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tastysnacks WantedNames="[]" Nov 9 06:34:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7707 DF PROTO=TCP SPT=57674 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:34:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28415 SEQ=1 Nov 9 06:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8679 SEQ=1 Nov 9 06:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44720 SEQ=1 Nov 9 06:34:19 server83 scripts.sh: Sun Nov 9 06:34:19 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 06:34:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3689 PROTO=TCP SPT=45727 DPT=32575 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:34:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7708 DF PROTO=TCP SPT=57674 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:34:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7709 DF PROTO=TCP SPT=57674 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:34:29 server83 NetworkManager[922]: <warn> [1762650269.4453] dhcp4 (eth1): request timed out Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4533] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27698 Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4533] dhcp4 (eth1): state changed timeout -> done Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4536] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:34:29 server83 NetworkManager[922]: <warn> [1762650269.4541] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4543] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4576] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4580] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4581] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4585] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4596] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4599] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:34:29 server83 NetworkManager[922]: <info> [1762650269.4611] dhcp4 (eth1): dhclient started with pid 797 Nov 9 06:34:29 server83 dhclient[797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x78972ff9) Nov 9 06:34:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47914 SEQ=1 Nov 9 06:34:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44059 SEQ=1 Nov 9 06:34:32 server83 letsencrypt.live.cgi: time="2025-11-09T06:34:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=harshitlive WantedNames="[]" error="Account is suspended" Nov 9 06:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29826 SEQ=1 Nov 9 06:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44059 SEQ=1 Nov 9 06:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10085 SEQ=1 Nov 9 06:34:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38540 SEQ=1 Nov 9 06:34:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29764 PROTO=TCP SPT=64329 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:36 server83 dhclient[797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x78972ff9) Nov 9 06:34:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=11720 PROTO=TCP SPT=49599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29765 PROTO=TCP SPT=64329 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40314 PROTO=TCP SPT=61274 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29766 PROTO=TCP SPT=64329 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=11721 PROTO=TCP SPT=49599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22313 SEQ=1 Nov 9 06:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16487 SEQ=1 Nov 9 06:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4525 SEQ=1 Nov 9 06:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=30476 DF PROTO=ICMP TYPE=8 CODE=0 ID=59655 SEQ=6050 Nov 9 06:34:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:34:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8967 PROTO=TCP SPT=50301 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8969 PROTO=TCP SPT=50301 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:34:46 server83 dhclient[797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x78972ff9) Nov 9 06:34:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:34:47 server83 letsencrypt.live.cgi: time="2025-11-09T06:34:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fabreva WantedNames="[]" Nov 9 06:34:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.56 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50929 DPT=9540 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:34:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57872 SEQ=1 Nov 9 06:34:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30484 SEQ=1 Nov 9 06:34:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14270 PROTO=TCP SPT=50272 DPT=34162 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54331 SEQ=1 Nov 9 06:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=11156 DF PROTO=ICMP TYPE=8 CODE=0 ID=26836 SEQ=14038 Nov 9 06:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8857 SEQ=1 Nov 9 06:34:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16948 SEQ=1 Nov 9 06:34:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:35:01 server83 systemd: Started Session 307770 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307771 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307773 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307772 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307775 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307776 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307774 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307779 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307781 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307778 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307780 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307782 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307777 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307784 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307783 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307785 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307786 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307787 of user root. Nov 9 06:35:01 server83 systemd: Started Session 307788 of user root. Nov 9 06:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:35:02 server83 letsencrypt.live.cgi: time="2025-11-09T06:35:02+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=yrsagro WantedNames="[]" error="Account is suspended" Nov 9 06:35:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.103 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=55059 DPT=4018 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:35:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13319 SEQ=1 Nov 9 06:35:07 server83 dhclient[797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x78972ff9) Nov 9 06:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23671 SEQ=1 Nov 9 06:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23671 SEQ=1 Nov 9 06:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23325 SEQ=1 Nov 9 06:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=32697 DF PROTO=ICMP TYPE=8 CODE=0 ID=65344 SEQ=35238 Nov 9 06:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6250 SEQ=1 Nov 9 06:35:14 server83 NetworkManager[922]: <warn> [1762650314.4403] dhcp4 (eth1): request timed out Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4403] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4482] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 797 Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4482] dhcp4 (eth1): state changed timeout -> done Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4484] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:35:14 server83 NetworkManager[922]: <warn> [1762650314.4487] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4489] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4520] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4523] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4524] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4526] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4535] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4537] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:35:14 server83 NetworkManager[922]: <info> [1762650314.4548] dhcp4 (eth1): dhclient started with pid 7191 Nov 9 06:35:14 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x51b7921) Nov 9 06:35:17 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x51b7921) Nov 9 06:35:18 server83 letsencrypt.live.cgi: time="2025-11-09T06:35:18+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=leohomeshiftings WantedNames="[]" error="Account is suspended" Nov 9 06:35:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8852 SEQ=1 Nov 9 06:35:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41677 SEQ=1 Nov 9 06:35:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:35:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29369 SEQ=1 Nov 9 06:35:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37562 SEQ=1 Nov 9 06:35:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=6420 PROTO=TCP SPT=47263 DPT=19297 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:35:22 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x51b7921) Nov 9 06:35:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.229 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=54892 DPT=84 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:35:29 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x51b7921) Nov 9 06:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5841 SEQ=1 Nov 9 06:35:33 server83 letsencrypt.live.cgi: time="2025-11-09T06:35:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crmdev2cloudlive WantedNames="[]" Nov 9 06:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40386 SEQ=1 Nov 9 06:35:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21731 SEQ=1 Nov 9 06:35:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.183.207.77 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=21721 PROTO=TCP SPT=61010 DPT=8080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:35:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5216 SEQ=1 Nov 9 06:35:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.121 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50451 DPT=9900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:35:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57073 SEQ=1 Nov 9 06:35:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:35:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:35:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:35:40 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x51b7921) Nov 9 06:35:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59180 PROTO=TCP SPT=61234 DPT=5981 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:35:46 server83 pam_imunify_daemon.bin: time="2025-11-09T06:35:46+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:35:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:35:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:35:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49566 PROTO=TCP SPT=49956 DPT=25203 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:35:49 server83 letsencrypt.live.cgi: time="2025-11-09T06:35:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=oceannetworkexpr WantedNames="[]" Nov 9 06:35:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61246 PROTO=TCP SPT=48697 DPT=48099 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:35:50 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x51b7921) Nov 9 06:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9054 SEQ=1 Nov 9 06:35:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=63715 PROTO=TCP SPT=50942 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31025 SEQ=1 Nov 9 06:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35479 SEQ=1 Nov 9 06:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13872 SEQ=1 Nov 9 06:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55872 SEQ=1 Nov 9 06:35:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34631 PROTO=TCP SPT=58686 DPT=5135 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:35:57 server83 dhclient[7191]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x51b7921) Nov 9 06:35:59 server83 NetworkManager[922]: <warn> [1762650359.4493] dhcp4 (eth1): request timed out Nov 9 06:35:59 server83 NetworkManager[922]: <info> [1762650359.4493] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:35:59 server83 NetworkManager[922]: <info> [1762650359.4652] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7191 Nov 9 06:35:59 server83 NetworkManager[922]: <info> [1762650359.4653] dhcp4 (eth1): state changed timeout -> done Nov 9 06:35:59 server83 NetworkManager[922]: <info> [1762650359.4654] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:35:59 server83 NetworkManager[922]: <warn> [1762650359.4658] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:35:59 server83 NetworkManager[922]: <info> [1762650359.4659] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:36:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56182 PROTO=TCP SPT=46370 DPT=1800 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:36:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:36:01 server83 systemd: Started Session 307789 of user root. Nov 9 06:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:36:01 server83 systemd: Started Session 307790 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307792 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307791 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307793 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307794 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307796 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307797 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307795 of user root. Nov 9 06:36:01 server83 systemd: Started Session 307798 of user root. Nov 9 06:36:04 server83 letsencrypt.live.cgi: time="2025-11-09T06:36:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=riafinancialfran WantedNames="[]" Nov 9 06:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38081 SEQ=1 Nov 9 06:36:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57264 PROTO=TCP SPT=41834 DPT=8449 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13580 SEQ=1 Nov 9 06:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13580 SEQ=1 Nov 9 06:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37540 SEQ=1 Nov 9 06:36:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.159.99.101 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36691 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50366 SEQ=1 Nov 9 06:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37540 SEQ=1 Nov 9 06:36:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=30898 PROTO=TCP SPT=55917 DPT=7513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:36:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49665 DPT=46747 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:36:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.216 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29389 PROTO=TCP SPT=48797 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:36:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.216 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29390 PROTO=TCP SPT=48797 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:36:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34198 PROTO=TCP SPT=49462 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:36:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.216 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29391 PROTO=TCP SPT=48797 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:36:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34199 PROTO=TCP SPT=49462 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:36:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34201 PROTO=TCP SPT=49462 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:36:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.163 DST=51.210.113.204 LEN=61 TOS=0x00 PREC=0x00 TTL=108 ID=9079 DF PROTO=ICMP TYPE=8 CODE=0 ID=9296 SEQ=40455 Nov 9 06:36:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54630 SEQ=1 Nov 9 06:36:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54630 SEQ=1 Nov 9 06:36:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34605 SEQ=1 Nov 9 06:36:20 server83 letsencrypt.live.cgi: time="2025-11-09T06:36:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=studentinspirati WantedNames="[]" Nov 9 06:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28379 SEQ=1 Nov 9 06:36:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.192.66 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=38664 PROTO=TCP SPT=43706 DPT=5902 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:36:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.26 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=63753 PROTO=TCP SPT=35767 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:36:27 server83 systemd: Started Session c2842 of user root. Nov 9 06:36:28 server83 scripts.sh: Load Average: 3.21 , 3.43 Nov 9 06:36:28 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 06:36:28 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 06:36:28 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 06:36:28 server83 scripts.sh: HTTPD Status: inactive Nov 9 06:36:28 server83 scripts.sh: MySQL Status: active Nov 9 06:36:28 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 06:36:28 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 06:36:28 server83 scripts.sh: SSHD Status: active Nov 9 06:36:28 server83 scripts.sh: FTP Status: active Nov 9 06:36:28 server83 scripts.sh: LiteSpeed Status: Active Nov 9 06:36:28 server83 scripts.sh: Imunify Status: Active Nov 9 06:36:28 server83 scripts.sh: cPanel Status: active Nov 9 06:36:28 server83 scripts.sh: Memory Status: 12/31 GB - 39.80% Nov 9 06:36:28 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 06:36:28 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 06:36:28 server83 scripts.sh: Local Version: 4.4.5 Nov 9 06:36:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.54.31.38 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=49035 PROTO=TCP SPT=14898 DPT=5222 WINDOW=44853 RES=0x00 SYN URGP=0 Nov 9 06:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46932 SEQ=1 Nov 9 06:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=1 Nov 9 06:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63543 SEQ=1 Nov 9 06:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9154 SEQ=1 Nov 9 06:36:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38666 SEQ=1 Nov 9 06:36:35 server83 letsencrypt.live.cgi: time="2025-11-09T06:36:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ziniexpress WantedNames="[]" Nov 9 06:36:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.116 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=24312 PROTO=TCP SPT=37704 DPT=886 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:36:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:36:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3497 PROTO=TCP SPT=49956 DPT=25214 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:36:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9154 SEQ=1 Nov 9 06:36:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58418 PROTO=TCP SPT=45727 DPT=34883 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:36:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:36:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:36:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51934 SEQ=1 Nov 9 06:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22578 SEQ=1 Nov 9 06:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9609 SEQ=1 Nov 9 06:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16307 SEQ=1 Nov 9 06:36:51 server83 letsencrypt.live.cgi: time="2025-11-09T06:36:51+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=subidha2024 WantedNames="[]" error="Account is suspended" Nov 9 06:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31407 SEQ=1 Nov 9 06:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16899 SEQ=1 Nov 9 06:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=22263 DF PROTO=ICMP TYPE=8 CODE=0 ID=60878 SEQ=46582 Nov 9 06:36:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58976 PROTO=TCP SPT=43739 DPT=2426 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:37:01 server83 aibolit_wrapper[20362]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626504218090284.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626504218091436.txt --log=/tmp/malware_cleaner_log_17626504218092430.txt --progress=/tmp/malware_cleaner_progress_17626504218092150.json --csv_result=/tmp/revisium_csvfile_17626504218092268.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:37:01 server83 systemd: Started Session 307799 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307801 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307800 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307804 of user root. Nov 9 06:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:37:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:37:01 server83 systemd: Started Session 307803 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307802 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307805 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307806 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307808 of user root. Nov 9 06:37:01 server83 systemd: Started Session 307807 of user root. Nov 9 06:37:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1987 SEQ=1 Nov 9 06:37:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27175 SEQ=1 Nov 9 06:37:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.207.220.38 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=12868 SEQ=0 Nov 9 06:37:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=116.172.200.23 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=60663 PROTO=TCP SPT=11240 DPT=8332 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29208 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:06 server83 letsencrypt.live.cgi: time="2025-11-09T06:37:06+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=adeez WantedNames="[]" error="Account is suspended" Nov 9 06:37:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29209 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27175 SEQ=1 Nov 9 06:37:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29210 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15351 SEQ=1 Nov 9 06:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42729 SEQ=1 Nov 9 06:37:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:37:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:37:12 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:37:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29211 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:37:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.127.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=53394 DPT=554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:19 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34308 SEQ=1 Nov 9 06:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18237 SEQ=1 Nov 9 06:37:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29212 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:21 server83 letsencrypt.live.cgi: time="2025-11-09T06:37:21+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ladogroup WantedNames="[]" error="Account is suspended" Nov 9 06:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11590 SEQ=1 Nov 9 06:37:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.36.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5691 DF PROTO=TCP SPT=37828 DPT=5344 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:37:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.240.130 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=12833 PROTO=TCP SPT=43851 DPT=2000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.240.170 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=22713 PROTO=TCP SPT=48631 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3451 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:37:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.148.147.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51029 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.200.116.52 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54371 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=39004 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:31 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:37:32 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.85 DST=51.210.113.204 LEN=33 TOS=0x00 PREC=0x00 TTL=46 ID=5363 DF PROTO=UDP SPT=62010 DPT=3702 LEN=13 Nov 9 06:37:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:37:32 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:37:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42330 PROTO=TCP SPT=50138 DPT=1022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47040 SEQ=1 Nov 9 06:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24772 SEQ=1 Nov 9 06:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3748 SEQ=1 Nov 9 06:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61691 SEQ=1 Nov 9 06:37:37 server83 letsencrypt.live.cgi: time="2025-11-09T06:37:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=apexrenewablesol WantedNames="[]" Nov 9 06:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29213 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35971 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46369 SEQ=1 Nov 9 06:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46369 SEQ=1 Nov 9 06:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15722 SEQ=1 Nov 9 06:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60645 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.251 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=17242 DF PROTO=TCP SPT=39389 DPT=8296 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60646 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60647 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:37:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60648 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:37:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62916 SEQ=1 Nov 9 06:37:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60723 SEQ=1 Nov 9 06:37:52 server83 letsencrypt.live.cgi: time="2025-11-09T06:37:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shadipho WantedNames="[]" Nov 9 06:37:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46623 SEQ=1 Nov 9 06:37:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7730 SEQ=1 Nov 9 06:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60649 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:38:01 server83 systemd: Started Session 307809 of user root. Nov 9 06:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:38:01 server83 systemd: Started Session 307810 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307811 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307814 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307815 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307812 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307816 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307817 of user root. Nov 9 06:38:01 server83 systemd: Started Session 307813 of user root. Nov 9 06:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47785 SEQ=1 Nov 9 06:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37151 SEQ=1 Nov 9 06:38:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2330 PROTO=TCP SPT=46370 DPT=1093 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47785 SEQ=1 Nov 9 06:38:08 server83 letsencrypt.live.cgi: time="2025-11-09T06:38:08+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=frixtion WantedNames="[]" error="Account is suspended" Nov 9 06:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61376 SEQ=1 Nov 9 06:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7364 SEQ=1 Nov 9 06:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51808 SEQ=1 Nov 9 06:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29214 DF PROTO=TCP SPT=40180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60650 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19702 PROTO=TCP SPT=45246 DPT=8471 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:38:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40320 SEQ=1 Nov 9 06:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60256 SEQ=1 Nov 9 06:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7518 SEQ=1 Nov 9 06:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39761 SEQ=1 Nov 9 06:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58477 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 06:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 06:38:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58478 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58490 SEQ=1 Nov 9 06:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58479 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58490 SEQ=1 Nov 9 06:38:23 server83 letsencrypt.live.cgi: time="2025-11-09T06:38:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jefforeillycharl WantedNames="[]" Nov 9 06:38:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3450 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58480 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=36006 DPT=9155 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1788 SEQ=1 Nov 9 06:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13079 SEQ=1 Nov 9 06:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58481 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31446 SEQ=1 Nov 9 06:38:39 server83 letsencrypt.live.cgi: time="2025-11-09T06:38:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=satyanarayanmaha WantedNames="[]" Nov 9 06:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2711 SEQ=1 Nov 9 06:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2711 SEQ=1 Nov 9 06:38:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:38:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.210.160.141 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=49 ID=9635 PROTO=TCP SPT=53315 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:38:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.210.160.141 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=49 ID=9635 PROTO=TCP SPT=53315 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.14.58.0 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37186 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60651 DF PROTO=TCP SPT=54064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34173 SEQ=1 Nov 9 06:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25033 SEQ=1 Nov 9 06:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21811 SEQ=1 Nov 9 06:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34173 SEQ=1 Nov 9 06:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58482 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21811 SEQ=1 Nov 9 06:38:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39587 PROTO=TCP SPT=43739 DPT=2488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:38:55 server83 letsencrypt.live.cgi: time="2025-11-09T06:38:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rlbpvtiti WantedNames="[]" Nov 9 06:38:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.54 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56041 DPT=2160 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:38:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7710 DF PROTO=TCP SPT=63103 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:38:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7711 DF PROTO=TCP SPT=28626 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=581 PROTO=TCP SPT=49755 DPT=12300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7712 DF PROTO=TCP SPT=63103 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7713 DF PROTO=TCP SPT=28626 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:01 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.235.176.50 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=UDP SPT=35829 DPT=123 LEN=200 Nov 9 06:39:01 server83 systemd: Started Session 307818 of user root. Nov 9 06:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:39:01 server83 systemd: Started Session 307819 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307820 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307821 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307822 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307823 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307824 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307825 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307826 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307827 of user root. Nov 9 06:39:01 server83 systemd: Started Session 307828 of user root. Nov 9 06:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:39:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47649 SEQ=1 Nov 9 06:39:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7714 DF PROTO=TCP SPT=63103 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36758 SEQ=1 Nov 9 06:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37734 SEQ=1 Nov 9 06:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17347 SEQ=1 Nov 9 06:39:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.16 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=40956 PROTO=TCP SPT=26200 DPT=3153 WINDOW=62182 RES=0x00 SYN URGP=0 Nov 9 06:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7716 DF PROTO=TCP SPT=63103 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7717 DF PROTO=TCP SPT=28626 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58583 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12592 DF PROTO=TCP SPT=52206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47649 SEQ=1 Nov 9 06:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36758 SEQ=1 Nov 9 06:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31755 SEQ=1 Nov 9 06:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53073 SEQ=1 Nov 9 06:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41576 SEQ=1 Nov 9 06:39:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12593 DF PROTO=TCP SPT=52206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12594 DF PROTO=TCP SPT=52206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:10 server83 letsencrypt.live.cgi: time="2025-11-09T06:39:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=celtega WantedNames="[]" Nov 9 06:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58707 PROTO=TCP SPT=45727 DPT=32980 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:39:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.127 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=1653 DPT=1434 LEN=9 Nov 9 06:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7718 DF PROTO=TCP SPT=63103 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:39:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5913 SEQ=1 Nov 9 06:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9073 SEQ=1 Nov 9 06:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60627 SEQ=1 Nov 9 06:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42754 SEQ=1 Nov 9 06:39:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=32820 PROTO=TCP SPT=47919 DPT=9090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12596 DF PROTO=TCP SPT=52206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52090 PROTO=TCP SPT=49956 DPT=25292 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:39:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60627 SEQ=1 Nov 9 06:39:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58483 DF PROTO=TCP SPT=40032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=40.124.172.38 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=46326 PROTO=TCP SPT=41424 DPT=5902 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:39:26 server83 letsencrypt.live.cgi: time="2025-11-09T06:39:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rajatfoundation WantedNames="[]" Nov 9 06:39:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:39:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12263 PROTO=TCP SPT=45797 DPT=4244 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28631 SEQ=1 Nov 9 06:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28631 SEQ=1 Nov 9 06:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37201 SEQ=1 Nov 9 06:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3449 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:39:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58340 SEQ=1 Nov 9 06:39:36 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:39:36 server83 systemd: Stopped Status Update Service. Nov 9 06:39:36 server83 systemd: Started Status Update Service. Nov 9 06:39:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.221.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35357 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12597 DF PROTO=TCP SPT=52206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28058 SEQ=1 Nov 9 06:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26721 SEQ=1 Nov 9 06:39:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.50.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=56636 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17475 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:42 server83 letsencrypt.live.cgi: time="2025-11-09T06:39:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=legalonline WantedNames="[]" Nov 9 06:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17476 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10054 PROTO=TCP SPT=49956 DPT=25825 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:39:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17477 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17478 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3442 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50436 SEQ=1 Nov 9 06:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50436 SEQ=1 Nov 9 06:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11436 SEQ=1 Nov 9 06:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13289 SEQ=1 Nov 9 06:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54274 SEQ=1 Nov 9 06:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39167 SEQ=1 Nov 9 06:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17479 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:39:57 server83 letsencrypt.live.cgi: time="2025-11-09T06:39:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=metagrowthcap WantedNames="[]" Nov 9 06:39:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3448 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:40:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=36956 PROTO=TCP SPT=55975 DPT=7618 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:40:01 server83 systemd: Started Session 307830 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307829 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307832 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307835 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307831 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307834 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307836 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307838 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307837 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307839 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307841 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307833 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307843 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307842 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307840 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307844 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307845 of user root. Nov 9 06:40:01 server83 systemd: Started Session 307846 of user root. Nov 9 06:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:40:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37096 SEQ=1 Nov 9 06:40:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49927 DPT=11084 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42152 SEQ=1 Nov 9 06:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43132 SEQ=1 Nov 9 06:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14800 SEQ=1 Nov 9 06:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31603 SEQ=1 Nov 9 06:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12598 DF PROTO=TCP SPT=52206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17480 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:13 server83 letsencrypt.live.cgi: time="2025-11-09T06:40:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jssvm WantedNames="[]" Nov 9 06:40:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49837 SEQ=1 Nov 9 06:40:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.62 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=22349 PROTO=TCP SPT=59156 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:40:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25069 SEQ=1 Nov 9 06:40:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=10218 DF PROTO=TCP SPT=3796 DPT=22115 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25069 SEQ=1 Nov 9 06:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32593 SEQ=1 Nov 9 06:40:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41988 SEQ=1 Nov 9 06:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42909 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42910 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34081 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.211.47.162 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=47263 DF PROTO=TCP SPT=48287 DPT=9085 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 06:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42911 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37925 SEQ=1 Nov 9 06:40:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32593 SEQ=1 Nov 9 06:40:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2993 PROTO=TCP SPT=61234 DPT=5921 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:40:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42912 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:40:28 server83 letsencrypt.live.cgi: time="2025-11-09T06:40:28+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=groupmobileit WantedNames="[]" error="Account is suspended" Nov 9 06:40:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60021 SEQ=1 Nov 9 06:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1099 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42913 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60794 SEQ=1 Nov 9 06:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3253 SEQ=1 Nov 9 06:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53116 SEQ=1 Nov 9 06:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30019 SEQ=1 Nov 9 06:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22891 SEQ=1 Nov 9 06:40:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64776 PROTO=TCP SPT=43739 DPT=2417 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:40:44 server83 letsencrypt.live.cgi: time="2025-11-09T06:40:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=onepointsolution WantedNames="[]" error="Account is suspended" Nov 9 06:40:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.50.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35120 DPT=2404 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:40:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17481 DF PROTO=TCP SPT=35220 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:46 server83 imunify360-php-daemon[734]: error sending perf stats: too many requests Nov 9 06:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:40:46 server83 imunify360-php-daemon[734]: connections: {total = 18975, closed_as_old = 0, dropped = 5},#012messages: {total_received = 48538, blamer_received = 48528, blamer_filtered = 476, aggregated = 342, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 141, send = 0, send_failed = 144, stored = 3, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 11811, fevents_total = 14721,#012#011#011#011#011 fevents_filtered = {total = 33817, wrong_id = 131477, wrong_function_name = 8531167, match_file_false = 5975780, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 2230, fevents_stored_updated = 548, fevents_send_success = 0, fevents_send_failure = 26 } Nov 9 06:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 19784848 B, totalAlloc = 790880870688 B, sys = 68965640 B, rss = 187273216 B Nov 9 06:40:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19669 SEQ=1 Nov 9 06:40:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24049 PROTO=TCP SPT=57422 DPT=9805 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23166 SEQ=1 Nov 9 06:40:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29181 SEQ=1 Nov 9 06:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23166 SEQ=1 Nov 9 06:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6349 SEQ=1 Nov 9 06:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31222 SEQ=1 Nov 9 06:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.86.75.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57849 PROTO=TCP SPT=61234 DPT=5964 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42914 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:40:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21880 SEQ=1 Nov 9 06:40:59 server83 letsencrypt.live.cgi: time="2025-11-09T06:40:59+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=aestheticeaves WantedNames="[]" error="Account is suspended" Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4484] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4488] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4489] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4493] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4503] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4506] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:40:59 server83 NetworkManager[922]: <info> [1762650659.4517] dhcp4 (eth1): dhclient started with pid 12617 Nov 9 06:40:59 server83 dhclient[12617]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x5101c01c) Nov 9 06:41:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1429 SEQ=1 Nov 9 06:41:01 server83 systemd: Started Session 307847 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307848 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307849 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307850 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307852 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307855 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307854 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307856 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307851 of user root. Nov 9 06:41:01 server83 systemd: Started Session 307853 of user root. Nov 9 06:41:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33512 SEQ=1 Nov 9 06:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23047 SEQ=1 Nov 9 06:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51153 SEQ=1 Nov 9 06:41:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37571 PROTO=TCP SPT=43448 DPT=2437 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:41:03 server83 dhclient[12617]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x5101c01c) Nov 9 06:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1429 SEQ=1 Nov 9 06:41:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33512 SEQ=1 Nov 9 06:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30234 SEQ=1 Nov 9 06:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9327 SEQ=1 Nov 9 06:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42677 DF PROTO=TCP SPT=39868 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10539 SEQ=1 Nov 9 06:41:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42678 DF PROTO=TCP SPT=39868 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42679 DF PROTO=TCP SPT=39868 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:12 server83 dhclient[12617]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5101c01c) Nov 9 06:41:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:41:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=donwhite WantedNames="[]" Nov 9 06:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.6 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=15873 PROTO=TCP SPT=26200 DPT=8418 WINDOW=16977 RES=0x00 SYN URGP=0 Nov 9 06:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58467 PROTO=TCP SPT=37537 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:41:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42680 DF PROTO=TCP SPT=39868 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58468 PROTO=TCP SPT=37537 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:41:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49285 PROTO=TCP SPT=62915 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:41:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58469 PROTO=TCP SPT=37537 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28800 SEQ=1 Nov 9 06:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=21130 DF PROTO=ICMP TYPE=8 CODE=0 ID=4033 SEQ=31922 Nov 9 06:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64704 SEQ=1 Nov 9 06:41:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49287 PROTO=TCP SPT=62915 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64704 SEQ=1 Nov 9 06:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61913 SEQ=1 Nov 9 06:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37134 SEQ=1 Nov 9 06:41:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49289 PROTO=TCP SPT=62915 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14729 SEQ=1 Nov 9 06:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=49640 PROTO=TCP SPT=48697 DPT=36322 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:41:25 server83 dhclient[12617]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5101c01c) Nov 9 06:41:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42915 DF PROTO=TCP SPT=39322 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=3404 PROTO=TCP SPT=53634 DPT=27298 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:41:30 server83 letsencrypt.live.cgi: time="2025-11-09T06:41:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=unitycredunion WantedNames="[]" Nov 9 06:41:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7720 DF PROTO=TCP SPT=50682 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:41:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7721 DF PROTO=TCP SPT=50682 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:41:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7722 DF PROTO=TCP SPT=50682 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18769 SEQ=1 Nov 9 06:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51818 SEQ=1 Nov 9 06:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19368 SEQ=1 Nov 9 06:41:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7723 DF PROTO=TCP SPT=50682 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29006 SEQ=1 Nov 9 06:41:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22837 SEQ=1 Nov 9 06:41:39 server83 dhclient[12617]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x5101c01c) Nov 9 06:41:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60512 SEQ=1 Nov 9 06:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42682 DF PROTO=TCP SPT=39868 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:40 server83 aibolit_wrapper[16722]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626507008760392.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626507008762036.txt --log=/tmp/malware_cleaner_log_17626507008763670.txt --progress=/tmp/malware_cleaner_progress_17626507008763242.json --csv_result=/tmp/revisium_csvfile_17626507008763426.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21892 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:43 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 06:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=29240 PROTO=TCP SPT=48713 DPT=34734 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:41:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21893 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:44 server83 NetworkManager[922]: <warn> [1762650704.4393] dhcp4 (eth1): request timed out Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4553] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12617 Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4554] dhcp4 (eth1): state changed timeout -> done Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4556] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:41:44 server83 NetworkManager[922]: <warn> [1762650704.4562] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4565] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4598] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4603] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4604] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4608] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4619] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4622] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:41:44 server83 NetworkManager[922]: <info> [1762650704.4635] dhcp4 (eth1): dhclient started with pid 17050 Nov 9 06:41:44 server83 dhclient[17050]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x79d50566) Nov 9 06:41:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.151 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55378 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:41:45 server83 aibolit_wrapper[17130]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626507051171170.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626507051173522.txt --log=/tmp/malware_cleaner_log_17626507051176104.txt --progress=/tmp/malware_cleaner_progress_17626507051175590.json --csv_result=/tmp/revisium_csvfile_17626507051175776.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:41:45 server83 letsencrypt.live.cgi: time="2025-11-09T06:41:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=thermens WantedNames="[]" Nov 9 06:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7724 DF PROTO=TCP SPT=50682 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21894 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:41:49 server83 dhclient[17050]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x79d50566) Nov 9 06:41:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21895 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:50 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:41:50 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:41:52 server83 aibolit_wrapper[17896]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626507124076480.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626507124080318.txt --progress=/tmp/malware_cleaner_progress_17626507124079788.json --csv_result=/tmp/revisium_csvfile_17626507124080012.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.107.194 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=22396 DF PROTO=ICMP TYPE=8 CODE=0 ID=25347 SEQ=43100 Nov 9 06:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24333 SEQ=1 Nov 9 06:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9927 SEQ=1 Nov 9 06:41:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.51 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=42634 DF PROTO=TCP SPT=49358 DPT=8845 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57428 SEQ=1 Nov 9 06:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50204 SEQ=1 Nov 9 06:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21896 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:41:59 server83 dhclient[17050]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x79d50566) Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:42:01 server83 systemd: Started Session 307858 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307860 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307857 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307861 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307862 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307859 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307863 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307864 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307865 of user root. Nov 9 06:42:01 server83 systemd: Started Session 307866 of user root. Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:42:01 server83 letsencrypt.live.cgi: time="2025-11-09T06:42:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gdcmanikpur WantedNames="[]" Nov 9 06:42:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3441 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52515 SEQ=1 Nov 9 06:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5874 SEQ=1 Nov 9 06:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.140 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=108 ID=45124 DF PROTO=ICMP TYPE=8 CODE=0 ID=55093 SEQ=30949 Nov 9 06:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64593 SEQ=1 Nov 9 06:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47947 SEQ=1 Nov 9 06:42:09 server83 dhclient[17050]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x79d50566) Nov 9 06:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34042 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:42:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:42:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:42:14 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42683 DF PROTO=TCP SPT=39868 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21897 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:17 server83 letsencrypt.live.cgi: time="2025-11-09T06:42:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=panchayatloan WantedNames="[]" Nov 9 06:42:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9358 PROTO=TCP SPT=42369 DPT=9337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:42:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3834 SEQ=1 Nov 9 06:42:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.126.63 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=59155 DPT=554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:42:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54773 SEQ=1 Nov 9 06:42:19 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:42:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.246 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51265 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:42:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:42:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29790 SEQ=1 Nov 9 06:42:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7725 DF PROTO=TCP SPT=51956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:42:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=134.209.158.238 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=20214 PROTO=TCP SPT=61005 DPT=8001 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32604 SEQ=1 Nov 9 06:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25842 SEQ=1 Nov 9 06:42:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7726 DF PROTO=TCP SPT=51956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29790 SEQ=1 Nov 9 06:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13027 DF PROTO=TCP SPT=34554 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.129.69.65 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=62745 DF PROTO=ICMP TYPE=8 CODE=0 ID=38094 SEQ=10099 Nov 9 06:42:24 server83 dhclient[17050]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x79d50566) Nov 9 06:42:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13029 DF PROTO=TCP SPT=34554 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7728 DF PROTO=TCP SPT=51956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:42:29 server83 NetworkManager[922]: <warn> [1762650749.4403] dhcp4 (eth1): request timed out Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4403] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4563] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17050 Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4564] dhcp4 (eth1): state changed timeout -> done Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4566] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:42:29 server83 NetworkManager[922]: <warn> [1762650749.4571] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4574] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4610] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4615] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4616] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4621] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4632] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4636] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:42:29 server83 NetworkManager[922]: <info> [1762650749.4648] dhcp4 (eth1): dhclient started with pid 19305 Nov 9 06:42:29 server83 dhclient[19305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x48695763) Nov 9 06:42:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=21582 PROTO=TCP SPT=47254 DPT=8384 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13030 DF PROTO=TCP SPT=34554 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14388 SEQ=1 Nov 9 06:42:32 server83 letsencrypt.live.cgi: time="2025-11-09T06:42:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=spotweldmetal WantedNames="[]" error="Account is suspended" Nov 9 06:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62888 SEQ=1 Nov 9 06:42:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25143 SEQ=1 Nov 9 06:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12276 SEQ=1 Nov 9 06:42:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44657 PROTO=TCP SPT=49956 DPT=27709 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:42:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7729 DF PROTO=TCP SPT=51956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:42:36 server83 dhclient[19305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x48695763) Nov 9 06:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37324 PROTO=TCP SPT=49956 DPT=29896 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13031 DF PROTO=TCP SPT=34554 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18223 SEQ=1 Nov 9 06:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21898 DF PROTO=TCP SPT=52304 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47886 SEQ=1 Nov 9 06:42:48 server83 letsencrypt.live.cgi: time="2025-11-09T06:42:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=lucasports WantedNames="[]" Nov 9 06:42:50 server83 dhclient[19305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x48695763) Nov 9 06:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=58424 PROTO=TCP SPT=44603 DPT=5060 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=655 SEQ=1 Nov 9 06:42:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3440 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10535 SEQ=1 Nov 9 06:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47886 SEQ=1 Nov 9 06:42:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58655 SEQ=1 Nov 9 06:42:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42760 SEQ=1 Nov 9 06:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13032 DF PROTO=TCP SPT=34554 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:42:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.223 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=14606 DF PROTO=ICMP TYPE=8 CODE=0 ID=62059 SEQ=45848 Nov 9 06:42:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.208.236 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53117 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:42:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56710 DPT=23230 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:42:57 server83 dhclient[19305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x48695763) Nov 9 06:43:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59689 SEQ=1 Nov 9 06:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:43:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:43:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:43:01 server83 systemd: Started Session 307867 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307869 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307870 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307868 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307873 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307872 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307871 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307874 of user root. Nov 9 06:43:01 server83 systemd: Started Session 307875 of user root. Nov 9 06:43:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5963 SEQ=1 Nov 9 06:43:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47329 SEQ=1 Nov 9 06:43:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53956 SEQ=1 Nov 9 06:43:03 server83 letsencrypt.live.cgi: time="2025-11-09T06:43:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gwipsedu WantedNames="[]" Nov 9 06:43:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53397 PROTO=TCP SPT=49956 DPT=27232 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:43:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11140 PROTO=TCP SPT=54739 DPT=2493 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:43:11 server83 dhclient[19305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x48695763) Nov 9 06:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3447 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34162 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:43:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34163 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:14 server83 NetworkManager[922]: <warn> [1762650794.4513] dhcp4 (eth1): request timed out Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19305 Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:43:14 server83 NetworkManager[922]: <warn> [1762650794.4600] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4603] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4637] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4641] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4642] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4647] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4657] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4659] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:43:14 server83 NetworkManager[922]: <info> [1762650794.4671] dhcp4 (eth1): dhclient started with pid 20235 Nov 9 06:43:14 server83 dhclient[20235]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x43cc0dac) Nov 9 06:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.142.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=7643 DF PROTO=TCP SPT=42665 DPT=1104 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34164 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46090 PROTO=TCP SPT=49956 DPT=28135 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:43:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53886 SEQ=1 Nov 9 06:43:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47851 SEQ=1 Nov 9 06:43:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29964 SEQ=1 Nov 9 06:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39458 PROTO=TCP SPT=59953 DPT=9652 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34165 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:20 server83 letsencrypt.live.cgi: time="2025-11-09T06:43:20+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=pointmemberktmru WantedNames="[]" error="Account is suspended" Nov 9 06:43:21 server83 dhclient[20235]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x43cc0dac) Nov 9 06:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27598 SEQ=1 Nov 9 06:43:22 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=111.170.22.8 DST=51.210.113.204 LEN=118 TOS=0x00 PREC=0x00 TTL=43 ID=45740 DF PROTO=UDP SPT=40480 DPT=1027 LEN=98 Nov 9 06:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30599 SEQ=1 Nov 9 06:43:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20037 PROTO=TCP SPT=50272 DPT=26589 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34166 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.194.250.113 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4815 DF PROTO=TCP SPT=38444 DPT=4851 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:43:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13033 DF PROTO=TCP SPT=34554 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50682 DPT=20080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:43:36 server83 letsencrypt.live.cgi: time="2025-11-09T06:43:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=limoautoev WantedNames="[]" Nov 9 06:43:36 server83 dhclient[20235]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x43cc0dac) Nov 9 06:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49765 SEQ=1 Nov 9 06:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60010 SEQ=1 Nov 9 06:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13785 SEQ=1 Nov 9 06:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55945 SEQ=1 Nov 9 06:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42060 SEQ=1 Nov 9 06:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34167 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28723 DF PROTO=TCP SPT=39278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28724 DF PROTO=TCP SPT=39278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.40.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38896 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:43:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28725 DF PROTO=TCP SPT=39278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:50 server83 scripts.sh: Sun Nov 9 06:43:50 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 06:43:51 server83 letsencrypt.live.cgi: time="2025-11-09T06:43:51+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=adyanass WantedNames="[]" error="Account is suspended" Nov 9 06:43:51 server83 dhclient[20235]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x43cc0dac) Nov 9 06:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.129.81.224 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=50 ID=65007 DF PROTO=ICMP TYPE=8 CODE=0 ID=56366 SEQ=23094 Nov 9 06:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=141.94.76.134 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=50 ID=35798 DF PROTO=ICMP TYPE=8 CODE=0 ID=47881 SEQ=15876 Nov 9 06:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=488 SEQ=1 Nov 9 06:43:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.75.23.120 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=50 ID=8792 DF PROTO=ICMP TYPE=8 CODE=0 ID=21330 SEQ=64539 Nov 9 06:43:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=141.94.78.40 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=50 ID=53323 DF PROTO=ICMP TYPE=8 CODE=0 ID=1086 SEQ=53227 Nov 9 06:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28726 DF PROTO=TCP SPT=39278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:43:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29964 SEQ=1 Nov 9 06:43:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3439 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:43:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.112 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56382 DPT=9782 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:43:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.14.119 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=45 ID=43773 DF PROTO=TCP SPT=44797 DPT=45006 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 06:43:59 server83 NetworkManager[922]: <warn> [1762650839.4513] dhcp4 (eth1): request timed out Nov 9 06:43:59 server83 NetworkManager[922]: <info> [1762650839.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:43:59 server83 NetworkManager[922]: <info> [1762650839.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20235 Nov 9 06:43:59 server83 NetworkManager[922]: <info> [1762650839.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 06:43:59 server83 NetworkManager[922]: <info> [1762650839.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:43:59 server83 NetworkManager[922]: <warn> [1762650839.4599] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:43:59 server83 NetworkManager[922]: <info> [1762650839.4601] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:43:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3446 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.50.16.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56390 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:44:01 server83 systemd: Started Session 307877 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307876 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307879 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307880 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307882 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307881 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307878 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307883 of user root. Nov 9 06:44:01 server83 systemd: Started Session 307884 of user root. Nov 9 06:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3445 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48872 SEQ=1 Nov 9 06:44:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43529 SEQ=1 Nov 9 06:44:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35880 PROTO=TCP SPT=45727 DPT=32069 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:06 server83 letsencrypt.live.cgi: time="2025-11-09T06:44:06+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bestgynecologist WantedNames="[]" error="Account is suspended" Nov 9 06:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3503 SEQ=1 Nov 9 06:44:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34150 SEQ=1 Nov 9 06:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36871 SEQ=1 Nov 9 06:44:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=24609 PROTO=TCP SPT=33918 DPT=14168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:44:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.17 DST=145.239.177.179 LEN=35 TOS=0x00 PREC=0x00 TTL=45 ID=17046 DF PROTO=UDP SPT=60025 DPT=177 LEN=15 Nov 9 06:44:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27852 PROTO=TCP SPT=43739 DPT=2611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48707 PROTO=TCP SPT=45727 DPT=33281 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19270 SEQ=1 Nov 9 06:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28728 DF PROTO=TCP SPT=39278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34168 DF PROTO=TCP SPT=41398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64140 SEQ=1 Nov 9 06:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26716 SEQ=1 Nov 9 06:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.247.23 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5023 DF PROTO=TCP SPT=46513 DPT=2073 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3438 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:22 server83 letsencrypt.live.cgi: time="2025-11-09T06:44:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=greenpowernet WantedNames="[]" Nov 9 06:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56607 SEQ=1 Nov 9 06:44:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.120 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=43378 DF PROTO=TCP SPT=1224 DPT=8111 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56607 SEQ=1 Nov 9 06:44:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48142 SEQ=1 Nov 9 06:44:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19270 SEQ=1 Nov 9 06:44:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=1015 DF PROTO=ICMP TYPE=8 CODE=0 ID=38140 SEQ=26314 Nov 9 06:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.162 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56500 DPT=14506 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40928 PROTO=TCP SPT=59575 DPT=9824 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13068 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13069 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13070 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35560 SEQ=1 Nov 9 06:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26457 SEQ=1 Nov 9 06:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53506 SEQ=1 Nov 9 06:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13071 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:37 server83 pam_imunify_daemon.bin: time="2025-11-09T06:44:37+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28515 SEQ=1 Nov 9 06:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44442 SEQ=1 Nov 9 06:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13072 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:44:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56123 PROTO=TCP SPT=46370 DPT=2484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=55517 DPT=8880 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:44:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=42490 DPT=81 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:44:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=7472 DPT=8080 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:44:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=19859 DPT=8008 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:44:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=64929 DPT=888 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:44:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:44:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:44:47 server83 letsencrypt.live.cgi: time="2025-11-09T06:44:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=universalairdrop WantedNames="[]" Nov 9 06:44:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56473 PROTO=TCP SPT=35134 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:44:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28729 DF PROTO=TCP SPT=39278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:44:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55306 SEQ=1 Nov 9 06:44:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60861 SEQ=1 Nov 9 06:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34238 SEQ=1 Nov 9 06:44:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39223 PROTO=TCP SPT=49956 DPT=26521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46211 SEQ=1 Nov 9 06:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2954 SEQ=1 Nov 9 06:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11293 SEQ=1 Nov 9 06:44:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41722 PROTO=TCP SPT=47359 DPT=5247 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13073 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:45:01 server83 systemd: Started Session 307887 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307886 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307888 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307889 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307892 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307885 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307890 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307891 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307897 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307898 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307893 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307895 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307896 of user root. Nov 9 06:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 06:45:01 server83 systemd: Started Session 307900 of user sanatanhinduvahi. Nov 9 06:45:01 server83 systemd: Started Session 307899 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307894 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307901 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307902 of user root. Nov 9 06:45:01 server83 systemd: Started Session 307903 of user root. Nov 9 06:45:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 06:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55383 SEQ=1 Nov 9 06:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22646 SEQ=1 Nov 9 06:45:03 server83 letsencrypt.live.cgi: time="2025-11-09T06:45:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=haloliss WantedNames="[]" Nov 9 06:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53142 SEQ=1 Nov 9 06:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30821 SEQ=1 Nov 9 06:45:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52197 SEQ=1 Nov 9 06:45:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33382 PROTO=TCP SPT=50353 DPT=5096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24008 PROTO=TCP SPT=34766 DPT=7610 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48680 SEQ=1 Nov 9 06:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7026 SEQ=1 Nov 9 06:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6317 SEQ=1 Nov 9 06:45:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=33472 PROTO=TCP SPT=56972 DPT=8419 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.204 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53183 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3952 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3953 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3954 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.94 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49773 DPT=9934 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:19 server83 letsencrypt.live.cgi: time="2025-11-09T06:45:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=balramma WantedNames="[]" Nov 9 06:45:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.32.162.64 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17583 PROTO=TCP SPT=50920 DPT=5985 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11900 SEQ=1 Nov 9 06:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24109 SEQ=1 Nov 9 06:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49124 SEQ=1 Nov 9 06:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38443 SEQ=1 Nov 9 06:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51439 PROTO=TCP SPT=52973 DPT=4168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3955 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.232 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=60040 PROTO=TCP SPT=28664 DPT=46651 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13074 DF PROTO=TCP SPT=36338 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3956 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16009 SEQ=1 Nov 9 06:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16009 SEQ=1 Nov 9 06:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39300 SEQ=1 Nov 9 06:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57360 SEQ=1 Nov 9 06:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=46.250.169.216 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=53237 DF PROTO=ICMP TYPE=8 CODE=0 ID=63638 SEQ=19447 Nov 9 06:45:35 server83 letsencrypt.live.cgi: time="2025-11-09T06:45:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aryasamajmarriag WantedNames="[]" Nov 9 06:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57360 SEQ=1 Nov 9 06:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63632 SEQ=1 Nov 9 06:45:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63039 PROTO=TCP SPT=45508 DPT=5477 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.42 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49422 DPT=8085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:45:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.21 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=34165 PROTO=TCP SPT=59932 DPT=10201 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3957 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=136.243.39.87 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9112 PROTO=TCP SPT=60002 DPT=2229 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40396 DF PROTO=TCP SPT=49042 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:50 server83 letsencrypt.live.cgi: time="2025-11-09T06:45:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sbns WantedNames="[]" Nov 9 06:45:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40397 DF PROTO=TCP SPT=49042 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34655 SEQ=1 Nov 9 06:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52159 SEQ=1 Nov 9 06:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=8203 PROTO=TCP SPT=55917 DPT=7523 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:45:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4984 SEQ=1 Nov 9 06:45:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40398 DF PROTO=TCP SPT=49042 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47993 SEQ=1 Nov 9 06:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52400 SEQ=1 Nov 9 06:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2887 SEQ=1 Nov 9 06:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40399 DF PROTO=TCP SPT=49042 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:45:58 server83 systemd: Started Session c2843 of user root. Nov 9 06:45:59 server83 scripts.sh: Load Average: 3.77 , 3.68 Nov 9 06:45:59 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 06:45:59 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 06:45:59 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 06:45:59 server83 scripts.sh: HTTPD Status: inactive Nov 9 06:45:59 server83 scripts.sh: MySQL Status: active Nov 9 06:45:59 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 06:45:59 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 06:45:59 server83 scripts.sh: SSHD Status: active Nov 9 06:45:59 server83 scripts.sh: FTP Status: active Nov 9 06:45:59 server83 scripts.sh: LiteSpeed Status: Active Nov 9 06:45:59 server83 scripts.sh: Imunify Status: Active Nov 9 06:45:59 server83 scripts.sh: cPanel Status: active Nov 9 06:45:59 server83 scripts.sh: Memory Status: 12/31 GB - 38.99% Nov 9 06:45:59 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 06:45:59 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 06:45:59 server83 scripts.sh: Local Version: 4.4.5 Nov 9 06:46:01 server83 systemd: Started Session 307904 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307905 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307906 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307907 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307908 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307909 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307910 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307911 of user root. Nov 9 06:46:01 server83 systemd: Started Session 307912 of user root. Nov 9 06:46:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33749 SEQ=1 Nov 9 06:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16584 SEQ=1 Nov 9 06:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40400 DF PROTO=TCP SPT=49042 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:06 server83 letsencrypt.live.cgi: time="2025-11-09T06:46:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=niai WantedNames="[]" Nov 9 06:46:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2350 PROTO=TCP SPT=39604 DPT=5467 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42255 SEQ=1 Nov 9 06:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60436 SEQ=1 Nov 9 06:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26796 SEQ=1 Nov 9 06:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31705 SEQ=1 Nov 9 06:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31820 SEQ=1 Nov 9 06:46:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=17672 PROTO=TCP SPT=32825 DPT=30001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:46:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35662 PROTO=TCP SPT=56489 DPT=5386 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:46:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:46:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24435 PROTO=TCP SPT=56949 DPT=8519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:46:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27817 PROTO=TCP SPT=49956 DPT=27864 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62898 SEQ=1 Nov 9 06:46:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41056 SEQ=1 Nov 9 06:46:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52774 SEQ=1 Nov 9 06:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3958 DF PROTO=TCP SPT=56446 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7730 DF PROTO=TCP SPT=56558 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40401 DF PROTO=TCP SPT=49042 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:21 server83 letsencrypt.live.cgi: time="2025-11-09T06:46:21+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bakexpress WantedNames="[]" error="Account is suspended" Nov 9 06:46:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7731 DF PROTO=TCP SPT=56558 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3738 SEQ=1 Nov 9 06:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2447 SEQ=1 Nov 9 06:46:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7732 DF PROTO=TCP SPT=56558 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:46:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=56457 PROTO=TCP SPT=56033 DPT=7709 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:46:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7733 DF PROTO=TCP SPT=56558 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:46:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=798 PROTO=TCP SPT=43448 DPT=2502 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42858 DF PROTO=TCP SPT=47224 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42859 DF PROTO=TCP SPT=47224 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42860 DF PROTO=TCP SPT=47224 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14843 SEQ=1 Nov 9 06:46:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.99.13.2 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=45643 DF PROTO=ICMP TYPE=8 CODE=0 ID=26971 SEQ=43590 Nov 9 06:46:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=33865 DF PROTO=ICMP TYPE=8 CODE=0 ID=29252 SEQ=23840 Nov 9 06:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55528 SEQ=1 Nov 9 06:46:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7734 DF PROTO=TCP SPT=56558 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7614 SEQ=1 Nov 9 06:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=36.255.98.104 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=59635 PROTO=TCP SPT=45699 DPT=9000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:46:37 server83 letsencrypt.live.cgi: time="2025-11-09T06:46:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ipbeng WantedNames="[]" Nov 9 06:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42861 DF PROTO=TCP SPT=47224 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26624 SEQ=1 Nov 9 06:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59388 SEQ=1 Nov 9 06:46:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45430 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38858 PROTO=TCP SPT=45838 DPT=4797 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42862 DF PROTO=TCP SPT=47224 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:46:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:46:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25400 SEQ=1 Nov 9 06:46:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28096 SEQ=1 Nov 9 06:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=651 SEQ=1 Nov 9 06:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28096 SEQ=1 Nov 9 06:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=994 PROTO=TCP SPT=43145 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:46:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.231 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=61328 DF PROTO=TCP SPT=2066 DPT=3310 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:46:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=995 PROTO=TCP SPT=43145 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8947 SEQ=1 Nov 9 06:46:53 server83 letsencrypt.live.cgi: time="2025-11-09T06:46:53+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=skylabfacilities WantedNames="[]" error="Account is suspended" Nov 9 06:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36769 DPT=20080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.42 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=14186 PROTO=TCP SPT=16882 DPT=47368 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=48641 PROTO=TCP SPT=40165 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:46:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57612 SEQ=1 Nov 9 06:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=48643 PROTO=TCP SPT=40165 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:46:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=48645 PROTO=TCP SPT=40165 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:46:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:47:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 06:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:47:01 server83 systemd: Started Session 307913 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307915 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307917 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307918 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307914 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307919 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307920 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307916 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307921 of user root. Nov 9 06:47:01 server83 systemd: Started Session 307922 of user root. Nov 9 06:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54291 DPT=45845 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=37191 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63645 SEQ=1 Nov 9 06:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45456 SEQ=1 Nov 9 06:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57735 SEQ=1 Nov 9 06:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49944 SEQ=1 Nov 9 06:47:08 server83 letsencrypt.live.cgi: time="2025-11-09T06:47:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=traveoo WantedNames="[]" Nov 9 06:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5789 SEQ=1 Nov 9 06:47:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57073 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:15 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:47:15 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:47:15 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46602 SEQ=1 Nov 9 06:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63069 SEQ=1 Nov 9 06:47:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.12 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56009 DPT=43147 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46602 SEQ=1 Nov 9 06:47:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.170 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54666 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35368 SEQ=1 Nov 9 06:47:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2290 PROTO=TCP SPT=56949 DPT=8502 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1109 SEQ=1 Nov 9 06:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=859 SEQ=1 Nov 9 06:47:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1109 SEQ=1 Nov 9 06:47:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2696 PROTO=TCP SPT=48697 DPT=34184 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:47:24 server83 letsencrypt.live.cgi: time="2025-11-09T06:47:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=spasdangoorg WantedNames="[]" Nov 9 06:47:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17707 SEQ=1 Nov 9 06:47:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=13496 PROTO=TCP SPT=47254 DPT=41421 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:47:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44680 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.141.217 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=7547 DF PROTO=TCP SPT=44028 DPT=860 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42864 DF PROTO=TCP SPT=47224 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 06:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13365 SEQ=1 Nov 9 06:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3115 SEQ=1 Nov 9 06:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12485 SEQ=1 Nov 9 06:47:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32983 SEQ=1 Nov 9 06:47:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3115 SEQ=1 Nov 9 06:47:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3437 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:47:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:47:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:47:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=38619 PROTO=TCP SPT=51303 DPT=32573 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26360 PROTO=TCP SPT=35467 DPT=6429 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:47:49 server83 letsencrypt.live.cgi: time="2025-11-09T06:47:49+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=palakmedical WantedNames="[]" error="Account is suspended" Nov 9 06:47:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27759 SEQ=1 Nov 9 06:47:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63737 SEQ=1 Nov 9 06:47:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=6309 DF PROTO=ICMP TYPE=8 CODE=0 ID=31371 SEQ=17916 Nov 9 06:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41478 SEQ=1 Nov 9 06:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31051 SEQ=1 Nov 9 06:47:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.90 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=48667 PROTO=TCP SPT=49798 DPT=4002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2017 SEQ=1 Nov 9 06:47:54 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:47:54 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:48:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=48401 PROTO=TCP SPT=56337 DPT=11111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:48:01 server83 systemd: Started Session 307923 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307924 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307925 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307928 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307926 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307927 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307929 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307931 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307932 of user root. Nov 9 06:48:01 server83 systemd: Started Session 307930 of user root. Nov 9 06:48:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15330 SEQ=1 Nov 9 06:48:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56805 SEQ=1 Nov 9 06:48:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21622 SEQ=1 Nov 9 06:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22313 SEQ=1 Nov 9 06:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22313 SEQ=1 Nov 9 06:48:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=19682 PROTO=TCP SPT=53857 DPT=44358 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:48:05 server83 letsencrypt.live.cgi: time="2025-11-09T06:48:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jeevanlagan WantedNames="[]" Nov 9 06:48:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=12751 PROTO=TCP SPT=56114 DPT=7817 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49067 SEQ=1 Nov 9 06:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=47141 DF PROTO=ICMP TYPE=8 CODE=0 ID=3994 SEQ=1161 Nov 9 06:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53375 SEQ=1 Nov 9 06:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29609 SEQ=1 Nov 9 06:48:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25269 PROTO=TCP SPT=36363 DPT=9798 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:48:20 server83 letsencrypt.live.cgi: time="2025-11-09T06:48:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=darkdj WantedNames="[]" Nov 9 06:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 06:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 06:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62607 SEQ=1 Nov 9 06:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11739 SEQ=1 Nov 9 06:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23690 SEQ=1 Nov 9 06:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11739 SEQ=1 Nov 9 06:48:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3435 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:48:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3436 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:48:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51502 DPT=20193 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:48:30 server83 aibolit_wrapper[29371]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626511101676166.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626511101677840.txt --log=/tmp/malware_cleaner_log_17626511101679556.txt --progress=/tmp/malware_cleaner_progress_17626511101679046.json --csv_result=/tmp/revisium_csvfile_17626511101679276.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:48:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60607 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:48:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:48:34 server83 aibolit_wrapper[29571]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626511144853692.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626511144854772.txt --log=/tmp/malware_cleaner_log_17626511144855904.txt --progress=/tmp/malware_cleaner_progress_17626511144855618.json --csv_result=/tmp/revisium_csvfile_17626511144855752.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:48:36 server83 letsencrypt.live.cgi: time="2025-11-09T06:48:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ofacin WantedNames="[]" Nov 9 06:48:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46620 SEQ=1 Nov 9 06:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4511 SEQ=1 Nov 9 06:48:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4511 SEQ=1 Nov 9 06:48:40 server83 aibolit_wrapper[29786]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626511207925400.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626511207929466.txt --progress=/tmp/malware_cleaner_progress_17626511207928984.json --csv_result=/tmp/revisium_csvfile_17626511207929220.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:48:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.223 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50339 DPT=9781 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:48:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:48:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8796 SEQ=1 Nov 9 06:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20345 SEQ=1 Nov 9 06:48:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=142.93.36.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=19945 PROTO=TCP SPT=61015 DPT=8888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:48:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=816 SEQ=1 Nov 9 06:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9428 SEQ=1 Nov 9 06:48:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:48:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:48:52 server83 letsencrypt.live.cgi: time="2025-11-09T06:48:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dravyafoundation WantedNames="[]" Nov 9 06:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45498 SEQ=1 Nov 9 06:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64606 SEQ=1 Nov 9 06:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24896 SEQ=1 Nov 9 06:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48849 SEQ=1 Nov 9 06:48:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.241 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49632 DPT=49081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4949] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4954] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4955] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4959] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4969] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4972] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:48:59 server83 NetworkManager[922]: <info> [1762651139.4984] dhcp4 (eth1): dhclient started with pid 30181 Nov 9 06:48:59 server83 dhclient[30181]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x17686a36) Nov 9 06:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41965 SEQ=1 Nov 9 06:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22919 SEQ=1 Nov 9 06:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:49:01 server83 systemd: Started Session 307933 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307937 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307934 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307939 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307938 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307935 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307936 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307940 of user root. Nov 9 06:49:01 server83 systemd: Started Session 307941 of user root. Nov 9 06:49:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7735 DF PROTO=TCP SPT=60627 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:02 server83 dhclient[30181]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x17686a36) Nov 9 06:49:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=42105 DF PROTO=ICMP TYPE=8 CODE=0 ID=54090 SEQ=57446 Nov 9 06:49:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46419 PROTO=TCP SPT=58603 DPT=7777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25214 SEQ=1 Nov 9 06:49:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7736 DF PROTO=TCP SPT=60627 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45461 SEQ=1 Nov 9 06:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7737 DF PROTO=TCP SPT=60627 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=20282 PROTO=TCP SPT=43339 DPT=29544 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:06 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:49:06 server83 systemd: Stopped Status Update Service. Nov 9 06:49:06 server83 systemd: Started Status Update Service. Nov 9 06:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56705 SEQ=1 Nov 9 06:49:07 server83 letsencrypt.live.cgi: time="2025-11-09T06:49:07+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=globalcryptotrad WantedNames="[]" error="Account is suspended" Nov 9 06:49:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=48140 PROTO=TCP SPT=51146 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:08 server83 dhclient[30181]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x17686a36) Nov 9 06:49:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7738 DF PROTO=TCP SPT=60627 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7739 DF PROTO=TCP SPT=60898 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.215.0.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56185 PROTO=TCP SPT=60021 DPT=3388 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7740 DF PROTO=TCP SPT=60898 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=24556 PROTO=TCP SPT=51146 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:16 server83 dhclient[30181]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x17686a36) Nov 9 06:49:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=183.87.44.222 DST=51.210.113.204 LEN=62 TOS=0x08 PREC=0x40 TTL=35 ID=22132 DF PROTO=ICMP TYPE=8 CODE=0 ID=26371 SEQ=64543 Nov 9 06:49:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7741 DF PROTO=TCP SPT=60898 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7742 DF PROTO=TCP SPT=60627 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12388 SEQ=1 Nov 9 06:49:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51896 PROTO=TCP SPT=41860 DPT=4971 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:20 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:49:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30204 SEQ=1 Nov 9 06:49:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7743 DF PROTO=TCP SPT=60898 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30204 SEQ=1 Nov 9 06:49:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=46624 PROTO=TCP SPT=51146 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:22 server83 pam_imunify_daemon.bin: time="2025-11-09T06:49:22+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 06:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51544 SEQ=1 Nov 9 06:49:23 server83 letsencrypt.live.cgi: time="2025-11-09T06:49:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=globaldeliverysy WantedNames="[]" Nov 9 06:49:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37200 SEQ=1 Nov 9 06:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52605 SEQ=1 Nov 9 06:49:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=46348 PROTO=TCP SPT=55975 DPT=7612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7744 DF PROTO=TCP SPT=60898 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:49:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:49:30 server83 dhclient[30181]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x17686a36) Nov 9 06:49:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38173 SEQ=1 Nov 9 06:49:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:49:38 server83 letsencrypt.live.cgi: time="2025-11-09T06:49:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sitashir WantedNames="[]" Nov 9 06:49:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38678 PROTO=TCP SPT=45727 DPT=32632 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:49:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21375 SEQ=1 Nov 9 06:49:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.32 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=2336 PROTO=TCP SPT=41909 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37716 SEQ=1 Nov 9 06:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31137 SEQ=1 Nov 9 06:49:42 server83 dhclient[30181]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x17686a36) Nov 9 06:49:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52066 PROTO=TCP SPT=38578 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.193.170 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=4976 PROTO=TCP SPT=60804 DPT=4840 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:44 server83 NetworkManager[922]: <warn> [1762651184.4381] dhcp4 (eth1): request timed out Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4381] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4460] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 30181 Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4460] dhcp4 (eth1): state changed timeout -> done Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4463] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:49:44 server83 NetworkManager[922]: <warn> [1762651184.4470] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4473] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4509] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4514] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4515] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4520] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4532] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4535] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:49:44 server83 NetworkManager[922]: <info> [1762651184.4548] dhcp4 (eth1): dhclient started with pid 31585 Nov 9 06:49:44 server83 dhclient[31585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x82ab7bc) Nov 9 06:49:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=11074 PROTO=TCP SPT=50272 DPT=16153 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:49:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.172.37 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7202 DF PROTO=TCP SPT=47961 DPT=1995 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:49:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14738 SEQ=1 Nov 9 06:49:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1426 SEQ=1 Nov 9 06:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40486 SEQ=1 Nov 9 06:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18832 SEQ=1 Nov 9 06:49:50 server83 dhclient[31585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x82ab7bc) Nov 9 06:49:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.96.40 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=47630 PROTO=TCP SPT=57583 DPT=953 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42315 PROTO=TCP SPT=43068 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39945 SEQ=1 Nov 9 06:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53102 PROTO=TCP SPT=60479 DPT=8865 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:49:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18832 SEQ=1 Nov 9 06:49:54 server83 letsencrypt.live.cgi: time="2025-11-09T06:49:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hrdimmigration WantedNames="[]" Nov 9 06:50:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48099 SEQ=1 Nov 9 06:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:50:01 server83 systemd: Started Session 307942 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307944 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307946 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307945 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307948 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307943 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307949 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307950 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307951 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307952 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307947 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307953 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307954 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307955 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307957 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307958 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307960 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307959 of user root. Nov 9 06:50:01 server83 systemd: Started Session 307956 of user root. Nov 9 06:50:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48361 SEQ=1 Nov 9 06:50:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2690 SEQ=1 Nov 9 06:50:04 server83 dhclient[31585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x82ab7bc) Nov 9 06:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=61.43.117.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=53216 PROTO=TCP SPT=56327 DPT=2323 WINDOW=59959 RES=0x00 SYN URGP=0 Nov 9 06:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47384 SEQ=1 Nov 9 06:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14413 SEQ=1 Nov 9 06:50:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.148.250 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=6400 DF PROTO=TCP SPT=43927 DPT=2717 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:50:16 server83 dhclient[31585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x82ab7bc) Nov 9 06:50:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.23 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=4381 PROTO=TCP SPT=49912 DPT=1200 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:50:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53542 SEQ=1 Nov 9 06:50:18 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:50:18 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:50:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23183 SEQ=1 Nov 9 06:50:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.194.250.113 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5055 DF PROTO=TCP SPT=47950 DPT=3964 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:50:19 server83 letsencrypt.live.cgi: time="2025-11-09T06:50:19+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=shelltestdemo WantedNames="[]" error="Account is suspended" Nov 9 06:50:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=82.3.232.27 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=47 ID=47447 PROTO=UDP SPT=29163 DPT=21741 LEN=520 Nov 9 06:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24404 SEQ=1 Nov 9 06:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44917 SEQ=1 Nov 9 06:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43934 SEQ=1 Nov 9 06:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27624 SEQ=1 Nov 9 06:50:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:50:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5736 SEQ=1 Nov 9 06:50:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23183 SEQ=1 Nov 9 06:50:26 server83 dhclient[31585]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x82ab7bc) Nov 9 06:50:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.184 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=43361 DF PROTO=TCP SPT=52154 DPT=23581 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31568 PROTO=TCP SPT=43739 DPT=2431 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:50:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.122 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54352 DPT=9221 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:50:29 server83 NetworkManager[922]: <warn> [1762651229.4513] dhcp4 (eth1): request timed out Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4674] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31585 Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4676] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:50:29 server83 NetworkManager[922]: <warn> [1762651229.4679] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4681] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4710] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4717] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4726] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4728] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:50:29 server83 NetworkManager[922]: <info> [1762651229.4739] dhcp4 (eth1): dhclient started with pid 458 Nov 9 06:50:29 server83 dhclient[458]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x65b4de7b) Nov 9 06:50:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7745 DF PROTO=TCP SPT=62776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:50:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:50:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:50:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7746 DF PROTO=TCP SPT=62776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:50:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7747 DF PROTO=TCP SPT=62776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12212 SEQ=1 Nov 9 06:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60886 SEQ=1 Nov 9 06:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20494 SEQ=1 Nov 9 06:50:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.224.92.128 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41728 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:50:34 server83 letsencrypt.live.cgi: time="2025-11-09T06:50:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ousamin WantedNames="[]" error="Account is suspended" Nov 9 06:50:34 server83 dhclient[458]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x65b4de7b) Nov 9 06:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7748 DF PROTO=TCP SPT=62776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=52654 DPT=20257 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5724 SEQ=1 Nov 9 06:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18944 SEQ=1 Nov 9 06:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25382 SEQ=1 Nov 9 06:50:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7749 DF PROTO=TCP SPT=62776 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:50:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:50:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49137 SEQ=1 Nov 9 06:50:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40546 SEQ=1 Nov 9 06:50:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49137 SEQ=1 Nov 9 06:50:48 server83 dhclient[458]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x65b4de7b) Nov 9 06:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56089 SEQ=1 Nov 9 06:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5771 SEQ=1 Nov 9 06:50:50 server83 letsencrypt.live.cgi: time="2025-11-09T06:50:50+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vipulind WantedNames="[]" error="Account is suspended" Nov 9 06:50:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.98.252 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40467 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:50:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.213.86 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3675 DF PROTO=TCP SPT=39228 DPT=5363 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:50:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3442 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:51:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.129 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55236 DPT=48604 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.235.121.84 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=5065 PROTO=TCP SPT=38715 DPT=3011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:51:01 server83 systemd: Started Session 307961 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307962 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307963 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307964 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307966 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307967 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307965 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307968 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307969 of user root. Nov 9 06:51:01 server83 systemd: Started Session 307970 of user root. Nov 9 06:51:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=14844 DF PROTO=ICMP TYPE=8 CODE=0 ID=61422 SEQ=22627 Nov 9 06:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14058 SEQ=1 Nov 9 06:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19014 SEQ=1 Nov 9 06:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22843 SEQ=1 Nov 9 06:51:05 server83 letsencrypt.live.cgi: time="2025-11-09T06:51:05+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=aimym2022 WantedNames="[]" error="Account is suspended" Nov 9 06:51:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=22184 DF PROTO=ICMP TYPE=8 CODE=0 ID=21018 SEQ=35862 Nov 9 06:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11340 SEQ=1 Nov 9 06:51:07 server83 dhclient[458]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x65b4de7b) Nov 9 06:51:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.164.107.6 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=21137 PROTO=TCP SPT=34562 DPT=12345 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=202 SEQ=1 Nov 9 06:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19014 SEQ=1 Nov 9 06:51:14 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 06:51:14 server83 NetworkManager[922]: <warn> [1762651274.4395] dhcp4 (eth1): request timed out Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4396] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4555] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 458 Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4555] dhcp4 (eth1): state changed timeout -> done Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4557] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:51:14 server83 NetworkManager[922]: <warn> [1762651274.4562] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4564] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4595] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4599] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4600] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4604] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4613] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4616] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:51:14 server83 NetworkManager[922]: <info> [1762651274.4632] dhcp4 (eth1): dhclient started with pid 2415 Nov 9 06:51:14 server83 dhclient[2415]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5a38c788) Nov 9 06:51:20 server83 letsencrypt.live.cgi: time="2025-11-09T06:51:20+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=naneshacademy WantedNames="[]" error="Account is suspended" Nov 9 06:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14989 SEQ=1 Nov 9 06:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40514 SEQ=1 Nov 9 06:51:22 server83 dhclient[2415]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x5a38c788) Nov 9 06:51:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14989 SEQ=1 Nov 9 06:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=34548 DF PROTO=ICMP TYPE=8 CODE=0 ID=4839 SEQ=62843 Nov 9 06:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10028 SEQ=1 Nov 9 06:51:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.200 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50374 DPT=8813 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60667 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:35 server83 letsencrypt.live.cgi: time="2025-11-09T06:51:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=swiftinvestpro WantedNames="[]" Nov 9 06:51:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2957 SEQ=1 Nov 9 06:51:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35841 SEQ=1 Nov 9 06:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65208 SEQ=1 Nov 9 06:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41434 SEQ=1 Nov 9 06:51:38 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41434 SEQ=1 Nov 9 06:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50056 SEQ=1 Nov 9 06:51:40 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.248 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=34 ID=51368 PROTO=UDP SPT=10005 DPT=23872 LEN=35 Nov 9 06:51:41 server83 dhclient[2415]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x5a38c788) Nov 9 06:51:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47316 DPT=3780 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:43 server83 systemd: Starting FindPro Task Scheduler... Nov 9 06:51:43 server83 systemd: Failed at step CHDIR spawning /usr/bin/php: No such file or directory Nov 9 06:51:43 server83 systemd: findpro_scheduler.service: main process exited, code=exited, status=200/CHDIR Nov 9 06:51:43 server83 systemd: Failed to start FindPro Task Scheduler. Nov 9 06:51:43 server83 systemd: Unit findpro_scheduler.service entered failed state. Nov 9 06:51:43 server83 systemd: findpro_scheduler.service failed. Nov 9 06:51:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:51:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24512 PROTO=TCP SPT=33588 DPT=9818 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51013 SEQ=1 Nov 9 06:51:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44824 SEQ=1 Nov 9 06:51:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.84.60 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=16274 PROTO=TCP SPT=54142 DPT=7788 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58171 SEQ=1 Nov 9 06:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39199 SEQ=1 Nov 9 06:51:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.127 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60474 DPT=3780 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17460 SEQ=1 Nov 9 06:51:51 server83 letsencrypt.live.cgi: time="2025-11-09T06:51:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mssrinternationa WantedNames="[]" Nov 9 06:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39199 SEQ=1 Nov 9 06:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=25131 DF PROTO=ICMP TYPE=8 CODE=0 ID=57502 SEQ=3871 Nov 9 06:51:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=17247 DF PROTO=ICMP TYPE=8 CODE=0 ID=37999 SEQ=20594 Nov 9 06:51:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42790 PROTO=TCP SPT=56698 DPT=8202 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:51:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.191 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=20825 DF PROTO=TCP SPT=41481 DPT=44464 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:51:57 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.49.234 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=5028 DF PROTO=ICMP TYPE=8 CODE=0 ID=34663 SEQ=10573 Nov 9 06:51:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.15 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=56385 DF PROTO=UDP SPT=41302 DPT=2123 LEN=20 Nov 9 06:51:59 server83 NetworkManager[922]: <warn> [1762651319.4512] dhcp4 (eth1): request timed out Nov 9 06:51:59 server83 NetworkManager[922]: <info> [1762651319.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:51:59 server83 NetworkManager[922]: <info> [1762651319.4672] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2415 Nov 9 06:51:59 server83 NetworkManager[922]: <info> [1762651319.4673] dhcp4 (eth1): state changed timeout -> done Nov 9 06:51:59 server83 NetworkManager[922]: <info> [1762651319.4675] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:51:59 server83 NetworkManager[922]: <warn> [1762651319.4678] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:51:59 server83 NetworkManager[922]: <info> [1762651319.4679] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:51:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=138.197.16.14 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=52691 PROTO=TCP SPT=43369 DPT=9081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:52:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36636 SEQ=1 Nov 9 06:52:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=325 SEQ=1 Nov 9 06:52:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18417 PROTO=TCP SPT=42282 DPT=9628 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:52:01 server83 systemd: Started Session 307971 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307972 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307973 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307974 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307975 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307976 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307977 of user root. Nov 9 06:52:01 server83 systemd: Started Session 307979 of user root. Nov 9 06:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:52:01 server83 systemd: Started Session 307978 of user root. Nov 9 06:52:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28680 SEQ=1 Nov 9 06:52:03 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=109.156.7.163 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=7012 PROTO=UDP SPT=54721 DPT=58071 LEN=520 Nov 9 06:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53744 SEQ=1 Nov 9 06:52:07 server83 letsencrypt.live.cgi: time="2025-11-09T06:52:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gurukripa WantedNames="[]" Nov 9 06:52:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54023 SEQ=1 Nov 9 06:52:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:52:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:52:14 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:52:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10778 SEQ=1 Nov 9 06:52:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44705 SEQ=1 Nov 9 06:52:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46039 SEQ=1 Nov 9 06:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.33 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=116 ID=46168 PROTO=TCP SPT=18438 DPT=7218 WINDOW=23499 RES=0x00 SYN URGP=0 Nov 9 06:52:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.73 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=30445 DF PROTO=TCP SPT=35197 DPT=5040 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:52:22 server83 letsencrypt.live.cgi: time="2025-11-09T06:52:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=coinnexus WantedNames="[]" Nov 9 06:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44705 SEQ=1 Nov 9 06:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55367 SEQ=1 Nov 9 06:52:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=11528 PROTO=TCP SPT=50795 DPT=22022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:52:29 server83 aibolit_wrapper[4679]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626513498045184.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626513498046780.txt --log=/tmp/malware_cleaner_log_17626513498048794.txt --progress=/tmp/malware_cleaner_progress_17626513498048236.json --csv_result=/tmp/revisium_csvfile_17626513498048492.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 06:52:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47036 SEQ=1 Nov 9 06:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57598 SEQ=1 Nov 9 06:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15530 SEQ=1 Nov 9 06:52:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.39.163.78 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=111 ID=5819 DF PROTO=ICMP TYPE=8 CODE=0 ID=10 SEQ=1 Nov 9 06:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31120 SEQ=1 Nov 9 06:52:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=61917 PROTO=TCP SPT=56956 DPT=8423 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:52:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5565 PROTO=TCP SPT=46370 DPT=1065 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:52:38 server83 letsencrypt.live.cgi: time="2025-11-09T06:52:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hargovindagroipl WantedNames="[]" Nov 9 06:52:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.86.246 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1099 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50891 SEQ=1 Nov 9 06:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47036 SEQ=1 Nov 9 06:52:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:52:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16532 SEQ=1 Nov 9 06:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22982 SEQ=1 Nov 9 06:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12489 SEQ=1 Nov 9 06:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=46.250.172.240 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=8150 DF PROTO=ICMP TYPE=8 CODE=0 ID=56769 SEQ=58860 Nov 9 06:52:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44369 SEQ=1 Nov 9 06:52:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.143 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9439 PROTO=TCP SPT=60693 DPT=9776 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:52:54 server83 letsencrypt.live.cgi: time="2025-11-09T06:52:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pravin WantedNames="[]" Nov 9 06:52:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25242 SEQ=1 Nov 9 06:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:53:01 server83 systemd: Started Session 307980 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307981 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307982 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307984 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307983 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307985 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307986 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307987 of user root. Nov 9 06:53:01 server83 systemd: Started Session 307988 of user root. Nov 9 06:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47670 SEQ=1 Nov 9 06:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=437 SEQ=1 Nov 9 06:53:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51298 SEQ=1 Nov 9 06:53:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=65420 PROTO=TCP SPT=55938 DPT=8184 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:53:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22456 SEQ=1 Nov 9 06:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22456 SEQ=1 Nov 9 06:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=437 SEQ=1 Nov 9 06:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5246 SEQ=1 Nov 9 06:53:10 server83 letsencrypt.live.cgi: time="2025-11-09T06:53:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ibarraandassocia WantedNames="[]" Nov 9 06:53:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.22.19.3 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=11934 PROTO=TCP SPT=61009 DPT=8088 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:53:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3441 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:53:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3433 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:53:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55472 SEQ=1 Nov 9 06:53:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29388 SEQ=1 Nov 9 06:53:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33505 SEQ=1 Nov 9 06:53:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14255 SEQ=1 Nov 9 06:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32195 SEQ=1 Nov 9 06:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29388 SEQ=1 Nov 9 06:53:20 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 06:53:21 server83 scripts.sh: Sun Nov 9 06:53:21 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 06:53:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=479 PROTO=TCP SPT=63074 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39029 SEQ=1 Nov 9 06:53:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.200.116.52 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40940 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:53:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5643 SEQ=1 Nov 9 06:53:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=480 PROTO=TCP SPT=63074 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53689 PROTO=TCP SPT=45806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=481 PROTO=TCP SPT=63074 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:53:25 server83 letsencrypt.live.cgi: time="2025-11-09T06:53:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gkpublicschool WantedNames="[]" Nov 9 06:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.120 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56722 PROTO=TCP SPT=54916 DPT=1880 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:53:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53691 PROTO=TCP SPT=45806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:53:28 server83 pam_imunify_daemon.bin: time="2025-11-09T06:53:28+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 06:53:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53693 PROTO=TCP SPT=45806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:53:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20160 SEQ=1 Nov 9 06:53:41 server83 letsencrypt.live.cgi: time="2025-11-09T06:53:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jpselete WantedNames="[]" Nov 9 06:53:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7750 DF PROTO=TCP SPT=65523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:53:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7751 DF PROTO=TCP SPT=65523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:53:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.127 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57229 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:53:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:53:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7752 DF PROTO=TCP SPT=65523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:53:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.81 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=5915 DF PROTO=TCP SPT=15522 DPT=4433 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:53:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60982 SEQ=1 Nov 9 06:53:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7753 DF PROTO=TCP SPT=65523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14872 SEQ=1 Nov 9 06:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16057 SEQ=1 Nov 9 06:53:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=36768 DF PROTO=ICMP TYPE=8 CODE=0 ID=29366 SEQ=41780 Nov 9 06:53:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5075 SEQ=1 Nov 9 06:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47458 SEQ=1 Nov 9 06:53:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60408 PROTO=TCP SPT=58603 DPT=33389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7754 DF PROTO=TCP SPT=65523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36326 PROTO=TCP SPT=54739 DPT=2587 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.42 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54369 DPT=3344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:54:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:54:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:54:01 server83 systemd: Started Session 307990 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307989 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307991 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307994 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307995 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307993 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307992 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307996 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307997 of user root. Nov 9 06:54:01 server83 systemd: Started Session 307998 of user root. Nov 9 06:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27433 SEQ=1 Nov 9 06:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61918 SEQ=1 Nov 9 06:54:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3440 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:54:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64376 PROTO=TCP SPT=49956 DPT=25147 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:54:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65082 SEQ=1 Nov 9 06:54:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1846 SEQ=1 Nov 9 06:54:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61918 SEQ=1 Nov 9 06:54:07 server83 letsencrypt.live.cgi: time="2025-11-09T06:54:07+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=jointrwwealth WantedNames="[]" error="Account is suspended" Nov 9 06:54:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30793 PROTO=TCP SPT=46370 DPT=2496 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65082 SEQ=1 Nov 9 06:54:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1846 SEQ=1 Nov 9 06:54:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.75 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56423 DPT=3014 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:54:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:54:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.26 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=43050 PROTO=TCP SPT=27676 DPT=2455 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26814 SEQ=1 Nov 9 06:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16103 SEQ=1 Nov 9 06:54:22 server83 letsencrypt.live.cgi: time="2025-11-09T06:54:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=growthwe WantedNames="[]" Nov 9 06:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10101 SEQ=1 Nov 9 06:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47424 SEQ=1 Nov 9 06:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8994 SEQ=1 Nov 9 06:54:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42373 PROTO=TCP SPT=38900 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20181 SEQ=1 Nov 9 06:54:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=16722 PROTO=TCP SPT=58677 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=41523 DF PROTO=ICMP TYPE=8 CODE=0 ID=40848 SEQ=15349 Nov 9 06:54:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=16723 PROTO=TCP SPT=58677 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=42068 PROTO=TCP SPT=48107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=16724 PROTO=TCP SPT=58677 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57911 SEQ=1 Nov 9 06:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2910 SEQ=1 Nov 9 06:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27178 SEQ=1 Nov 9 06:54:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=42069 PROTO=TCP SPT=48107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51687 SEQ=1 Nov 9 06:54:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=16725 PROTO=TCP SPT=58677 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=42070 PROTO=TCP SPT=48107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=16726 PROTO=TCP SPT=58677 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=42071 PROTO=TCP SPT=48107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:39 server83 letsencrypt.live.cgi: time="2025-11-09T06:54:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=translinkcourier WantedNames="[]" Nov 9 06:54:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=42072 PROTO=TCP SPT=48107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:54:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.40 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=8858 PROTO=TCP SPT=49233 DPT=7547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40376 SEQ=1 Nov 9 06:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48748 SEQ=1 Nov 9 06:54:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.38 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1293 PROTO=TCP SPT=49120 DPT=3392 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12086 SEQ=1 Nov 9 06:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48748 SEQ=1 Nov 9 06:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62251 SEQ=1 Nov 9 06:54:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=128.14.231.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=47008 DPT=6007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63859 SEQ=1 Nov 9 06:54:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.247.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47395 DPT=16993 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:54:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.144 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=35440 PROTO=TCP SPT=58160 DPT=18246 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:54:55 server83 letsencrypt.live.cgi: time="2025-11-09T06:54:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=primcapital WantedNames="[]" Nov 9 06:55:01 server83 systemd: Started Session 307999 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308000 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308001 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308002 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308003 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308005 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308006 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308008 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308004 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308007 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308009 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308011 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308012 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308010 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308014 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308013 of user root. Nov 9 06:55:01 server83 systemd: Started Session 308015 of user root. Nov 9 06:55:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.252.233 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=6328 DF PROTO=TCP SPT=38327 DPT=3297 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:55:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41369 SEQ=1 Nov 9 06:55:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3439 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27852 SEQ=1 Nov 9 06:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22003 SEQ=1 Nov 9 06:55:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.136 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=8344 PROTO=TCP SPT=17985 DPT=8913 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15439 SEQ=1 Nov 9 06:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60717 SEQ=1 Nov 9 06:55:10 server83 letsencrypt.live.cgi: time="2025-11-09T06:55:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=supercar WantedNames="[]" Nov 9 06:55:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38808 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:55:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12870 PROTO=TCP SPT=36770 DPT=7164 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:55:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.172 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53715 DPT=8809 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:55:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:55:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51145 SEQ=1 Nov 9 06:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61897 SEQ=1 Nov 9 06:55:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47017 PROTO=TCP SPT=46370 DPT=1731 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29032 SEQ=1 Nov 9 06:55:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38139 PROTO=TCP SPT=37464 DPT=9723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37778 SEQ=1 Nov 9 06:55:26 server83 letsencrypt.live.cgi: time="2025-11-09T06:55:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=drdennymichele WantedNames="[]" Nov 9 06:55:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:29 server83 systemd: Started Session c2844 of user root. Nov 9 06:55:30 server83 scripts.sh: Load Average: 2.09 , 3.06 Nov 9 06:55:30 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 06:55:30 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 06:55:30 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 06:55:30 server83 scripts.sh: HTTPD Status: inactive Nov 9 06:55:30 server83 scripts.sh: MySQL Status: active Nov 9 06:55:30 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 06:55:30 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 06:55:30 server83 scripts.sh: SSHD Status: active Nov 9 06:55:30 server83 scripts.sh: FTP Status: active Nov 9 06:55:30 server83 scripts.sh: LiteSpeed Status: Active Nov 9 06:55:30 server83 scripts.sh: Imunify Status: Active Nov 9 06:55:30 server83 scripts.sh: cPanel Status: active Nov 9 06:55:30 server83 scripts.sh: Memory Status: 12/31 GB - 40.26% Nov 9 06:55:30 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 06:55:30 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 06:55:30 server83 scripts.sh: Local Version: 4.4.5 Nov 9 06:55:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3438 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65127 SEQ=1 Nov 9 06:55:38 server83 pam_imunify_daemon.bin: time="2025-11-09T06:55:38+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 06:55:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30942 SEQ=1 Nov 9 06:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18296 PROTO=TCP SPT=51534 DPT=5678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12035 PROTO=TCP SPT=51534 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:41 server83 letsencrypt.live.cgi: time="2025-11-09T06:55:41+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sheatcollege WantedNames="[]" error="Account is suspended" Nov 9 06:55:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53705 PROTO=TCP SPT=51534 DPT=1111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25316 PROTO=TCP SPT=51534 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32445 PROTO=TCP SPT=51534 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=226 PROTO=TCP SPT=51534 DPT=8118 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:55:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:55:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15037 SEQ=1 Nov 9 06:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48187 SEQ=1 Nov 9 06:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60002 SEQ=1 Nov 9 06:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57631 SEQ=1 Nov 9 06:55:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13152 SEQ=1 Nov 9 06:55:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53460 PROTO=TCP SPT=51534 DPT=1080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.165 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=9935 PROTO=TCP SPT=55958 DPT=5289 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27142 PROTO=TCP SPT=51534 DPT=8082 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:55:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:55:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:55:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=305 PROTO=TCP SPT=40207 DPT=3945 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:55:57 server83 letsencrypt.live.cgi: time="2025-11-09T06:55:57+05:30" level=error msg="Failed to process AutoSSL" Username=proindividuals error="Experienced fatal pre-flight error for proindividuals: User is over quota: proindividuals (<nil>)" Nov 9 06:55:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.112 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53425 DPT=9038 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:55:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29624 PROTO=TCP SPT=51534 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42754 PROTO=TCP SPT=51534 DPT=4153 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49094 PROTO=TCP SPT=51534 DPT=8989 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:56:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 06:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:56:01 server83 systemd: Started Session 308016 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308018 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308017 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308019 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308020 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308022 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308021 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308023 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308024 of user root. Nov 9 06:56:01 server83 systemd: Started Session 308025 of user root. Nov 9 06:56:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=136 SEQ=1 Nov 9 06:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5476 SEQ=1 Nov 9 06:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52611 DPT=8801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=8658 PROTO=TCP SPT=36531 DPT=5102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.117.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17976 PROTO=TCP SPT=48609 DPT=4145 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62930 SEQ=1 Nov 9 06:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62930 SEQ=1 Nov 9 06:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62566 SEQ=1 Nov 9 06:56:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:56:12 server83 letsencrypt.live.cgi: time="2025-11-09T06:56:12+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=apurbadigital WantedNames="[]" error="Account is suspended" Nov 9 06:56:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:56:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26404 PROTO=TCP SPT=51534 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16937 PROTO=TCP SPT=50272 DPT=21486 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:56:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.109 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61114 PROTO=TCP SPT=51534 DPT=4145 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60722 SEQ=1 Nov 9 06:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41565 SEQ=1 Nov 9 06:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33628 SEQ=1 Nov 9 06:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47314 SEQ=1 Nov 9 06:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47314 SEQ=1 Nov 9 06:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17584 SEQ=1 Nov 9 06:56:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=775 PROTO=TCP SPT=51577 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7 SEQ=1 Nov 9 06:56:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=30587 PROTO=TCP SPT=51577 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=49262 PROTO=TCP SPT=32863 DPT=1138 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.182 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49765 DPT=40005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.223 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54648 DPT=9798 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:27 server83 letsencrypt.live.cgi: time="2025-11-09T06:56:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ramdular WantedNames="[]" Nov 9 06:56:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.189.153 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16854 DF PROTO=TCP SPT=43747 DPT=9000 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 06:56:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=47217 PROTO=TCP SPT=51577 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65484 PROTO=TCP SPT=49956 DPT=28974 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:56:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3151 SEQ=1 Nov 9 06:56:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58798 SEQ=1 Nov 9 06:56:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4623 SEQ=1 Nov 9 06:56:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16305 SEQ=1 Nov 9 06:56:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3151 SEQ=1 Nov 9 06:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=890 SEQ=1 Nov 9 06:56:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.75 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=46968 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:43 server83 letsencrypt.live.cgi: time="2025-11-09T06:56:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=devlokhospital WantedNames="[]" Nov 9 06:56:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=48922 PROTO=TCP SPT=48697 DPT=23922 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:56:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.199 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52501 DPT=20001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10430 SEQ=1 Nov 9 06:56:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10430 SEQ=1 Nov 9 06:56:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:56:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:56:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42540 SEQ=1 Nov 9 06:56:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.161 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47541 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6196 SEQ=1 Nov 9 06:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6196 SEQ=1 Nov 9 06:56:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10389 PROTO=TCP SPT=56337 DPT=100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:56:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=11198 PROTO=TCP SPT=39461 DPT=42409 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:56:58 server83 letsencrypt.live.cgi: time="2025-11-09T06:56:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dubiapolicedep WantedNames="[]" Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4401] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4406] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4407] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4410] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4420] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4423] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:56:59 server83 NetworkManager[922]: <info> [1762651619.4439] dhcp4 (eth1): dhclient started with pid 12734 Nov 9 06:56:59 server83 dhclient[12734]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x3ab9e055) Nov 9 06:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:57:01 server83 systemd: Started Session 308028 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308027 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308030 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308031 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308026 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308029 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308033 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308032 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308034 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308035 of user root. Nov 9 06:57:01 server83 systemd: Started Session 308036 of user root. Nov 9 06:57:02 server83 dhclient[12734]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3ab9e055) Nov 9 06:57:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50141 PROTO=TCP SPT=43739 DPT=2574 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:57:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13741 SEQ=1 Nov 9 06:57:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60751 SEQ=1 Nov 9 06:57:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6615 SEQ=1 Nov 9 06:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65441 SEQ=1 Nov 9 06:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12608 SEQ=1 Nov 9 06:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13741 SEQ=1 Nov 9 06:57:09 server83 dhclient[12734]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x3ab9e055) Nov 9 06:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12608 SEQ=1 Nov 9 06:57:14 server83 letsencrypt.live.cgi: time="2025-11-09T06:57:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=andrewfreil WantedNames="[]" Nov 9 06:57:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 06:57:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 06:57:16 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 06:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60850 SEQ=1 Nov 9 06:57:22 server83 dhclient[12734]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x3ab9e055) Nov 9 06:57:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64174 SEQ=1 Nov 9 06:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27463 SEQ=1 Nov 9 06:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47622 SEQ=1 Nov 9 06:57:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:57:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7755 DF PROTO=TCP SPT=54458 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=9821 PROTO=TCP SPT=53762 DPT=44333 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:57:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7756 DF PROTO=TCP SPT=54458 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7757 DF PROTO=TCP SPT=54458 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:30 server83 letsencrypt.live.cgi: time="2025-11-09T06:57:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ideasncr WantedNames="[]" Nov 9 06:57:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48369 SEQ=1 Nov 9 06:57:31 server83 dhclient[12734]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x3ab9e055) Nov 9 06:57:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7758 DF PROTO=TCP SPT=54458 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=52141 PROTO=TCP SPT=56506 DPT=3388 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:57:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.161 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56520 DPT=8881 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:57:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17279 SEQ=1 Nov 9 06:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14848 SEQ=1 Nov 9 06:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48369 SEQ=1 Nov 9 06:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4072 SEQ=1 Nov 9 06:57:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3431 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49258 SEQ=1 Nov 9 06:57:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7759 DF PROTO=TCP SPT=54458 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7760 DF PROTO=TCP SPT=54855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52966 PROTO=TCP SPT=43448 DPT=2706 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:57:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7761 DF PROTO=TCP SPT=54855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7762 DF PROTO=TCP SPT=54855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:44 server83 dhclient[12734]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3ab9e055) Nov 9 06:57:44 server83 NetworkManager[922]: <warn> [1762651664.4513] dhcp4 (eth1): request timed out Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12734 Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:57:44 server83 NetworkManager[922]: <warn> [1762651664.4598] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4600] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4628] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4630] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4630] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4632] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4641] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4643] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:57:44 server83 NetworkManager[922]: <info> [1762651664.4653] dhcp4 (eth1): dhclient started with pid 13945 Nov 9 06:57:44 server83 dhclient[13945]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x592c8277) Nov 9 06:57:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27200 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:57:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27201 PROTO=TCP SPT=47678 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:57:45 server83 letsencrypt.live.cgi: time="2025-11-09T06:57:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cecsinfra WantedNames="[]" Nov 9 06:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56589 PROTO=TCP SPT=35281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:57:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7763 DF PROTO=TCP SPT=54855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:57:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40504 SEQ=1 Nov 9 06:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17627 SEQ=1 Nov 9 06:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36464 SEQ=1 Nov 9 06:57:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56593 PROTO=TCP SPT=35281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39584 SEQ=1 Nov 9 06:57:52 server83 dhclient[13945]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x592c8277) Nov 9 06:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28655 SEQ=1 Nov 9 06:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39584 SEQ=1 Nov 9 06:57:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60595 SEQ=1 Nov 9 06:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7764 DF PROTO=TCP SPT=54855 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:57:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2980 PROTO=TCP SPT=48783 DPT=4321 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:58:01 server83 systemd: Started Session 308037 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308038 of user root. Nov 9 06:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 06:58:01 server83 systemd: Started Session 308042 of user metalarts. Nov 9 06:58:01 server83 systemd: Started Session 308039 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308040 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308041 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308043 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308044 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308045 of user root. Nov 9 06:58:01 server83 systemd: Started Session 308046 of user root. Nov 9 06:58:01 server83 letsencrypt.live.cgi: time="2025-11-09T06:58:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jalinfoh WantedNames="[]" Nov 9 06:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 06:58:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40168 SEQ=1 Nov 9 06:58:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27655 SEQ=1 Nov 9 06:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22706 SEQ=1 Nov 9 06:58:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4888 SEQ=1 Nov 9 06:58:07 server83 dhclient[13945]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x592c8277) Nov 9 06:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28873 SEQ=1 Nov 9 06:58:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44352 PROTO=TCP SPT=49956 DPT=25761 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:58:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:58:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7765 DF PROTO=TCP SPT=55726 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:58:16 server83 letsencrypt.live.cgi: time="2025-11-09T06:58:16+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=kashimahakalagro WantedNames="[]" error="Account is suspended" Nov 9 06:58:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7766 DF PROTO=TCP SPT=55726 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:58:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36475 SEQ=1 Nov 9 06:58:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26518 SEQ=1 Nov 9 06:58:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9275 SEQ=1 Nov 9 06:58:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7767 DF PROTO=TCP SPT=55726 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:58:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27930 SEQ=1 Nov 9 06:58:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.171 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52734 DPT=8009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 06:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 06:58:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27930 SEQ=1 Nov 9 06:58:21 server83 dhclient[13945]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x592c8277) Nov 9 06:58:22 server83 imunify-auditd-log-reader[9638]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 06:58:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40346 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:58:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7768 DF PROTO=TCP SPT=55726 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:58:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=142.93.157.82 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53763 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:58:25 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 06:58:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.133 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4277 PROTO=TCP SPT=1979 DPT=1912 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:58:29 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 06:58:29 server83 NetworkManager[922]: <warn> [1762651709.4503] dhcp4 (eth1): request timed out Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13945 Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:58:29 server83 NetworkManager[922]: <warn> [1762651709.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4594] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4628] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4633] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4634] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4637] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4648] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4651] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:58:29 server83 NetworkManager[922]: <info> [1762651709.4663] dhcp4 (eth1): dhclient started with pid 15053 Nov 9 06:58:29 server83 dhclient[15053]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x2c78c99c) Nov 9 06:58:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7344 PROTO=TCP SPT=36402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=7769 DF PROTO=TCP SPT=55726 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 06:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=64280 SEQ=51753 Nov 9 06:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57845 SEQ=1 Nov 9 06:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=48604 SEQ=51810 Nov 9 06:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=17318 SEQ=51892 Nov 9 06:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.206 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=5521 SEQ=51954 Nov 9 06:58:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:58:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7345 PROTO=TCP SPT=36402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:32 server83 letsencrypt.live.cgi: time="2025-11-09T06:58:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=drbrambe WantedNames="[]" Nov 9 06:58:32 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 06:58:32 server83 dhclient[15053]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2c78c99c) Nov 9 06:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51153 PROTO=TCP SPT=42701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7346 PROTO=TCP SPT=36402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=58762 DPT=33434 LEN=48 Nov 9 06:58:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=56255 DPT=33434 LEN=48 Nov 9 06:58:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=38960 DPT=33434 LEN=48 Nov 9 06:58:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=47958 DPT=33434 LEN=48 Nov 9 06:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9845 SEQ=1 Nov 9 06:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51155 PROTO=TCP SPT=42701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7348 PROTO=TCP SPT=36402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=26576 DPT=33434 LEN=48 Nov 9 06:58:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.206 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=39057 DPT=33434 LEN=48 Nov 9 06:58:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.207 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=14627 DPT=33434 LEN=48 Nov 9 06:58:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.208 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=6026 DPT=33434 LEN=48 Nov 9 06:58:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=39577 DPT=33434 LEN=48 Nov 9 06:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60945 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:58:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51156 PROTO=TCP SPT=42701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:36 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 06:58:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51157 PROTO=TCP SPT=42701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 06:58:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=1026 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49730 SEQ=1 Nov 9 06:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33682 SEQ=1 Nov 9 06:58:37 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 06:58:37 server83 systemd: Stopped Status Update Service. Nov 9 06:58:37 server83 systemd: Started Status Update Service. Nov 9 06:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15511 SEQ=1 Nov 9 06:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7651 SEQ=1 Nov 9 06:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49730 SEQ=1 Nov 9 06:58:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=15737 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 06:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33682 SEQ=1 Nov 9 06:58:40 server83 dhclient[15053]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2c78c99c) Nov 9 06:58:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=52143 PROTO=TCP SPT=47515 DPT=2381 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.165.191.27 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=60100 PROTO=TCP SPT=29011 DPT=7779 WINDOW=57351 RES=0x00 SYN URGP=0 Nov 9 06:58:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:58:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:58:47 server83 letsencrypt.live.cgi: time="2025-11-09T06:58:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=primik WantedNames="[]" Nov 9 06:58:48 server83 dhclient[15053]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x2c78c99c) Nov 9 06:58:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54976 PROTO=TCP SPT=48697 DPT=35104 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34284 SEQ=1 Nov 9 06:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11670 SEQ=1 Nov 9 06:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65399 SEQ=1 Nov 9 06:58:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=62148 PROTO=TCP SPT=47254 DPT=4771 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:58:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3437 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:58:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34488 SEQ=1 Nov 9 06:58:59 server83 pam_imunify_daemon.bin: time="2025-11-09T06:58:59+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 06:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 06:59:01 server83 systemd: Started Session 308047 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308050 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308049 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308052 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308048 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308053 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308054 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308051 of user root. Nov 9 06:59:01 server83 systemd: Started Session 308055 of user root. Nov 9 06:59:03 server83 dhclient[15053]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x2c78c99c) Nov 9 06:59:04 server83 letsencrypt.live.cgi: time="2025-11-09T06:59:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gstshine WantedNames="[]" Nov 9 06:59:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6390 SEQ=1 Nov 9 06:59:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6390 SEQ=1 Nov 9 06:59:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5766 SEQ=1 Nov 9 06:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37062 PROTO=TCP SPT=49956 DPT=29867 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57559 SEQ=1 Nov 9 06:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.108 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=38892 PROTO=TCP SPT=8582 DPT=26822 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 06:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47333 SEQ=1 Nov 9 06:59:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33798 SEQ=1 Nov 9 06:59:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40509 PROTO=TCP SPT=39428 DPT=4647 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:59:12 server83 dhclient[15053]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x2c78c99c) Nov 9 06:59:14 server83 NetworkManager[922]: <warn> [1762651754.4400] dhcp4 (eth1): request timed out Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4400] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4560] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15053 Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4560] dhcp4 (eth1): state changed timeout -> done Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4562] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:59:14 server83 NetworkManager[922]: <warn> [1762651754.4566] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4568] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4599] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4603] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4604] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4607] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4617] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4620] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 06:59:14 server83 NetworkManager[922]: <info> [1762651754.4631] dhcp4 (eth1): dhclient started with pid 16230 Nov 9 06:59:14 server83 dhclient[16230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x7794e114) Nov 9 06:59:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24616 SEQ=1 Nov 9 06:59:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26670 SEQ=1 Nov 9 06:59:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20594 SEQ=1 Nov 9 06:59:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=42358 DF PROTO=ICMP TYPE=8 CODE=0 ID=40900 SEQ=28640 Nov 9 06:59:18 server83 dhclient[16230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x7794e114) Nov 9 06:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44339 SEQ=1 Nov 9 06:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8882 SEQ=1 Nov 9 06:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20594 SEQ=1 Nov 9 06:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16973 SEQ=1 Nov 9 06:59:24 server83 dhclient[16230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7794e114) Nov 9 06:59:29 server83 letsencrypt.live.cgi: time="2025-11-09T06:59:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=moreactive WantedNames="[]" Nov 9 06:59:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3429 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55508 SEQ=1 Nov 9 06:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23105 SEQ=1 Nov 9 06:59:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3435 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55508 SEQ=1 Nov 9 06:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53004 SEQ=1 Nov 9 06:59:38 server83 auditd[702]: Audit daemon rotating log files Nov 9 06:59:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6655 PROTO=TCP SPT=45727 DPT=34659 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23815 SEQ=1 Nov 9 06:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58227 SEQ=1 Nov 9 06:59:39 server83 dhclient[16230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7794e114) Nov 9 06:59:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12835 PROTO=TCP SPT=45727 DPT=34489 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3436 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51414 DPT=8447 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:59:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50680 DPT=15378 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:59:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.43.158 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5697 DF PROTO=TCP SPT=48222 DPT=2829 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 06:59:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.106.118 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=22244 PROTO=TCP SPT=54322 DPT=8032 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:59:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 06:59:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 06:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37787 SEQ=1 Nov 9 06:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26372 SEQ=1 Nov 9 06:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62154 SEQ=1 Nov 9 06:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16958 SEQ=1 Nov 9 06:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7964 SEQ=1 Nov 9 06:59:51 server83 dhclient[16230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7794e114) Nov 9 06:59:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.163 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53889 DPT=7600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:59:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3428 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45791 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 06:59:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12784 PROTO=TCP SPT=33582 DPT=1163 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 06:59:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33058 PROTO=TCP SPT=45727 DPT=32703 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 06:59:59 server83 NetworkManager[922]: <warn> [1762651799.4521] dhcp4 (eth1): request timed out Nov 9 06:59:59 server83 NetworkManager[922]: <info> [1762651799.4521] dhcp4 (eth1): state changed unknown -> timeout Nov 9 06:59:59 server83 NetworkManager[922]: <info> [1762651799.4600] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16230 Nov 9 06:59:59 server83 NetworkManager[922]: <info> [1762651799.4600] dhcp4 (eth1): state changed timeout -> done Nov 9 06:59:59 server83 NetworkManager[922]: <info> [1762651799.4602] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 06:59:59 server83 NetworkManager[922]: <warn> [1762651799.4606] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 06:59:59 server83 NetworkManager[922]: <info> [1762651799.4608] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 06:59:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.224 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55106 DPT=9874 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:00:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31008 SEQ=1 Nov 9 07:00:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50824 SEQ=1 Nov 9 07:00:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50413 PROTO=TCP SPT=49956 DPT=25163 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:00:01 server83 systemd: Started Session 308058 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308059 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308057 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308056 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308061 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308063 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308062 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308064 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308060 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308067 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308068 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308065 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308066 of user root. Nov 9 07:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 07:00:01 server83 systemd: Started Session 308071 of user sanatanhinduvahi. Nov 9 07:00:01 server83 systemd: Started Session 308072 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308069 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308070 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308073 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308074 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308075 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308077 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308079 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308076 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308078 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308081 of user root. Nov 9 07:00:01 server83 systemd: Started Session 308080 of user root. Nov 9 07:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 07:00:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36694 SEQ=1 Nov 9 07:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38503 PROTO=TCP SPT=41454 DPT=9811 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52757 SEQ=1 Nov 9 07:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52757 SEQ=1 Nov 9 07:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43440 SEQ=1 Nov 9 07:00:05 server83 letsencrypt.live.cgi: time="2025-11-09T07:00:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=royalserviceapan WantedNames="[]" Nov 9 07:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46902 SEQ=1 Nov 9 07:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56752 PROTO=TCP SPT=46370 DPT=2270 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:00:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=3659 PROTO=TCP SPT=50288 DPT=16153 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:00:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:00:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=676 PROTO=TCP SPT=50272 DPT=34162 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34314 SEQ=1 Nov 9 07:00:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.50.16.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=47084 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34314 SEQ=1 Nov 9 07:00:21 server83 letsencrypt.live.cgi: time="2025-11-09T07:00:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=iapcpcom WantedNames="[]" Nov 9 07:00:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:00:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27399 SEQ=1 Nov 9 07:00:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6781 SEQ=1 Nov 9 07:00:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14756 SEQ=1 Nov 9 07:00:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53134 PROTO=TCP SPT=49251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59837 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53135 PROTO=TCP SPT=49251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9969 PROTO=TCP SPT=53284 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53136 PROTO=TCP SPT=49251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53137 PROTO=TCP SPT=49251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53138 PROTO=TCP SPT=49251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9973 PROTO=TCP SPT=53284 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32299 SEQ=1 Nov 9 07:00:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43904 PROTO=TCP SPT=49956 DPT=25030 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:00:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12157 SEQ=1 Nov 9 07:00:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31938 SEQ=1 Nov 9 07:00:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43092 SEQ=1 Nov 9 07:00:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18498 SEQ=1 Nov 9 07:00:36 server83 letsencrypt.live.cgi: time="2025-11-09T07:00:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hyderab3 WantedNames="[]" Nov 9 07:00:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44290 SEQ=1 Nov 9 07:00:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21335 PROTO=TCP SPT=49956 DPT=27713 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:00:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.133 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34118 DPT=1337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:00:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=52805 PROTO=TCP SPT=56256 DPT=8004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=58801 PROTO=TCP SPT=56185 DPT=7906 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:00:44 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:00:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.67 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49324 DPT=943 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:00:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18334 SEQ=1 Nov 9 07:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=43559 DF PROTO=ICMP TYPE=8 CODE=0 ID=41933 SEQ=8952 Nov 9 07:00:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58755 SEQ=1 Nov 9 07:00:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.131 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45283 PROTO=TCP SPT=58322 DPT=44455 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:00:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19984 SEQ=1 Nov 9 07:00:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29698 SEQ=1 Nov 9 07:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63806 SEQ=1 Nov 9 07:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9168 SEQ=1 Nov 9 07:00:55 server83 letsencrypt.live.cgi: time="2025-11-09T07:00:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pksharma WantedNames="[]" Nov 9 07:00:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54026 PROTO=TCP SPT=43936 DPT=8193 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:01:00 server83 PAM-hulk[25438]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 07:01:01 server83 systemd: Started Session 308082 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308084 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308085 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308083 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308086 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308087 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308088 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308089 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308091 of user root. Nov 9 07:01:01 server83 systemd: Started Session 308090 of user root. Nov 9 07:01:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.247.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41772 DPT=1337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:01:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47277 SEQ=1 Nov 9 07:01:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53751 SEQ=1 Nov 9 07:01:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15151 SEQ=1 Nov 9 07:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35084 SEQ=1 Nov 9 07:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36228 SEQ=1 Nov 9 07:01:11 server83 letsencrypt.live.cgi: time="2025-11-09T07:01:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=risegroupfound WantedNames="[]" Nov 9 07:01:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.134 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=141 DF PROTO=TCP SPT=31401 DPT=1025 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:01:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=35592 PROTO=TCP SPT=56114 DPT=7808 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:01:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24825 PROTO=TCP SPT=33553 DPT=8214 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:01:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.165.81.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=4132 PROTO=TCP SPT=36983 DPT=4840 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2299 SEQ=1 Nov 9 07:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38419 SEQ=1 Nov 9 07:01:22 server83 aibolit_wrapper[29018]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626518827488248.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626518827489150.txt --log=/tmp/malware_cleaner_log_17626518827490116.txt --progress=/tmp/malware_cleaner_progress_17626518827489838.json --csv_result=/tmp/revisium_csvfile_17626518827489984.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51968 SEQ=1 Nov 9 07:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52301 SEQ=1 Nov 9 07:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25791 SEQ=1 Nov 9 07:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2299 SEQ=1 Nov 9 07:01:26 server83 letsencrypt.live.cgi: time="2025-11-09T07:01:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jpslawcollegeorg WantedNames="[]" Nov 9 07:01:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4731 SEQ=1 Nov 9 07:01:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58775 SEQ=1 Nov 9 07:01:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.12 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=38387 PROTO=TCP SPT=26200 DPT=25006 WINDOW=21501 RES=0x00 SYN URGP=0 Nov 9 07:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35567 SEQ=1 Nov 9 07:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60222 SEQ=1 Nov 9 07:01:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58645 SEQ=1 Nov 9 07:01:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56906 DPT=9010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35567 SEQ=1 Nov 9 07:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52425 SEQ=1 Nov 9 07:01:42 server83 letsencrypt.live.cgi: time="2025-11-09T07:01:42+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=searchred WantedNames="[]" error="Account is suspended" Nov 9 07:01:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:01:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.188 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=37660 PROTO=TCP SPT=1150 DPT=771 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:01:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14048 PROTO=TCP SPT=35483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14049 PROTO=TCP SPT=35483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65059 SEQ=1 Nov 9 07:01:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21030 PROTO=TCP SPT=53434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33239 SEQ=1 Nov 9 07:01:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14050 PROTO=TCP SPT=35483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:52 server83 pam_imunify_daemon.bin: time="2025-11-09T07:01:52+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 07:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43611 SEQ=1 Nov 9 07:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7038 SEQ=1 Nov 9 07:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43611 SEQ=1 Nov 9 07:01:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21031 PROTO=TCP SPT=53434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14051 PROTO=TCP SPT=35483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53581 SEQ=1 Nov 9 07:01:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:01:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21032 PROTO=TCP SPT=53434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21034 PROTO=TCP SPT=53434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:01:57 server83 letsencrypt.live.cgi: time="2025-11-09T07:01:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ufgservices WantedNames="[]" Nov 9 07:02:01 server83 systemd: Started Session 308093 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308094 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308092 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308095 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308097 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308098 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308096 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308100 of user root. Nov 9 07:02:01 server83 systemd: Started Session 308099 of user root. Nov 9 07:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19619 SEQ=1 Nov 9 07:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36928 SEQ=1 Nov 9 07:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36928 SEQ=1 Nov 9 07:02:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=14397 PROTO=TCP SPT=51075 DPT=4369 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:02:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35300 SEQ=1 Nov 9 07:02:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34249 SEQ=1 Nov 9 07:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12461 DF PROTO=TCP SPT=59774 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12462 DF PROTO=TCP SPT=59774 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30584 PROTO=TCP SPT=50288 DPT=47332 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:02:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12463 DF PROTO=TCP SPT=59774 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:13 server83 letsencrypt.live.cgi: time="2025-11-09T07:02:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bonanzaschool WantedNames="[]" Nov 9 07:02:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44483 SEQ=1 Nov 9 07:02:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12464 DF PROTO=TCP SPT=59774 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:18 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:02:18 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:02:18 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42087 SEQ=1 Nov 9 07:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59476 SEQ=1 Nov 9 07:02:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19182 PROTO=TCP SPT=44430 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37129 SEQ=1 Nov 9 07:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44483 SEQ=1 Nov 9 07:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15171 SEQ=1 Nov 9 07:02:20 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37129 SEQ=1 Nov 9 07:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12465 DF PROTO=TCP SPT=59774 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:28 server83 letsencrypt.live.cgi: time="2025-11-09T07:02:28+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sundaynightteer WantedNames="[]" error="Account is suspended" Nov 9 07:02:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=36242 PROTO=TCP SPT=47716 DPT=3814 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=25931 PROTO=TCP SPT=23195 DPT=5432 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56960 SEQ=1 Nov 9 07:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7831 SEQ=1 Nov 9 07:02:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1100 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21610 SEQ=1 Nov 9 07:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12372 SEQ=1 Nov 9 07:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7831 SEQ=1 Nov 9 07:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1174 SEQ=1 Nov 9 07:02:44 server83 letsencrypt.live.cgi: time="2025-11-09T07:02:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=onlinefc WantedNames="[]" Nov 9 07:02:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43025 SEQ=1 Nov 9 07:02:52 server83 scripts.sh: Sun Nov 9 07:02:52 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64379 SEQ=1 Nov 9 07:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10962 SEQ=1 Nov 9 07:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64194 SEQ=1 Nov 9 07:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26407 SEQ=1 Nov 9 07:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49071 SEQ=1 Nov 9 07:02:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12466 DF PROTO=TCP SPT=60935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.172 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54438 DPT=9385 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:02:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12467 DF PROTO=TCP SPT=60935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.136.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=33 ID=0 DF PROTO=TCP SPT=39154 DPT=6007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:02:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12468 DF PROTO=TCP SPT=60935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:02:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.194.70.253 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=3959 DF PROTO=TCP SPT=42154 DPT=9522 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:02:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:02:59 server83 letsencrypt.live.cgi: time="2025-11-09T07:02:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=stratosjet WantedNames="[]" Nov 9 07:03:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.80 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36492 DPT=20020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60672 SEQ=1 Nov 9 07:03:01 server83 systemd: Started Session 308101 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308102 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308104 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308103 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308105 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308106 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308107 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308108 of user root. Nov 9 07:03:01 server83 systemd: Started Session 308109 of user root. Nov 9 07:03:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12469 DF PROTO=TCP SPT=60935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47403 SEQ=1 Nov 9 07:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1740 SEQ=1 Nov 9 07:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1740 SEQ=1 Nov 9 07:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9164 SEQ=1 Nov 9 07:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60672 SEQ=1 Nov 9 07:03:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12470 DF PROTO=TCP SPT=60935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.89.125.225 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=54618 PROTO=TCP SPT=40742 DPT=8032 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8759 PROTO=TCP SPT=42776 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:03:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dailycollectionc WantedNames="[]" Nov 9 07:03:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37461 PROTO=TCP SPT=49956 DPT=27885 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:03:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59320 SEQ=1 Nov 9 07:03:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14224 SEQ=1 Nov 9 07:03:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61083 PROTO=TCP SPT=34653 DPT=8358 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12471 DF PROTO=TCP SPT=61546 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3427 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:03:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26436 PROTO=TCP SPT=46370 DPT=2417 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:03:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12472 DF PROTO=TCP SPT=61546 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12473 DF PROTO=TCP SPT=61546 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61064 SEQ=1 Nov 9 07:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28399 SEQ=1 Nov 9 07:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28399 SEQ=1 Nov 9 07:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37506 SEQ=1 Nov 9 07:03:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12474 DF PROTO=TCP SPT=61546 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40650 PROTO=TCP SPT=49956 DPT=29705 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:03:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=41844 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:31 server83 letsencrypt.live.cgi: time="2025-11-09T07:03:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=future WantedNames="[]" Nov 9 07:03:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.252 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53197 DPT=9445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42230 SEQ=1 Nov 9 07:03:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12475 DF PROTO=TCP SPT=61546 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51658 SEQ=1 Nov 9 07:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56609 SEQ=1 Nov 9 07:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37067 SEQ=1 Nov 9 07:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18332 SEQ=1 Nov 9 07:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52299 SEQ=1 Nov 9 07:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3760 SEQ=1 Nov 9 07:03:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37714 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6072 PROTO=TCP SPT=41406 DPT=5963 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:03:46 server83 letsencrypt.live.cgi: time="2025-11-09T07:03:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bkaditalia WantedNames="[]" Nov 9 07:03:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:03:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:03:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:03:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55996 SEQ=1 Nov 9 07:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26380 SEQ=1 Nov 9 07:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55996 SEQ=1 Nov 9 07:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26770 SEQ=1 Nov 9 07:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.138.100.143 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=10477 DF PROTO=ICMP TYPE=8 CODE=0 ID=62525 SEQ=18047 Nov 9 07:03:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=6276 PROTO=TCP SPT=48697 DPT=24026 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5445 SEQ=1 Nov 9 07:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32041 SEQ=1 Nov 9 07:03:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58207 PROTO=TCP SPT=36287 DPT=7857 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:04:00 server83 pam_imunify_daemon.bin: time="2025-11-09T07:04:00+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 07:04:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3426 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.159 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=56473 PROTO=TCP SPT=53972 DPT=5061 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:04:01 server83 systemd: Started Session 308110 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308112 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308114 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308113 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308115 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308111 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308116 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308117 of user root. Nov 9 07:04:01 server83 systemd: Started Session 308118 of user root. Nov 9 07:04:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=22677 PROTO=TCP SPT=48697 DPT=48099 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:04:02 server83 letsencrypt.live.cgi: time="2025-11-09T07:04:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mahadeviyapvtiti WantedNames="[]" Nov 9 07:04:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25555 SEQ=1 Nov 9 07:04:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=46157 DF PROTO=ICMP TYPE=8 CODE=0 ID=16206 SEQ=46376 Nov 9 07:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60271 SEQ=1 Nov 9 07:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25683 SEQ=1 Nov 9 07:04:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=64002 PROTO=TCP SPT=52555 DPT=11011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45783 SEQ=1 Nov 9 07:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.167 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54215 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3425 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12476 DF PROTO=TCP SPT=62616 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:04:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12477 DF PROTO=TCP SPT=62616 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:04:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12478 DF PROTO=TCP SPT=62616 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:04:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:04:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6184 SEQ=1 Nov 9 07:04:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10309 SEQ=1 Nov 9 07:04:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12479 DF PROTO=TCP SPT=62616 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:04:18 server83 letsencrypt.live.cgi: time="2025-11-09T07:04:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=zakirhusain WantedNames="[]" Nov 9 07:04:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19892 PROTO=TCP SPT=43448 DPT=2555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10309 SEQ=1 Nov 9 07:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53114 SEQ=1 Nov 9 07:04:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55080 SEQ=1 Nov 9 07:04:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3433 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12480 DF PROTO=TCP SPT=62616 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:04:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57013 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40658 SEQ=1 Nov 9 07:04:34 server83 letsencrypt.live.cgi: time="2025-11-09T07:04:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jikisignerc WantedNames="[]" Nov 9 07:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7058 PROTO=TCP SPT=50288 DPT=16421 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:04:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38956 SEQ=1 Nov 9 07:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.91.30.193 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=52459 DF PROTO=TCP SPT=53483 DPT=16102 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 07:04:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9960 SEQ=1 Nov 9 07:04:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55695 SEQ=1 Nov 9 07:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3220 SEQ=1 Nov 9 07:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40658 SEQ=1 Nov 9 07:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12148 SEQ=1 Nov 9 07:04:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=1936 PROTO=TCP SPT=55917 DPT=7501 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47178 SEQ=1 Nov 9 07:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:04:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:04:49 server83 letsencrypt.live.cgi: time="2025-11-09T07:04:49+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=subidha99 WantedNames="[]" error="Account is suspended" Nov 9 07:04:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=64676 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40734 PROTO=TCP SPT=48008 DPT=7071 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:04:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18247 SEQ=1 Nov 9 07:04:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14335 SEQ=1 Nov 9 07:04:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3424 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15095 SEQ=1 Nov 9 07:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8116 SEQ=1 Nov 9 07:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64005 SEQ=1 Nov 9 07:04:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=64676 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4965] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4968] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4969] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4971] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4980] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4982] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:04:59 server83 NetworkManager[922]: <info> [1762652099.4993] dhcp4 (eth1): dhclient started with pid 24487 Nov 9 07:04:59 server83 dhclient[24487]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x52b3c3a4) Nov 9 07:04:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.86 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=19487 DF PROTO=TCP SPT=38652 DPT=1026 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:05:00 server83 systemd: Started Session c2845 of user root. Nov 9 07:05:00 server83 scripts.sh: Load Average: 4.11 , 3.87 Nov 9 07:05:00 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 07:05:00 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 07:05:00 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 07:05:00 server83 scripts.sh: HTTPD Status: inactive Nov 9 07:05:00 server83 scripts.sh: MySQL Status: active Nov 9 07:05:00 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 07:05:00 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 07:05:00 server83 scripts.sh: SSHD Status: active Nov 9 07:05:00 server83 scripts.sh: FTP Status: active Nov 9 07:05:00 server83 scripts.sh: LiteSpeed Status: Active Nov 9 07:05:00 server83 scripts.sh: Imunify Status: Active Nov 9 07:05:00 server83 scripts.sh: cPanel Status: active Nov 9 07:05:00 server83 scripts.sh: Memory Status: 12/31 GB - 38.75% Nov 9 07:05:00 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 07:05:00 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 07:05:00 server83 scripts.sh: Local Version: 4.4.5 Nov 9 07:05:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10103 PROTO=TCP SPT=49956 DPT=28783 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:05:01 server83 systemd: Started Session 308119 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308122 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308120 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308126 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308127 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308123 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308121 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308128 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308125 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308129 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308124 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308130 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308132 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308131 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308133 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308134 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308135 of user root. Nov 9 07:05:01 server83 systemd: Started Session 308136 of user root. Nov 9 07:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:05:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.95.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50919 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41938 SEQ=1 Nov 9 07:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26135 SEQ=1 Nov 9 07:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40910 SEQ=1 Nov 9 07:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45745 SEQ=1 Nov 9 07:05:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=64676 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49541 SEQ=1 Nov 9 07:05:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=754 PROTO=TCP SPT=43739 DPT=2634 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:05:04 server83 dhclient[24487]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x52b3c3a4) Nov 9 07:05:05 server83 letsencrypt.live.cgi: time="2025-11-09T07:05:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=eshafashionmarke WantedNames="[]" Nov 9 07:05:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:05:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24877 PROTO=TCP SPT=63903 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24878 PROTO=TCP SPT=63903 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4323 PROTO=TCP SPT=46416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24879 PROTO=TCP SPT=63903 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4324 PROTO=TCP SPT=46416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24880 PROTO=TCP SPT=63903 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24881 PROTO=TCP SPT=63903 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4327 PROTO=TCP SPT=46416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:05:14 server83 pam_imunify_daemon.bin: time="2025-11-09T07:05:14+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 07:05:17 server83 dhclient[24487]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x52b3c3a4) Nov 9 07:05:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.31 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56060 DPT=9829 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55005 SEQ=1 Nov 9 07:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9757 SEQ=1 Nov 9 07:05:20 server83 letsencrypt.live.cgi: time="2025-11-09T07:05:20+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=cnsenergy WantedNames="[]" error="Account is suspended" Nov 9 07:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3066 SEQ=1 Nov 9 07:05:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:05:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59939 SEQ=1 Nov 9 07:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15782 SEQ=1 Nov 9 07:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59939 SEQ=1 Nov 9 07:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19938 SEQ=1 Nov 9 07:05:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2618 PROTO=TCP SPT=45727 DPT=34758 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46412 PROTO=TCP SPT=43448 DPT=2576 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:05:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:05:35 server83 letsencrypt.live.cgi: time="2025-11-09T07:05:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=trusteddispatch WantedNames="[]" Nov 9 07:05:36 server83 dhclient[24487]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x52b3c3a4) Nov 9 07:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36215 SEQ=1 Nov 9 07:05:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=474 PROTO=TCP SPT=46135 DPT=5410 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3290 SEQ=1 Nov 9 07:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19453 SEQ=1 Nov 9 07:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9244 SEQ=1 Nov 9 07:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61893 SEQ=1 Nov 9 07:05:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=55863 PROTO=TCP SPT=51980 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:05:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.43 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54697 DPT=6466 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:05:44 server83 NetworkManager[922]: <warn> [1762652144.4393] dhcp4 (eth1): request timed out Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4472] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24487 Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4472] dhcp4 (eth1): state changed timeout -> done Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4474] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:05:44 server83 NetworkManager[922]: <warn> [1762652144.4479] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4482] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4516] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4520] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4521] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4524] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4535] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4538] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:05:44 server83 NetworkManager[922]: <info> [1762652144.4550] dhcp4 (eth1): dhclient started with pid 30080 Nov 9 07:05:44 server83 dhclient[30080]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x55f3e039) Nov 9 07:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64049 SEQ=1 Nov 9 07:05:49 server83 dhclient[30080]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x55f3e039) Nov 9 07:05:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=22093 PROTO=TCP SPT=48697 DPT=24026 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:05:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56068 SEQ=1 Nov 9 07:05:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=6253 PROTO=TCP SPT=35407 DPT=8989 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:05:51 server83 letsencrypt.live.cgi: time="2025-11-09T07:05:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mailcoinbase WantedNames="[]" Nov 9 07:05:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.80 DST=51.210.113.204 LEN=33 TOS=0x00 PREC=0x00 TTL=48 ID=36939 PROTO=UDP SPT=46565 DPT=3283 LEN=13 Nov 9 07:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62846 SEQ=1 Nov 9 07:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=62326 DF PROTO=ICMP TYPE=8 CODE=0 ID=24989 SEQ=54054 Nov 9 07:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62846 SEQ=1 Nov 9 07:05:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=137.184.184.8 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=36232 PROTO=TCP SPT=61005 DPT=8081 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:05:58 server83 dhclient[30080]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x55f3e039) Nov 9 07:06:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11947 SEQ=1 Nov 9 07:06:01 server83 systemd: Started Session 308137 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308140 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308138 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308139 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308141 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308142 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308143 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308145 of user root. Nov 9 07:06:01 server83 systemd: Started Session 308144 of user root. Nov 9 07:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11947 SEQ=1 Nov 9 07:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29437 SEQ=1 Nov 9 07:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60395 SEQ=1 Nov 9 07:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8744 SEQ=1 Nov 9 07:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38892 SEQ=1 Nov 9 07:06:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58174 PROTO=TCP SPT=60662 DPT=5668 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:06:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10702 PROTO=TCP SPT=58603 DPT=43389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:06:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=19832 PROTO=TCP SPT=56033 DPT=7721 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:06:07 server83 letsencrypt.live.cgi: time="2025-11-09T07:06:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=flashwhite WantedNames="[]" Nov 9 07:06:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:06:13 server83 dhclient[30080]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x55f3e039) Nov 9 07:06:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=49361 PROTO=TCP SPT=37154 DPT=999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:06:20 server83 dhclient[30080]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x55f3e039) Nov 9 07:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22167 SEQ=1 Nov 9 07:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39509 SEQ=1 Nov 9 07:06:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33682 SEQ=1 Nov 9 07:06:22 server83 letsencrypt.live.cgi: time="2025-11-09T07:06:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=activemore WantedNames="[]" Nov 9 07:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11114 SEQ=1 Nov 9 07:06:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39223 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:06:29 server83 NetworkManager[922]: <warn> [1762652189.4503] dhcp4 (eth1): request timed out Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4662] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 30080 Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4662] dhcp4 (eth1): state changed timeout -> done Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4664] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:06:29 server83 NetworkManager[922]: <warn> [1762652189.4667] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4668] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4695] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4697] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4697] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4699] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4707] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4708] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:06:29 server83 NetworkManager[922]: <info> [1762652189.4717] dhcp4 (eth1): dhclient started with pid 2881 Nov 9 07:06:29 server83 dhclient[2881]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x44529ecd) Nov 9 07:06:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32111 PROTO=TCP SPT=40467 DPT=5743 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13941 SEQ=1 Nov 9 07:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40245 SEQ=1 Nov 9 07:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30443 SEQ=1 Nov 9 07:06:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=379 DF PROTO=ICMP TYPE=8 CODE=0 ID=15704 SEQ=7216 Nov 9 07:06:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14705 SEQ=1 Nov 9 07:06:35 server83 dhclient[2881]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x44529ecd) Nov 9 07:06:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:06:38 server83 letsencrypt.live.cgi: time="2025-11-09T07:06:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vidhimanthan WantedNames="[]" Nov 9 07:06:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:06:40 server83 pam_imunify_daemon.bin: time="2025-11-09T07:06:40+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 07:06:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.191 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=24781 PROTO=TCP SPT=53789 DPT=30443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:06:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:06:49 server83 dhclient[2881]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x44529ecd) Nov 9 07:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35300 SEQ=1 Nov 9 07:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43604 SEQ=1 Nov 9 07:06:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5022 SEQ=1 Nov 9 07:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27247 SEQ=1 Nov 9 07:06:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5022 SEQ=1 Nov 9 07:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45468 SEQ=1 Nov 9 07:06:54 server83 letsencrypt.live.cgi: time="2025-11-09T07:06:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kngsatna WantedNames="[]" Nov 9 07:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31562 SEQ=1 Nov 9 07:07:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.171.29.233 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=35758 DPT=8104 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.92.27.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57121 DPT=20002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:07:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:07:01 server83 systemd: Started Session 308148 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308149 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308147 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308146 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308150 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308151 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308152 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308153 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308154 of user root. Nov 9 07:07:01 server83 systemd: Started Session 308155 of user root. Nov 9 07:07:01 server83 dhclient[2881]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x44529ecd) Nov 9 07:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.85.84.75 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46439 PROTO=TCP SPT=51203 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62818 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28973 SEQ=1 Nov 9 07:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62819 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23235 SEQ=1 Nov 9 07:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49139 SEQ=1 Nov 9 07:07:07 server83 PAM-hulk[8036]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 07:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60963 SEQ=1 Nov 9 07:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60963 SEQ=1 Nov 9 07:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62820 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.30 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=54974 PROTO=TCP SPT=23988 DPT=22722 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:07:10 server83 letsencrypt.live.cgi: time="2025-11-09T07:07:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=silverleafefin WantedNames="[]" Nov 9 07:07:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62821 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:14 server83 NetworkManager[922]: <warn> [1762652234.4436] dhcp4 (eth1): request timed out Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4437] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4516] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2881 Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4516] dhcp4 (eth1): state changed timeout -> done Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4518] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:07:14 server83 NetworkManager[922]: <warn> [1762652234.4524] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4527] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4560] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4565] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4566] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4571] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4581] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4585] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:07:14 server83 NetworkManager[922]: <info> [1762652234.4595] dhcp4 (eth1): dhclient started with pid 9144 Nov 9 07:07:14 server83 dhclient[9144]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6197cf6c) Nov 9 07:07:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16174 PROTO=TCP SPT=45727 DPT=30658 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:07:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=46646 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=150.107.38.251 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=62198 PROTO=TCP SPT=55015 DPT=8125 WINDOW=64838 RES=0x00 SYN URGP=0 Nov 9 07:07:18 server83 dhclient[9144]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x6197cf6c) Nov 9 07:07:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:07:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50682 SEQ=1 Nov 9 07:07:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53921 SEQ=1 Nov 9 07:07:19 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:07:19 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:07:19 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:07:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38172 SEQ=1 Nov 9 07:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62822 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53921 SEQ=1 Nov 9 07:07:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=18925 PROTO=TCP SPT=42328 DPT=5370 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:24 server83 dhclient[9144]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x6197cf6c) Nov 9 07:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.49.234 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=6061 DF PROTO=ICMP TYPE=8 CODE=0 ID=34663 SEQ=32347 Nov 9 07:07:26 server83 letsencrypt.live.cgi: time="2025-11-09T07:07:26+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sakshipackersand WantedNames="[]" error="Account is suspended" Nov 9 07:07:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=12103 PROTO=TCP SPT=37548 DPT=322 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8371 SEQ=1 Nov 9 07:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44524 SEQ=1 Nov 9 07:07:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2034 SEQ=1 Nov 9 07:07:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44524 SEQ=1 Nov 9 07:07:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=111.119.239.202 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=110 DF PROTO=ICMP TYPE=8 CODE=0 ID=61583 SEQ=54027 Nov 9 07:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25323 SEQ=1 Nov 9 07:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2034 SEQ=1 Nov 9 07:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62823 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.84.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40549 DPT=20002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:37 server83 dhclient[9144]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6197cf6c) Nov 9 07:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59070 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59071 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:41 server83 letsencrypt.live.cgi: time="2025-11-09T07:07:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rocketcourierser WantedNames="[]" Nov 9 07:07:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59072 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:43 server83 aibolit_wrapper[13131]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626522638051550.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626522638052716.txt --log=/tmp/malware_cleaner_log_17626522638054052.txt --progress=/tmp/malware_cleaner_progress_17626522638053680.json --csv_result=/tmp/revisium_csvfile_17626522638053872.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:07:44 server83 dhclient[9144]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6197cf6c) Nov 9 07:07:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:07:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.28 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55971 DPT=19574 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=24285 PROTO=TCP SPT=33497 DPT=9100 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:07:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59073 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.56.61.130 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=37927 PROTO=TCP SPT=57915 DPT=5321 WINDOW=64325 RES=0x00 SYN URGP=0 Nov 9 07:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3331 SEQ=1 Nov 9 07:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22105 SEQ=1 Nov 9 07:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30757 SEQ=1 Nov 9 07:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30864 SEQ=1 Nov 9 07:07:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60990 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:07:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.159.146 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=49 ID=32 DF PROTO=UDP SPT=19311 DPT=19311 LEN=16 Nov 9 07:07:54 server83 dhclient[9144]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6197cf6c) Nov 9 07:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59074 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:07:57 server83 letsencrypt.live.cgi: time="2025-11-09T07:07:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pmconstructionsl WantedNames="[]" Nov 9 07:07:59 server83 NetworkManager[922]: <warn> [1762652279.4513] dhcp4 (eth1): request timed out Nov 9 07:07:59 server83 NetworkManager[922]: <info> [1762652279.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:07:59 server83 NetworkManager[922]: <info> [1762652279.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 9144 Nov 9 07:07:59 server83 NetworkManager[922]: <info> [1762652279.4673] dhcp4 (eth1): state changed timeout -> done Nov 9 07:07:59 server83 NetworkManager[922]: <info> [1762652279.4674] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:07:59 server83 NetworkManager[922]: <warn> [1762652279.4678] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:07:59 server83 NetworkManager[922]: <info> [1762652279.4680] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:08:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62250 SEQ=1 Nov 9 07:08:01 server83 systemd: Started Session 308156 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308157 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308159 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308158 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308160 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308161 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308162 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308164 of user root. Nov 9 07:08:01 server83 systemd: Started Session 308163 of user root. Nov 9 07:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23219 SEQ=1 Nov 9 07:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23654 SEQ=1 Nov 9 07:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62250 SEQ=1 Nov 9 07:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53402 SEQ=1 Nov 9 07:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46072 SEQ=1 Nov 9 07:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11201 SEQ=1 Nov 9 07:08:08 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 07:08:08 server83 systemd: Stopped Status Update Service. Nov 9 07:08:08 server83 systemd: Started Status Update Service. Nov 9 07:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62824 DF PROTO=TCP SPT=43314 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59075 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:08:12 server83 letsencrypt.live.cgi: time="2025-11-09T07:08:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=janidiam WantedNames="[]" Nov 9 07:08:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49690 DPT=21000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.38 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=2837 PROTO=TCP SPT=24858 DPT=1604 WINDOW=39960 RES=0x00 SYN URGP=0 Nov 9 07:08:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43433 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23382 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:20 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 07:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 07:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23383 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42375 SEQ=1 Nov 9 07:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37108 SEQ=1 Nov 9 07:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16233 SEQ=1 Nov 9 07:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23384 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48583 SEQ=1 Nov 9 07:08:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50409 PROTO=TCP SPT=61000 DPT=29113 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:08:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38913 SEQ=1 Nov 9 07:08:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16401 SEQ=1 Nov 9 07:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23385 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:28 server83 letsencrypt.live.cgi: time="2025-11-09T07:08:28+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=nikamindustries WantedNames="[]" error="Account is suspended" Nov 9 07:08:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=43087 PROTO=TCP SPT=55121 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.121 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=5753 DF PROTO=TCP SPT=42486 DPT=22122 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:08:32 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23386 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=49697 PROTO=TCP SPT=47254 DPT=33782 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51723 SEQ=1 Nov 9 07:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51298 SEQ=1 Nov 9 07:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13672 SEQ=1 Nov 9 07:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40309 SEQ=1 Nov 9 07:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24991 SEQ=1 Nov 9 07:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38736 SEQ=1 Nov 9 07:08:43 server83 letsencrypt.live.cgi: time="2025-11-09T07:08:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pksoft2022 WantedNames="[]" Nov 9 07:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59076 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.158 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53345 DPT=18159 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.225.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55408 DPT=1998 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39915 PROTO=TCP SPT=54136 DPT=5538 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3431 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22506 PROTO=TCP SPT=44077 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:08:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22507 PROTO=TCP SPT=44077 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23387 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.230 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58526 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15913 SEQ=1 Nov 9 07:08:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37301 PROTO=TCP SPT=37929 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:08:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37303 PROTO=TCP SPT=37929 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:08:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.99.13.19 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=43664 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:08:59 server83 letsencrypt.live.cgi: time="2025-11-09T07:08:59+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=grothpan WantedNames="[]" error="Account is suspended" Nov 9 07:09:01 server83 systemd: Started Session 308165 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308166 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308167 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308168 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308169 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308170 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308171 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308172 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308173 of user root. Nov 9 07:09:01 server83 systemd: Started Session 308174 of user root. Nov 9 07:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43507 SEQ=1 Nov 9 07:09:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51470 PROTO=TCP SPT=56672 DPT=4287 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34139 DF PROTO=TCP SPT=59012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35883 SEQ=1 Nov 9 07:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.190.163.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59670 DPT=9700 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43507 SEQ=1 Nov 9 07:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9519 SEQ=1 Nov 9 07:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26208 SEQ=1 Nov 9 07:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34140 DF PROTO=TCP SPT=59012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55791 DPT=12300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12854 SEQ=1 Nov 9 07:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.11.225 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=6058 DF PROTO=TCP SPT=48286 DPT=4065 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.15 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=48723 PROTO=TCP SPT=26200 DPT=7080 WINDOW=32029 RES=0x00 SYN URGP=0 Nov 9 07:09:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34142 DF PROTO=TCP SPT=59012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:14 server83 letsencrypt.live.cgi: time="2025-11-09T07:09:14+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=cordon WantedNames="[]" error="Account is suspended" Nov 9 07:09:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.95 DST=145.239.177.179 LEN=541 TOS=0x00 PREC=0x00 TTL=51 ID=63604 DF PROTO=UDP SPT=22925 DPT=3702 LEN=521 Nov 9 07:09:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46436 SEQ=1 Nov 9 07:09:19 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.95 DST=145.239.177.179 LEN=652 TOS=0x00 PREC=0x00 TTL=51 ID=64199 DF PROTO=UDP SPT=22925 DPT=3702 LEN=632 Nov 9 07:09:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26031 SEQ=1 Nov 9 07:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47992 SEQ=1 Nov 9 07:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62835 SEQ=1 Nov 9 07:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=13186 DF PROTO=ICMP TYPE=8 CODE=0 ID=51312 SEQ=61517 Nov 9 07:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34143 DF PROTO=TCP SPT=59012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32925 SEQ=1 Nov 9 07:09:22 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.95 DST=145.239.177.179 LEN=658 TOS=0x00 PREC=0x00 TTL=51 ID=64509 DF PROTO=UDP SPT=22925 DPT=3702 LEN=638 Nov 9 07:09:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30779 PROTO=TCP SPT=49956 DPT=26994 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23388 DF PROTO=TCP SPT=55120 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:29 server83 letsencrypt.live.cgi: time="2025-11-09T07:09:29+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=swetashashank WantedNames="[]" error="Account is suspended" Nov 9 07:09:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1004 PROTO=TCP SPT=36242 DPT=12300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.203.219.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=38541 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17471 SEQ=1 Nov 9 07:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16992 SEQ=1 Nov 9 07:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41689 SEQ=1 Nov 9 07:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6860 SEQ=1 Nov 9 07:09:34 server83 pam_imunify_daemon.bin: time="2025-11-09T07:09:34+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34144 DF PROTO=TCP SPT=59012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54245 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54246 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54247 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3430 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:09:44 server83 letsencrypt.live.cgi: time="2025-11-09T07:09:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cryptominingtab WantedNames="[]" Nov 9 07:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54248 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:09:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54618 SEQ=1 Nov 9 07:09:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54931 SEQ=1 Nov 9 07:09:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16814 PROTO=TCP SPT=45727 DPT=32630 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:09:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11941 PROTO=TCP SPT=33363 DPT=4229 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2449 PROTO=TCP SPT=45727 DPT=31634 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31387 SEQ=1 Nov 9 07:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63636 SEQ=1 Nov 9 07:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12562 SEQ=1 Nov 9 07:09:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49429 PROTO=TCP SPT=49871 DPT=8073 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54249 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:00 server83 letsencrypt.live.cgi: time="2025-11-09T07:10:00+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=shreesubhlogisti WantedNames="[]" error="Account is suspended" Nov 9 07:10:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.125.30 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=41188 DPT=8104 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:01 server83 systemd: Started Session 308175 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308179 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308181 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308176 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308180 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308177 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308178 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308184 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308183 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308185 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308182 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308186 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308188 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308189 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308187 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308191 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308190 of user root. Nov 9 07:10:01 server83 systemd: Started Session 308192 of user root. Nov 9 07:10:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.15.34.47 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=1 DF PROTO=TCP SPT=61000 DPT=25565 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 07:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19367 SEQ=1 Nov 9 07:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34724 SEQ=1 Nov 9 07:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42320 SEQ=1 Nov 9 07:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53587 SEQ=1 Nov 9 07:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34724 SEQ=1 Nov 9 07:10:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34145 DF PROTO=TCP SPT=59012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54250 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.106 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54008 DPT=5433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:15 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:10:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:10:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=digitall WantedNames="[]" Nov 9 07:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59424 PROTO=TCP SPT=43840 DPT=9300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12481 DF PROTO=TCP SPT=53659 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:10:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12482 DF PROTO=TCP SPT=53659 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60097 SEQ=1 Nov 9 07:10:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12483 DF PROTO=TCP SPT=53659 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34808 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15214 SEQ=1 Nov 9 07:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34809 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60097 SEQ=1 Nov 9 07:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22946 SEQ=1 Nov 9 07:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10488 SEQ=1 Nov 9 07:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34810 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65468 SEQ=1 Nov 9 07:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12484 DF PROTO=TCP SPT=53659 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:10:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=1396 PROTO=TCP SPT=45179 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34811 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64878 PROTO=TCP SPT=54480 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:10:31 server83 letsencrypt.live.cgi: time="2025-11-09T07:10:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vdcolle WantedNames="[]" Nov 9 07:10:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12485 DF PROTO=TCP SPT=53659 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63596 SEQ=1 Nov 9 07:10:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63596 SEQ=1 Nov 9 07:10:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63774 SEQ=1 Nov 9 07:10:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35063 SEQ=1 Nov 9 07:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.173.101 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42949 DPT=1998 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34812 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.41.205 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3670 DF PROTO=TCP SPT=43532 DPT=950 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30691 SEQ=1 Nov 9 07:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5361 SEQ=1 Nov 9 07:10:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.19 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=29015 PROTO=TCP SPT=56525 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.126.84 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=17282 PROTO=TCP SPT=37130 DPT=3011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:38 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=1.0.0.1 DST=145.239.177.179 LEN=88 TOS=0x00 PREC=0x00 TTL=52 ID=56288 DF PROTO=UDP SPT=53 DPT=41305 LEN=68 Nov 9 07:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21915 SEQ=1 Nov 9 07:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45229 SEQ=1 Nov 9 07:10:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.111 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=17238 PROTO=TCP SPT=45933 DPT=5009 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:10:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3429 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:10:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54251 DF PROTO=TCP SPT=40684 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:46 server83 letsencrypt.live.cgi: time="2025-11-09T07:10:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cmslifeadvisor WantedNames="[]" Nov 9 07:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:10:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8587 PROTO=TCP SPT=49956 DPT=27717 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:10:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34813 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:10:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.148.147.222 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36046 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10924 SEQ=1 Nov 9 07:10:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.197.8 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=45 ID=20365 DF PROTO=UDP SPT=17068 DPT=37 LEN=9 Nov 9 07:10:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18654 PROTO=TCP SPT=49956 DPT=26959 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:11:01 server83 systemd: Started Session 308193 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308194 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308195 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308196 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308198 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308199 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308197 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308200 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308202 of user root. Nov 9 07:11:01 server83 systemd: Started Session 308201 of user root. Nov 9 07:11:02 server83 letsencrypt.live.cgi: time="2025-11-09T07:11:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=expressdcourier WantedNames="[]" Nov 9 07:11:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1050 SEQ=1 Nov 9 07:11:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3428 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6892 SEQ=1 Nov 9 07:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3422 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57897 SEQ=1 Nov 9 07:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6178 SEQ=1 Nov 9 07:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61984 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25447 SEQ=1 Nov 9 07:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49871 SEQ=1 Nov 9 07:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61985 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61986 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.197.80 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41977 DPT=8123 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61987 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45571 SEQ=1 Nov 9 07:11:18 server83 letsencrypt.live.cgi: time="2025-11-09T07:11:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=capitalheightstr WantedNames="[]" Nov 9 07:11:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9336 SEQ=1 Nov 9 07:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36264 SEQ=1 Nov 9 07:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45483 SEQ=1 Nov 9 07:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50226 SEQ=1 Nov 9 07:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8831 SEQ=1 Nov 9 07:11:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.50.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60545 DPT=1720 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:11:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1034 SEQ=1 Nov 9 07:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61988 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:11:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:11:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52364 DPT=5600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:11:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34814 DF PROTO=TCP SPT=53576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.39 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=26887 PROTO=TCP SPT=3794 DPT=48809 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:11:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=39788 PROTO=TCP SPT=47238 DPT=5531 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:11:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:11:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31230 SEQ=1 Nov 9 07:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10091 SEQ=1 Nov 9 07:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47162 SEQ=1 Nov 9 07:11:33 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:11:33 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=177 SEQ=1 Nov 9 07:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=24439 DF PROTO=ICMP TYPE=8 CODE=0 ID=60679 SEQ=28214 Nov 9 07:11:33 server83 letsencrypt.live.cgi: time="2025-11-09T07:11:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=helicopaviation WantedNames="[]" Nov 9 07:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38659 DPT=790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12486 DF PROTO=TCP SPT=55569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:11:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12487 DF PROTO=TCP SPT=55569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15378 SEQ=1 Nov 9 07:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=177 SEQ=1 Nov 9 07:11:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60993 PROTO=TCP SPT=45727 DPT=30920 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:11:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12488 DF PROTO=TCP SPT=55569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61989 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38911 DF PROTO=TCP SPT=52162 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12489 DF PROTO=TCP SPT=55569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:11:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38913 DF PROTO=TCP SPT=52162 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:46 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=102.216.212.122 DST=51.210.113.204 LEN=107 TOS=0x00 PREC=0x00 TTL=47 ID=64018 DF PROTO=UDP SPT=35106 DPT=30301 LEN=87 Nov 9 07:11:47 server83 pam_imunify_daemon.bin: time="2025-11-09T07:11:47+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:11:49 server83 letsencrypt.live.cgi: time="2025-11-09T07:11:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aipsprayagraj WantedNames="[]" Nov 9 07:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46225 SEQ=1 Nov 9 07:11:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=20754 DF PROTO=ICMP TYPE=8 CODE=0 ID=42428 SEQ=34652 Nov 9 07:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38914 DF PROTO=TCP SPT=52162 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:11:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12490 DF PROTO=TCP SPT=55569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:11:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.225.108 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5863 DF PROTO=TCP SPT=42667 DPT=3995 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:11:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.148.190.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=14649 PROTO=TCP SPT=45735 DPT=30789 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38915 DF PROTO=TCP SPT=52162 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:01 server83 systemd: Started Session 308204 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308203 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308205 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308206 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308207 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308208 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308209 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308210 of user root. Nov 9 07:12:01 server83 systemd: Started Session 308211 of user root. Nov 9 07:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52612 SEQ=1 Nov 9 07:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58611 SEQ=1 Nov 9 07:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37966 SEQ=1 Nov 9 07:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58611 SEQ=1 Nov 9 07:12:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=7830 PROTO=TCP SPT=10044 DPT=7557 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:12:05 server83 letsencrypt.live.cgi: time="2025-11-09T07:12:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=digimar1 WantedNames="[]" Nov 9 07:12:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.103 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=59825 PROTO=TCP SPT=50412 DPT=1720 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11977 SEQ=1 Nov 9 07:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62237 SEQ=1 Nov 9 07:12:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43139 SEQ=1 Nov 9 07:12:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.161 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=57320 DPT=47872 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:12:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:12:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61990 DF PROTO=TCP SPT=49928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38916 DF PROTO=TCP SPT=52162 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.84.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43819 DPT=1720 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22228 SEQ=1 Nov 9 07:12:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=55446 DPT=18574 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14741 SEQ=1 Nov 9 07:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58477 SEQ=1 Nov 9 07:12:20 server83 letsencrypt.live.cgi: time="2025-11-09T07:12:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=registrationserv WantedNames="[]" Nov 9 07:12:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37915 SEQ=1 Nov 9 07:12:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=163.181.242.226 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=51 ID=55470 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=0 Nov 9 07:12:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=538 SEQ=1 Nov 9 07:12:22 server83 scripts.sh: Sun Nov 9 07:12:22 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44391 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=163.181.242.226 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=51 ID=56351 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=2 Nov 9 07:12:23 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:12:23 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:12:23 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44392 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14741 SEQ=1 Nov 9 07:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44393 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44394 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49916 SEQ=1 Nov 9 07:12:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9794 SEQ=1 Nov 9 07:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56713 SEQ=1 Nov 9 07:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49594 SEQ=1 Nov 9 07:12:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59398 SEQ=1 Nov 9 07:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54654 PROTO=TCP SPT=49956 DPT=26990 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:12:36 server83 letsencrypt.live.cgi: time="2025-11-09T07:12:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=khanssal WantedNames="[]" Nov 9 07:12:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56713 SEQ=1 Nov 9 07:12:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54088 SEQ=1 Nov 9 07:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44395 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45797 SEQ=1 Nov 9 07:12:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=12575 PROTO=TCP SPT=46370 DPT=3145 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:12:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.148.190.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=4433 PROTO=TCP SPT=45735 DPT=30489 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:12:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:12:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:12:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38917 DF PROTO=TCP SPT=52162 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50211 SEQ=1 Nov 9 07:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49390 SEQ=1 Nov 9 07:12:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.249 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=34531 DF PROTO=TCP SPT=56193 DPT=9521 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50211 SEQ=1 Nov 9 07:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12425 SEQ=1 Nov 9 07:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23209 SEQ=1 Nov 9 07:12:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:12:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=live WantedNames="[]" Nov 9 07:12:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3917 PROTO=TCP SPT=53077 DPT=5906 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44396 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:12:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52657 DPT=9002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:12:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55032 PROTO=TCP SPT=43457 DPT=2504 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:12:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12491 DF PROTO=TCP SPT=57445 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:12:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24294 PROTO=TCP SPT=48697 DPT=25933 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:12:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12492 DF PROTO=TCP SPT=57445 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:12:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12493 DF PROTO=TCP SPT=57445 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4882] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4886] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4887] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4890] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4900] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4902] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:12:59 server83 NetworkManager[922]: <info> [1762652579.4915] dhcp4 (eth1): dhclient started with pid 8503 Nov 9 07:12:59 server83 dhclient[8503]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x27cb83f0) Nov 9 07:13:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:13:01 server83 systemd: Started Session 308212 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308213 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308215 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308217 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308214 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308218 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308216 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308219 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308220 of user root. Nov 9 07:13:01 server83 systemd: Started Session 308221 of user root. Nov 9 07:13:01 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 07:13:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.41 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16939 PROTO=TCP SPT=45865 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12494 DF PROTO=TCP SPT=57445 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:03 server83 aibolit_wrapper[8771]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626525835701210.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626525835702510.txt --log=/tmp/malware_cleaner_log_17626525835703846.txt --progress=/tmp/malware_cleaner_progress_17626525835703474.json --csv_result=/tmp/revisium_csvfile_17626525835703624.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=936 SEQ=1 Nov 9 07:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40061 SEQ=1 Nov 9 07:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10216 SEQ=1 Nov 9 07:13:06 server83 dhclient[8503]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x27cb83f0) Nov 9 07:13:07 server83 letsencrypt.live.cgi: time="2025-11-09T07:13:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=riacanada WantedNames="[]" Nov 9 07:13:07 server83 aibolit_wrapper[8929]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626525877625986.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626525877627390.txt --log=/tmp/malware_cleaner_log_17626525877629078.txt --progress=/tmp/malware_cleaner_progress_17626525877628662.json --csv_result=/tmp/revisium_csvfile_17626525877628862.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:13:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14166 PROTO=TCP SPT=46370 DPT=1620 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35573 SEQ=1 Nov 9 07:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.86.246 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=1100 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12495 DF PROTO=TCP SPT=57445 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=289 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=290 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3421 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:13:13 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.130 DST=145.239.177.179 LEN=53 TOS=0x00 PREC=0x00 TTL=48 ID=55626 PROTO=UDP SPT=39429 DPT=27029 LEN=33 Nov 9 07:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=3079 PROTO=TCP SPT=45718 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:13:14 server83 dhclient[8503]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x27cb83f0) Nov 9 07:13:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=291 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:18 server83 pam_imunify_daemon.bin: time="2025-11-09T07:13:18+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:13:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=292 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11220 SEQ=1 Nov 9 07:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60023 SEQ=1 Nov 9 07:13:20 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:13:23 server83 letsencrypt.live.cgi: time="2025-11-09T07:13:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=maxwellsolicitor WantedNames="[]" Nov 9 07:13:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12496 DF PROTO=TCP SPT=58162 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12497 DF PROTO=TCP SPT=58162 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44397 DF PROTO=TCP SPT=43466 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=293 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12498 DF PROTO=TCP SPT=58162 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=16722 PROTO=TCP SPT=44449 DPT=5984 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:13:31 server83 dhclient[8503]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x27cb83f0) Nov 9 07:13:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12499 DF PROTO=TCP SPT=58162 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30588 SEQ=1 Nov 9 07:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29525 SEQ=1 Nov 9 07:13:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:13:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56450 SEQ=1 Nov 9 07:13:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56450 SEQ=1 Nov 9 07:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51187 SEQ=1 Nov 9 07:13:39 server83 letsencrypt.live.cgi: time="2025-11-09T07:13:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=aashin WantedNames="[]" Nov 9 07:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29525 SEQ=1 Nov 9 07:13:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12500 DF PROTO=TCP SPT=58162 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=294 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:44 server83 NetworkManager[922]: <warn> [1762652624.4504] dhcp4 (eth1): request timed out Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8503 Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:13:44 server83 NetworkManager[922]: <warn> [1762652624.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4705] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4709] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4710] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4713] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4723] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4726] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:13:44 server83 NetworkManager[922]: <info> [1762652624.4738] dhcp4 (eth1): dhclient started with pid 10267 Nov 9 07:13:44 server83 dhclient[10267]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x174c3c45) Nov 9 07:13:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43154 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43155 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10635 SEQ=1 Nov 9 07:13:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47144 SEQ=1 Nov 9 07:13:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43156 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46937 SEQ=1 Nov 9 07:13:51 server83 dhclient[10267]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x174c3c45) Nov 9 07:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43157 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:13:55 server83 letsencrypt.live.cgi: time="2025-11-09T07:13:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tarunrealty WantedNames="[]" Nov 9 07:13:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:13:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43158 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:01 server83 systemd: Started Session 308222 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308223 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308224 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308225 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308226 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308227 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308228 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308229 of user root. Nov 9 07:14:01 server83 systemd: Started Session 308230 of user root. Nov 9 07:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4029 SEQ=1 Nov 9 07:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5406 SEQ=1 Nov 9 07:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4862 SEQ=1 Nov 9 07:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21193 SEQ=1 Nov 9 07:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=43530 DF PROTO=ICMP TYPE=8 CODE=0 ID=57961 SEQ=27631 Nov 9 07:14:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10002 SEQ=1 Nov 9 07:14:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.218.206.82 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40715 DPT=9999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:05 server83 dhclient[10267]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x174c3c45) Nov 9 07:14:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13193 PROTO=TCP SPT=49956 DPT=25211 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4862 SEQ=1 Nov 9 07:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28683 SEQ=1 Nov 9 07:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10002 SEQ=1 Nov 9 07:14:10 server83 letsencrypt.live.cgi: time="2025-11-09T07:14:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=minakshigraphics WantedNames="[]" Nov 9 07:14:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3420 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:14:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:14:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:14:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.27 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=45358 PROTO=TCP SPT=51293 DPT=6443 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=295 DF PROTO=TCP SPT=36574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43159 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11008 SEQ=1 Nov 9 07:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2607 SEQ=1 Nov 9 07:14:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60458 SEQ=1 Nov 9 07:14:22 server83 dhclient[10267]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x174c3c45) Nov 9 07:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2607 SEQ=1 Nov 9 07:14:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41687 PROTO=TCP SPT=47246 DPT=9010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46594 DF PROTO=TCP SPT=54278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:26 server83 letsencrypt.live.cgi: time="2025-11-09T07:14:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sddm WantedNames="[]" Nov 9 07:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46595 DF PROTO=TCP SPT=54278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.43 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=54302 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46596 DF PROTO=TCP SPT=54278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42856 PROTO=TCP SPT=34056 DPT=5074 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:29 server83 NetworkManager[922]: <warn> [1762652669.4453] dhcp4 (eth1): request timed out Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4532] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10267 Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4532] dhcp4 (eth1): state changed timeout -> done Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4534] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:14:29 server83 NetworkManager[922]: <warn> [1762652669.4538] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4540] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4572] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4577] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4578] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4582] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4593] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4597] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:14:29 server83 NetworkManager[922]: <info> [1762652669.4611] dhcp4 (eth1): dhclient started with pid 11918 Nov 9 07:14:29 server83 dhclient[11918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x79a7b4f5) Nov 9 07:14:31 server83 systemd: Started Session c2846 of user root. Nov 9 07:14:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3427 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:14:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:14:31 server83 scripts.sh: Load Average: 3.66 , 3.41 Nov 9 07:14:31 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 07:14:31 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 07:14:31 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 07:14:31 server83 scripts.sh: HTTPD Status: inactive Nov 9 07:14:31 server83 scripts.sh: MySQL Status: active Nov 9 07:14:31 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 07:14:31 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 07:14:31 server83 scripts.sh: SSHD Status: active Nov 9 07:14:31 server83 scripts.sh: FTP Status: active Nov 9 07:14:31 server83 scripts.sh: LiteSpeed Status: Active Nov 9 07:14:31 server83 scripts.sh: Imunify Status: Active Nov 9 07:14:31 server83 scripts.sh: cPanel Status: active Nov 9 07:14:31 server83 scripts.sh: Memory Status: 12/31 GB - 39.77% Nov 9 07:14:31 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 07:14:31 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 07:14:31 server83 scripts.sh: Local Version: 4.4.5 Nov 9 07:14:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4168 PROTO=TCP SPT=36680 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:33 server83 dhclient[11918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x79a7b4f5) Nov 9 07:14:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19986 SEQ=1 Nov 9 07:14:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32921 SEQ=1 Nov 9 07:14:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16227 SEQ=1 Nov 9 07:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59078 SEQ=1 Nov 9 07:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19769 SEQ=1 Nov 9 07:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48539 SEQ=1 Nov 9 07:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48539 SEQ=1 Nov 9 07:14:40 server83 dhclient[11918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x79a7b4f5) Nov 9 07:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46598 DF PROTO=TCP SPT=54278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:42 server83 letsencrypt.live.cgi: time="2025-11-09T07:14:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=relvtbk WantedNames="[]" Nov 9 07:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.24 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=33224 PROTO=TCP SPT=23859 DPT=11211 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:14:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:14:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.233 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53329 DPT=48704 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:49 server83 dhclient[11918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x79a7b4f5) Nov 9 07:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43160 DF PROTO=TCP SPT=36544 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39698 SEQ=1 Nov 9 07:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49613 SEQ=1 Nov 9 07:14:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2455 SEQ=1 Nov 9 07:14:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9083 PROTO=TCP SPT=58889 DPT=4106 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46599 DF PROTO=TCP SPT=54278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:14:57 server83 letsencrypt.live.cgi: time="2025-11-09T07:14:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=weekendt WantedNames="[]" Nov 9 07:14:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.124 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38711 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:14:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62940 PROTO=TCP SPT=46370 DPT=2650 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:01 server83 systemd: Started Session 308231 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308233 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308235 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308234 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308236 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308237 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308232 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308239 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308240 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308238 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308241 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308242 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308243 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308244 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308245 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308246 of user root. Nov 9 07:15:01 server83 systemd: Started Session 308247 of user root. Nov 9 07:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 07:15:01 server83 systemd: Started Session 308248 of user sanatanhinduvahi. Nov 9 07:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:15:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 07:15:02 server83 dhclient[11918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x79a7b4f5) Nov 9 07:15:03 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.81.120.183 DST=51.210.113.204 LEN=103 TOS=0x00 PREC=0x00 TTL=51 ID=5331 DF PROTO=UDP SPT=61135 DPT=5060 LEN=83 Nov 9 07:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41830 SEQ=1 Nov 9 07:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22678 SEQ=1 Nov 9 07:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16407 SEQ=1 Nov 9 07:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54295 SEQ=1 Nov 9 07:15:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63153 SEQ=1 Nov 9 07:15:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3419 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59262 SEQ=1 Nov 9 07:15:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50322 DPT=9269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:15:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54783 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:15:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3426 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:12 server83 dhclient[11918]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x79a7b4f5) Nov 9 07:15:13 server83 letsencrypt.live.cgi: time="2025-11-09T07:15:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bittuenterprises WantedNames="[]" Nov 9 07:15:14 server83 NetworkManager[922]: <warn> [1762652714.4405] dhcp4 (eth1): request timed out Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4405] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4565] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11918 Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4565] dhcp4 (eth1): state changed timeout -> done Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4567] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:15:14 server83 NetworkManager[922]: <warn> [1762652714.4573] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4576] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4611] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4616] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4618] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4623] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4634] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4638] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:15:14 server83 NetworkManager[922]: <info> [1762652714.4650] dhcp4 (eth1): dhclient started with pid 13888 Nov 9 07:15:14 server83 dhclient[13888]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x48ae02b6) Nov 9 07:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=785 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=786 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.16 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=15924 PROTO=TCP SPT=26200 DPT=12535 WINDOW=11216 RES=0x00 SYN URGP=0 Nov 9 07:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3425 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=787 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15092 SEQ=1 Nov 9 07:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61955 SEQ=1 Nov 9 07:15:22 server83 dhclient[13888]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x48ae02b6) Nov 9 07:15:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=788 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8233 SEQ=1 Nov 9 07:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44840 SEQ=1 Nov 9 07:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49582 SEQ=1 Nov 9 07:15:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57163 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:15:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.175 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50752 DPT=47693 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:15:29 server83 letsencrypt.live.cgi: time="2025-11-09T07:15:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=newguy WantedNames="[]" Nov 9 07:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3418 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=789 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:31 server83 dhclient[13888]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x48ae02b6) Nov 9 07:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46600 DF PROTO=TCP SPT=54278 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63047 SEQ=1 Nov 9 07:15:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40955 SEQ=1 Nov 9 07:15:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11152 SEQ=1 Nov 9 07:15:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46070 PROTO=TCP SPT=51370 DPT=2222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=31570 DF PROTO=ICMP TYPE=8 CODE=0 ID=23029 SEQ=58506 Nov 9 07:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=30358 DF PROTO=ICMP TYPE=8 CODE=0 ID=29913 SEQ=8833 Nov 9 07:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47269 SEQ=1 Nov 9 07:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34288 SEQ=1 Nov 9 07:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63047 SEQ=1 Nov 9 07:15:39 server83 dhclient[13888]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x48ae02b6) Nov 9 07:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59574 SEQ=1 Nov 9 07:15:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50159 PROTO=TCP SPT=45727 DPT=34478 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4231 PROTO=TCP SPT=54697 DPT=4734 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:15:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5405 PROTO=TCP SPT=46370 DPT=1380 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:15:44 server83 letsencrypt.live.cgi: time="2025-11-09T07:15:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=gorabhaviinterna WantedNames="[]" error="Account is suspended" Nov 9 07:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14092 PROTO=TCP SPT=48697 DPT=36322 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:15:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=790 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23926 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:50 server83 pam_imunify_daemon.bin: time="2025-11-09T07:15:50+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39888 SEQ=1 Nov 9 07:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27464 SEQ=1 Nov 9 07:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23927 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28628 SEQ=1 Nov 9 07:15:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23928 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:53 server83 dhclient[13888]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x48ae02b6) Nov 9 07:15:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.101 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35145 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23929 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:15:59 server83 NetworkManager[922]: <warn> [1762652759.4493] dhcp4 (eth1): request timed out Nov 9 07:15:59 server83 NetworkManager[922]: <info> [1762652759.4494] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:15:59 server83 NetworkManager[922]: <info> [1762652759.4654] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13888 Nov 9 07:15:59 server83 NetworkManager[922]: <info> [1762652759.4654] dhcp4 (eth1): state changed timeout -> done Nov 9 07:15:59 server83 NetworkManager[922]: <info> [1762652759.4656] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:15:59 server83 NetworkManager[922]: <warn> [1762652759.4662] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:15:59 server83 NetworkManager[922]: <info> [1762652759.4665] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:16:00 server83 letsencrypt.live.cgi: time="2025-11-09T07:16:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sanjeevtheatreco WantedNames="[]" Nov 9 07:16:01 server83 systemd: Started Session 308249 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308250 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308251 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308252 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308253 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308254 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308255 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308256 of user root. Nov 9 07:16:01 server83 systemd: Started Session 308257 of user root. Nov 9 07:16:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11927 SEQ=1 Nov 9 07:16:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23951 SEQ=1 Nov 9 07:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3424 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23183 PROTO=TCP SPT=52736 DPT=8282 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23930 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=4443 PROTO=TCP SPT=12592 DPT=42204 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10897 SEQ=1 Nov 9 07:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39434 SEQ=1 Nov 9 07:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3048 SEQ=1 Nov 9 07:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3048 SEQ=1 Nov 9 07:16:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.146 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51347 DPT=9801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:16:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:16:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.98 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=35692 PROTO=TCP SPT=58914 DPT=7170 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:16:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8738 PROTO=TCP SPT=37917 DPT=4815 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:16:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:16:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:16:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=doncourier WantedNames="[]" Nov 9 07:16:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19195 PROTO=TCP SPT=48724 DPT=5428 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:16:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39975 SEQ=1 Nov 9 07:16:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61447 SEQ=1 Nov 9 07:16:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50831 SEQ=1 Nov 9 07:16:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=791 DF PROTO=TCP SPT=59316 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23931 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.136 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=48888 PROTO=TCP SPT=13574 DPT=2375 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38895 SEQ=1 Nov 9 07:16:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=116.204.35.248 DST=51.210.113.204 LEN=58 TOS=0x00 PREC=0x00 TTL=40 ID=40358 DF PROTO=ICMP TYPE=8 CODE=0 ID=56941 SEQ=45126 Nov 9 07:16:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49797 PROTO=TCP SPT=53776 DPT=4998 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44689 PROTO=TCP SPT=64789 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33051 DF PROTO=TCP SPT=36102 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44690 PROTO=TCP SPT=64789 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33052 DF PROTO=TCP SPT=36102 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:31 server83 letsencrypt.live.cgi: time="2025-11-09T07:16:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=trusten WantedNames="[]" Nov 9 07:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=123 PROTO=TCP SPT=48041 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44691 PROTO=TCP SPT=64789 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=125 PROTO=TCP SPT=48041 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3393 SEQ=1 Nov 9 07:16:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39445 SEQ=1 Nov 9 07:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=126 PROTO=TCP SPT=48041 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54485 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=127 PROTO=TCP SPT=48041 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44011 SEQ=1 Nov 9 07:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33054 DF PROTO=TCP SPT=36102 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34906 SEQ=1 Nov 9 07:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6091 SEQ=1 Nov 9 07:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55405 SEQ=1 Nov 9 07:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60955 SEQ=1 Nov 9 07:16:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15302 PROTO=TCP SPT=52789 DPT=28550 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.153 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=14369 PROTO=TCP SPT=54467 DPT=5222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33055 DF PROTO=TCP SPT=36102 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:16:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1814 SEQ=1 Nov 9 07:16:48 server83 letsencrypt.live.cgi: time="2025-11-09T07:16:48+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=theresearch WantedNames="[]" error="Account is suspended" Nov 9 07:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60744 SEQ=1 Nov 9 07:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51979 SEQ=1 Nov 9 07:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28447 SEQ=1 Nov 9 07:16:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51792 SEQ=1 Nov 9 07:16:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1814 SEQ=1 Nov 9 07:16:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=9173 PROTO=TCP SPT=63263 DPT=6009 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:16:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=23932 DF PROTO=TCP SPT=50300 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:16:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=35987 PROTO=TCP SPT=50272 DPT=21486 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:16:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12501 DF PROTO=TCP SPT=61638 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12502 DF PROTO=TCP SPT=61638 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:16:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12503 DF PROTO=TCP SPT=61638 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:16:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12504 DF PROTO=TCP SPT=61783 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:17:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12505 DF PROTO=TCP SPT=61783 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:17:01 server83 systemd: Started Session 308258 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308259 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308260 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308261 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308263 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308264 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308262 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308265 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308266 of user root. Nov 9 07:17:01 server83 systemd: Started Session 308267 of user root. Nov 9 07:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30484 PROTO=TCP SPT=49956 DPT=25763 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:17:03 server83 letsencrypt.live.cgi: time="2025-11-09T07:17:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=treenz WantedNames="[]" Nov 9 07:17:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:17:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12508 DF PROTO=TCP SPT=61783 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34221 SEQ=1 Nov 9 07:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47232 SEQ=1 Nov 9 07:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31665 SEQ=1 Nov 9 07:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49907 SEQ=1 Nov 9 07:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49907 SEQ=1 Nov 9 07:17:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=45491 PROTO=TCP SPT=56185 DPT=7913 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:17:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12509 DF PROTO=TCP SPT=61638 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:17:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12510 DF PROTO=TCP SPT=61783 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:17:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37249 SEQ=1 Nov 9 07:17:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54912 SEQ=1 Nov 9 07:17:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41676 PROTO=TCP SPT=44636 DPT=6691 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:17:19 server83 letsencrypt.live.cgi: time="2025-11-09T07:17:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=staragency WantedNames="[]" Nov 9 07:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59566 SEQ=1 Nov 9 07:17:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:17:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59566 SEQ=1 Nov 9 07:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22643 SEQ=1 Nov 9 07:17:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.215.0.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58840 PROTO=TCP SPT=60022 DPT=222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37049 SEQ=1 Nov 9 07:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59333 SEQ=1 Nov 9 07:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37049 SEQ=1 Nov 9 07:17:24 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:17:24 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:17:24 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:17:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.78 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=54254 PROTO=TCP SPT=56659 DPT=35686 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:17:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.36 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53257 DPT=9429 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:17:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.245 DST=145.239.177.179 LEN=76 TOS=0x00 PREC=0x00 TTL=35 ID=69 PROTO=UDP SPT=17458 DPT=53355 LEN=56 Nov 9 07:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.52.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33057 DF PROTO=TCP SPT=36102 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:17:35 server83 letsencrypt.live.cgi: time="2025-11-09T07:17:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cityfingp WantedNames="[]" Nov 9 07:17:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60716 SEQ=1 Nov 9 07:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38498 SEQ=1 Nov 9 07:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60716 SEQ=1 Nov 9 07:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19934 SEQ=1 Nov 9 07:17:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=51642 PROTO=TCP SPT=47263 DPT=27816 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12103 SEQ=1 Nov 9 07:17:39 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 07:17:39 server83 systemd: Stopped Status Update Service. Nov 9 07:17:39 server83 systemd: Started Status Update Service. Nov 9 07:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37030 SEQ=1 Nov 9 07:17:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25728 PROTO=TCP SPT=60271 DPT=4836 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:17:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.119 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54342 DPT=8585 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:17:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.4 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=39019 PROTO=TCP SPT=26200 DPT=12113 WINDOW=14380 RES=0x00 SYN URGP=0 Nov 9 07:17:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.122 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=37426 PROTO=TCP SPT=42759 DPT=4460 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:17:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=52048 PROTO=TCP SPT=38807 DPT=32779 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53980 SEQ=1 Nov 9 07:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57636 SEQ=1 Nov 9 07:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53980 SEQ=1 Nov 9 07:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34172 SEQ=1 Nov 9 07:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60600 SEQ=1 Nov 9 07:17:50 server83 letsencrypt.live.cgi: time="2025-11-09T07:17:50+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vegkhanakhazana WantedNames="[]" error="Account is suspended" Nov 9 07:17:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:17:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28138 SEQ=1 Nov 9 07:18:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=25224 PROTO=TCP SPT=56972 DPT=8420 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:18:02 server83 systemd: Started Session 308268 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308269 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308270 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308272 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308271 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308273 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308274 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308275 of user root. Nov 9 07:18:02 server83 systemd: Started Session 308276 of user root. Nov 9 07:18:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:18:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:18:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34700 SEQ=1 Nov 9 07:18:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52295 DPT=8853 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:05 server83 letsencrypt.live.cgi: time="2025-11-09T07:18:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=calsolumberjackt WantedNames="[]" Nov 9 07:18:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12790 SEQ=1 Nov 9 07:18:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30145 SEQ=1 Nov 9 07:18:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.226 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7725 DF PROTO=TCP SPT=39306 DPT=6558 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:18:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52533 DPT=21000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65532 SEQ=1 Nov 9 07:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26016 SEQ=1 Nov 9 07:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14764 SEQ=1 Nov 9 07:18:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26169 PROTO=TCP SPT=52296 DPT=5488 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51521 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.165 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=38396 PROTO=TCP SPT=53794 DPT=6666 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:18:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46735 PROTO=TCP SPT=45727 DPT=32897 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 07:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 07:18:21 server83 letsencrypt.live.cgi: time="2025-11-09T07:18:21+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=reyanshivlogisti WantedNames="[]" error="Account is suspended" Nov 9 07:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33876 SEQ=1 Nov 9 07:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33876 SEQ=1 Nov 9 07:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61181 SEQ=1 Nov 9 07:18:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58316 SEQ=1 Nov 9 07:18:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27790 SEQ=1 Nov 9 07:18:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:18:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:18:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:18:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12511 DF PROTO=TCP SPT=63840 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:18:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12512 DF PROTO=TCP SPT=63840 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:18:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12513 DF PROTO=TCP SPT=63840 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:18:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=100.29.192.77 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=32592 DPT=554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.84.147 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=28464 PROTO=TCP SPT=46853 DPT=144 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60707 SEQ=1 Nov 9 07:18:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12514 DF PROTO=TCP SPT=63840 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33340 PROTO=TCP SPT=57411 DPT=1022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:36 server83 letsencrypt.live.cgi: time="2025-11-09T07:18:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=firstsaloan WantedNames="[]" Nov 9 07:18:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=100.29.192.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=29379 DPT=10554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43672 DPT=22000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60707 SEQ=1 Nov 9 07:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16574 SEQ=1 Nov 9 07:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9691 SEQ=1 Nov 9 07:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29656 SEQ=1 Nov 9 07:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20881 PROTO=TCP SPT=46370 DPT=2298 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:18:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12515 DF PROTO=TCP SPT=63840 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:18:44 server83 aibolit_wrapper[19595]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626529244014080.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626529244015084.txt --log=/tmp/malware_cleaner_log_17626529244015894.txt --progress=/tmp/malware_cleaner_progress_17626529244015676.json --csv_result=/tmp/revisium_csvfile_17626529244015774.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:18:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.208.10.94 DST=51.210.113.204 LEN=40 TOS=0x14 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50505 DPT=4460 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=58354 PROTO=TCP SPT=38878 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=12240 PROTO=TCP SPT=50456 DPT=3493 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:18:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.84.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39515 DPT=20004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=58355 PROTO=TCP SPT=38878 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:18:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=28198 PROTO=TCP SPT=50984 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64617 SEQ=1 Nov 9 07:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35710 SEQ=1 Nov 9 07:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43337 SEQ=1 Nov 9 07:18:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=28200 PROTO=TCP SPT=50984 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64617 SEQ=1 Nov 9 07:18:51 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.235.176.50 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=32903 DPT=123 LEN=200 Nov 9 07:18:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2686 SEQ=1 Nov 9 07:18:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:18:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sntadmission WantedNames="[]" Nov 9 07:18:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=28202 PROTO=TCP SPT=50984 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:18:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.20 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47419 DPT=20004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:18:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50483 SEQ=1 Nov 9 07:19:01 server83 systemd: Started Session 308278 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308277 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308279 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308280 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308281 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308283 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308284 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308282 of user root. Nov 9 07:19:01 server83 systemd: Started Session 308285 of user root. Nov 9 07:19:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3417 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:19:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:19:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=22853 PROTO=TCP SPT=21679 DPT=36022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:19:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18049 SEQ=1 Nov 9 07:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6312 SEQ=1 Nov 9 07:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18049 SEQ=1 Nov 9 07:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22225 SEQ=1 Nov 9 07:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=230 SEQ=1 Nov 9 07:19:08 server83 letsencrypt.live.cgi: time="2025-11-09T07:19:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=transverify WantedNames="[]" Nov 9 07:19:08 server83 pam_imunify_daemon.bin: time="2025-11-09T07:19:08+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6312 SEQ=1 Nov 9 07:19:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.138 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=57215 PROTO=TCP SPT=35962 DPT=8089 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:19:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.32 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=59501 DF PROTO=TCP SPT=38480 DPT=23080 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:19:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=33576 PROTO=TCP SPT=50272 DPT=12440 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:19:20 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:19:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=48522 DF PROTO=ICMP TYPE=8 CODE=0 ID=39839 SEQ=7867 Nov 9 07:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10122 SEQ=1 Nov 9 07:19:23 server83 letsencrypt.live.cgi: time="2025-11-09T07:19:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sopan WantedNames="[]" Nov 9 07:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52041 SEQ=1 Nov 9 07:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56699 SEQ=1 Nov 9 07:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42902 SEQ=1 Nov 9 07:19:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:19:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:19:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.155 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56035 DPT=31336 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:19:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38372 SEQ=1 Nov 9 07:19:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30847 SEQ=1 Nov 9 07:19:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35877 DPT=22000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:19:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34776 PROTO=TCP SPT=45727 DPT=33364 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:19:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=82.3.232.27 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=47 ID=47447 PROTO=UDP SPT=29163 DPT=21741 LEN=520 Nov 9 07:19:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3416 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58079 SEQ=1 Nov 9 07:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44374 SEQ=1 Nov 9 07:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22260 SEQ=1 Nov 9 07:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38372 SEQ=1 Nov 9 07:19:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=33009 PROTO=TCP SPT=54539 DPT=81 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:19:39 server83 letsencrypt.live.cgi: time="2025-11-09T07:19:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=brmemorialpublic WantedNames="[]" Nov 9 07:19:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62937 PROTO=TCP SPT=60252 DPT=9757 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:19:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34595 PROTO=TCP SPT=54739 DPT=2668 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:19:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7458 PROTO=TCP SPT=45727 DPT=33028 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:19:46 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:19:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3415 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:19:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.27 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52364 DPT=9840 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22869 SEQ=1 Nov 9 07:19:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54219 DPT=24172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:19:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.150 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49821 DPT=8111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:19:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=189.187.147.43 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=5764 PROTO=UDP SPT=46466 DPT=37046 LEN=520 Nov 9 07:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53296 SEQ=1 Nov 9 07:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9980 SEQ=1 Nov 9 07:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38638 SEQ=1 Nov 9 07:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45800 SEQ=1 Nov 9 07:19:55 server83 letsencrypt.live.cgi: time="2025-11-09T07:19:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=indikagr WantedNames="[]" Nov 9 07:19:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:20:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3423 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:20:01 server83 systemd: Started Session 308287 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308286 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308288 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308290 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308291 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308292 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308296 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308294 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308295 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308293 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308289 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308297 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308298 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308299 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308300 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308301 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308302 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308303 of user root. Nov 9 07:20:01 server83 systemd: Started Session 308304 of user root. Nov 9 07:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=49999 DF PROTO=ICMP TYPE=8 CODE=0 ID=59097 SEQ=49861 Nov 9 07:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40287 SEQ=1 Nov 9 07:20:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=61.166.210.220 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=44780 PROTO=TCP SPT=50712 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:20:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8788 SEQ=1 Nov 9 07:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60537 SEQ=1 Nov 9 07:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44676 SEQ=1 Nov 9 07:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44676 SEQ=1 Nov 9 07:20:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8788 SEQ=1 Nov 9 07:20:10 server83 letsencrypt.live.cgi: time="2025-11-09T07:20:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rtcfactories WantedNames="[]" Nov 9 07:20:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=49861 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.39 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=51011 DF PROTO=TCP SPT=41014 DPT=28658 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46575 SEQ=1 Nov 9 07:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3735 SEQ=1 Nov 9 07:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19533 SEQ=1 Nov 9 07:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11875 SEQ=1 Nov 9 07:20:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.37 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=61973 PROTO=TCP SPT=46615 DPT=40741 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10920 SEQ=1 Nov 9 07:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10920 SEQ=1 Nov 9 07:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31276 SEQ=1 Nov 9 07:20:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=57199 PROTO=TCP SPT=50272 DPT=16421 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3414 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33514 PROTO=TCP SPT=42101 DPT=5142 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58405 SEQ=1 Nov 9 07:20:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:20:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27986 SEQ=1 Nov 9 07:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27986 SEQ=1 Nov 9 07:20:36 server83 letsencrypt.live.cgi: time="2025-11-09T07:20:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=visionarytrading WantedNames="[]" Nov 9 07:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14000 SEQ=1 Nov 9 07:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5871 SEQ=1 Nov 9 07:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36307 SEQ=1 Nov 9 07:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.155 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55016 DPT=9333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:20:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42931 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.165.139 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33052 DPT=2005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3444 SEQ=1 Nov 9 07:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43357 SEQ=1 Nov 9 07:20:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:20:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gqccert WantedNames="[]" Nov 9 07:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33031 SEQ=1 Nov 9 07:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50859 SEQ=1 Nov 9 07:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42356 SEQ=1 Nov 9 07:20:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24586 PROTO=TCP SPT=52773 DPT=34344 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:20:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.86.115.97 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=22969 PROTO=TCP SPT=47379 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.134 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47571 DPT=7077 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4493] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4496] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4497] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4499] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4508] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4510] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:20:59 server83 NetworkManager[922]: <info> [1762653059.4519] dhcp4 (eth1): dhclient started with pid 23151 Nov 9 07:20:59 server83 dhclient[23151]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x14a9b93f) Nov 9 07:21:01 server83 systemd: Started Session 308306 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308307 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308305 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308308 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308309 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308310 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308311 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308312 of user root. Nov 9 07:21:01 server83 systemd: Started Session 308313 of user root. Nov 9 07:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.96 DST=51.210.113.204 LEN=76 TOS=0x00 PREC=0x00 TTL=109 ID=46988 DF PROTO=ICMP TYPE=8 CODE=0 ID=46295 SEQ=31096 Nov 9 07:21:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2830 PROTO=TCP SPT=50288 DPT=12121 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43510 SEQ=1 Nov 9 07:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18697 SEQ=1 Nov 9 07:21:03 server83 dhclient[23151]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x14a9b93f) Nov 9 07:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18697 SEQ=1 Nov 9 07:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65443 SEQ=1 Nov 9 07:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45782 SEQ=1 Nov 9 07:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43510 SEQ=1 Nov 9 07:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35301 SEQ=1 Nov 9 07:21:07 server83 letsencrypt.live.cgi: time="2025-11-09T07:21:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=x47recovery WantedNames="[]" Nov 9 07:21:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12516 DF PROTO=TCP SPT=51759 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:21:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12517 DF PROTO=TCP SPT=51759 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:21:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=42233 PROTO=TCP SPT=33997 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:21:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12518 DF PROTO=TCP SPT=51759 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:21:13 server83 dhclient[23151]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x14a9b93f) Nov 9 07:21:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12519 DF PROTO=TCP SPT=51759 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:21:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29808 SEQ=1 Nov 9 07:21:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55988 DPT=5400 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50610 SEQ=1 Nov 9 07:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29699 SEQ=1 Nov 9 07:21:23 server83 letsencrypt.live.cgi: time="2025-11-09T07:21:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rnsiti WantedNames="[]" Nov 9 07:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.96 DST=51.210.113.204 LEN=76 TOS=0x00 PREC=0x00 TTL=109 ID=48433 DF PROTO=ICMP TYPE=8 CODE=0 ID=46295 SEQ=60795 Nov 9 07:21:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12520 DF PROTO=TCP SPT=51759 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28441 SEQ=1 Nov 9 07:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26253 SEQ=1 Nov 9 07:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=62577 DF PROTO=ICMP TYPE=8 CODE=0 ID=19591 SEQ=52957 Nov 9 07:21:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:21:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=56386 DF PROTO=ICMP TYPE=8 CODE=0 ID=16547 SEQ=4821 Nov 9 07:21:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47960 DPT=6161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:21:30 server83 dhclient[23151]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x14a9b93f) Nov 9 07:21:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.152 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=7026 DF PROTO=TCP SPT=20134 DPT=9607 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33188 SEQ=1 Nov 9 07:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17503 SEQ=1 Nov 9 07:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15924 SEQ=1 Nov 9 07:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46915 SEQ=1 Nov 9 07:21:39 server83 letsencrypt.live.cgi: time="2025-11-09T07:21:39+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=hdprintportal WantedNames="[]" error="Account is suspended" Nov 9 07:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.138.148.220 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=33246 DF PROTO=ICMP TYPE=8 CODE=0 ID=35308 SEQ=36038 Nov 9 07:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33188 SEQ=1 Nov 9 07:21:41 server83 dhclient[23151]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x14a9b93f) Nov 9 07:21:44 server83 NetworkManager[922]: <warn> [1762653104.4393] dhcp4 (eth1): request timed out Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4472] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23151 Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4472] dhcp4 (eth1): state changed timeout -> done Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4474] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:21:44 server83 NetworkManager[922]: <warn> [1762653104.4479] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4481] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4517] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4521] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4522] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4527] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4538] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4541] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:21:44 server83 NetworkManager[922]: <info> [1762653104.4553] dhcp4 (eth1): dhclient started with pid 26068 Nov 9 07:21:44 server83 dhclient[26068]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7a8ce4be) Nov 9 07:21:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.102 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55585 DPT=33322 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8239 SEQ=1 Nov 9 07:21:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=19345 PROTO=TCP SPT=52789 DPT=31798 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2476 SEQ=1 Nov 9 07:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.18.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60683 DPT=7077 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:21:51 server83 dhclient[26068]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x7a8ce4be) Nov 9 07:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23447 SEQ=1 Nov 9 07:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51942 SEQ=1 Nov 9 07:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.131.187.204 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=14958 PROTO=TCP SPT=61015 DPT=8001 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48959 SEQ=1 Nov 9 07:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23447 SEQ=1 Nov 9 07:21:53 server83 scripts.sh: Sun Nov 9 07:21:53 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2476 SEQ=1 Nov 9 07:21:54 server83 letsencrypt.live.cgi: time="2025-11-09T07:21:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kalagas WantedNames="[]" Nov 9 07:22:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=53423 DPT=717 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:22:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48735 PROTO=TCP SPT=45727 DPT=34154 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:22:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:22:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:22:01 server83 systemd: Started Session 308316 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308314 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308317 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308315 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308318 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308319 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308320 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308321 of user root. Nov 9 07:22:01 server83 systemd: Started Session 308322 of user root. Nov 9 07:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9613 SEQ=1 Nov 9 07:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18848 SEQ=1 Nov 9 07:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8882 SEQ=1 Nov 9 07:22:02 server83 dhclient[26068]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7a8ce4be) Nov 9 07:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48408 SEQ=1 Nov 9 07:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9613 SEQ=1 Nov 9 07:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18848 SEQ=1 Nov 9 07:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61184 SEQ=1 Nov 9 07:22:09 server83 aibolit_wrapper[26728]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626531298851714.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626531298853564.txt --log=/tmp/malware_cleaner_log_17626531298855408.txt --progress=/tmp/malware_cleaner_progress_17626531298854838.json --csv_result=/tmp/revisium_csvfile_17626531298855056.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:22:10 server83 letsencrypt.live.cgi: time="2025-11-09T07:22:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=chanakyavidyapit WantedNames="[]" Nov 9 07:22:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:22:16 server83 dhclient[26068]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x7a8ce4be) Nov 9 07:22:17 server83 aibolit_wrapper[26905]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626531375320456.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626531375323086.txt --progress=/tmp/malware_cleaner_progress_17626531375322656.json --csv_result=/tmp/revisium_csvfile_17626531375322818.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:22:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3422 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:22:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55196 PROTO=TCP SPT=65258 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55197 PROTO=TCP SPT=65258 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17931 PROTO=TCP SPT=46815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55198 PROTO=TCP SPT=65258 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:20 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:22:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17932 PROTO=TCP SPT=46815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21081 SEQ=1 Nov 9 07:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21666 SEQ=1 Nov 9 07:22:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17933 PROTO=TCP SPT=46815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26868 SEQ=1 Nov 9 07:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31864 SEQ=1 Nov 9 07:22:23 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:22:23 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:22:23 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32989 SEQ=1 Nov 9 07:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21081 SEQ=1 Nov 9 07:22:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17935 PROTO=TCP SPT=46815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:22:25 server83 dhclient[26068]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x7a8ce4be) Nov 9 07:22:25 server83 letsencrypt.live.cgi: time="2025-11-09T07:22:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=lucky WantedNames="[]" Nov 9 07:22:29 server83 NetworkManager[922]: <warn> [1762653149.4512] dhcp4 (eth1): request timed out Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4512] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4672] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26068 Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4672] dhcp4 (eth1): state changed timeout -> done Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4675] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:22:29 server83 NetworkManager[922]: <warn> [1762653149.4680] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4682] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4714] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4717] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4718] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4724] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4734] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4739] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:22:29 server83 NetworkManager[922]: <info> [1762653149.4750] dhcp4 (eth1): dhclient started with pid 27289 Nov 9 07:22:29 server83 dhclient[27289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x342d5d41) Nov 9 07:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49156 SEQ=1 Nov 9 07:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42446 SEQ=1 Nov 9 07:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36103 SEQ=1 Nov 9 07:22:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59187 PROTO=TCP SPT=46370 DPT=1990 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:22:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24792 SEQ=1 Nov 9 07:22:36 server83 dhclient[27289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x342d5d41) Nov 9 07:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42087 SEQ=1 Nov 9 07:22:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.222 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53224 DPT=42713 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:22:41 server83 letsencrypt.live.cgi: time="2025-11-09T07:22:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=zenithcourierlog WantedNames="[]" Nov 9 07:22:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.78.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36965 DPT=6668 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:22:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.119 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=15595 DF PROTO=TCP SPT=65190 DPT=9000 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:22:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.159 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=56222 DF PROTO=TCP SPT=49356 DPT=9765 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:22:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44843 PROTO=TCP SPT=35991 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:22:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.134 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1122 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59593 SEQ=1 Nov 9 07:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12562 SEQ=1 Nov 9 07:22:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.193.130 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=55011 PROTO=TCP SPT=43923 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:22:51 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.123 DST=51.210.113.204 LEN=78 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=57016 DPT=1137 LEN=58 Nov 9 07:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53320 SEQ=1 Nov 9 07:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17514 SEQ=1 Nov 9 07:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61023 SEQ=1 Nov 9 07:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12562 SEQ=1 Nov 9 07:22:55 server83 dhclient[27289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x342d5d41) Nov 9 07:22:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.132.41 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37267 DPT=6668 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:22:57 server83 letsencrypt.live.cgi: time="2025-11-09T07:22:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=transedgecargo WantedNames="[]" Nov 9 07:22:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2930 PROTO=TCP SPT=43739 DPT=2678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:23:01 server83 systemd: Started Session 308323 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308325 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308327 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308326 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308328 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308324 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308329 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308330 of user root. Nov 9 07:23:01 server83 systemd: Started Session 308331 of user root. Nov 9 07:23:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13845 SEQ=1 Nov 9 07:23:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21968 SEQ=1 Nov 9 07:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48547 SEQ=1 Nov 9 07:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46883 SEQ=1 Nov 9 07:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5103 SEQ=1 Nov 9 07:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30003 SEQ=1 Nov 9 07:23:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.127 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56089 DPT=9533 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9544 PROTO=TCP SPT=49956 DPT=25388 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:23:11 server83 dhclient[27289]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x342d5d41) Nov 9 07:23:12 server83 letsencrypt.live.cgi: time="2025-11-09T07:23:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=samajdharmevamda WantedNames="[]" Nov 9 07:23:14 server83 NetworkManager[922]: <warn> [1762653194.4503] dhcp4 (eth1): request timed out Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27289 Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:23:14 server83 NetworkManager[922]: <warn> [1762653194.4674] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4677] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4710] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4716] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4717] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4722] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4734] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4737] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:23:14 server83 NetworkManager[922]: <info> [1762653194.4751] dhcp4 (eth1): dhclient started with pid 28305 Nov 9 07:23:14 server83 dhclient[28305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x3533b173) Nov 9 07:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1723 PROTO=TCP SPT=45727 DPT=31395 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:23:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:23:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31835 SEQ=1 Nov 9 07:23:20 server83 dhclient[28305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x3533b173) Nov 9 07:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16251 PROTO=TCP SPT=41363 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61551 SEQ=1 Nov 9 07:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29576 SEQ=1 Nov 9 07:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60313 SEQ=1 Nov 9 07:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16252 PROTO=TCP SPT=41363 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1715 SEQ=1 Nov 9 07:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62902 SEQ=1 Nov 9 07:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26019 PROTO=TCP SPT=51225 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16253 PROTO=TCP SPT=41363 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26020 PROTO=TCP SPT=51225 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16254 PROTO=TCP SPT=41363 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.211.100.224 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=25012 PROTO=TCP SPT=61013 DPT=8808 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:23:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26023 PROTO=TCP SPT=51225 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:23:29 server83 dhclient[28305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3533b173) Nov 9 07:23:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:23:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:23:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53639 DPT=8178 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:23:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21707 SEQ=1 Nov 9 07:23:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51017 SEQ=1 Nov 9 07:23:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38682 SEQ=1 Nov 9 07:23:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1300 SEQ=1 Nov 9 07:23:38 server83 letsencrypt.live.cgi: time="2025-11-09T07:23:38+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kblelectrical WantedNames="[]" Nov 9 07:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31446 SEQ=1 Nov 9 07:23:45 server83 dhclient[28305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3533b173) Nov 9 07:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:23:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.46.228.199 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=15403 PROTO=TCP SPT=41600 DPT=953 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.224 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=41389 PROTO=TCP SPT=54179 DPT=5910 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48229 SEQ=1 Nov 9 07:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55864 SEQ=1 Nov 9 07:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41165 SEQ=1 Nov 9 07:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42826 SEQ=1 Nov 9 07:23:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9760 PROTO=TCP SPT=58603 DPT=33891 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29523 SEQ=1 Nov 9 07:23:54 server83 letsencrypt.live.cgi: time="2025-11-09T07:23:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=udaipurtouristta WantedNames="[]" error="Account is suspended" Nov 9 07:23:55 server83 dhclient[28305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3533b173) Nov 9 07:23:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:23:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21670 PROTO=TCP SPT=46370 DPT=1323 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:23:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=25457 PROTO=TCP SPT=52773 DPT=40965 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:23:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.81.120.183 DST=145.239.177.179 LEN=112 TOS=0x00 PREC=0x00 TTL=51 ID=42735 DF PROTO=UDP SPT=61135 DPT=11211 LEN=92 Nov 9 07:23:59 server83 NetworkManager[922]: <warn> [1762653239.4513] dhcp4 (eth1): request timed out Nov 9 07:23:59 server83 NetworkManager[922]: <info> [1762653239.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:23:59 server83 NetworkManager[922]: <info> [1762653239.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28305 Nov 9 07:23:59 server83 NetworkManager[922]: <info> [1762653239.4673] dhcp4 (eth1): state changed timeout -> done Nov 9 07:23:59 server83 NetworkManager[922]: <info> [1762653239.4675] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:23:59 server83 NetworkManager[922]: <warn> [1762653239.4680] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:23:59 server83 NetworkManager[922]: <info> [1762653239.4682] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:24:01 server83 systemd: Started Session 308332 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308334 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308335 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308337 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308333 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308338 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308336 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308339 of user root. Nov 9 07:24:01 server83 systemd: Started Session 308340 of user root. Nov 9 07:24:01 server83 systemd: Started Session c2847 of user root. Nov 9 07:24:02 server83 scripts.sh: Load Average: 2.25 , 2.53 Nov 9 07:24:02 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 07:24:02 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 07:24:02 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 07:24:02 server83 scripts.sh: HTTPD Status: inactive Nov 9 07:24:02 server83 scripts.sh: MySQL Status: active Nov 9 07:24:02 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 07:24:02 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 07:24:02 server83 scripts.sh: SSHD Status: active Nov 9 07:24:02 server83 scripts.sh: FTP Status: active Nov 9 07:24:02 server83 scripts.sh: LiteSpeed Status: Active Nov 9 07:24:02 server83 scripts.sh: Imunify Status: Active Nov 9 07:24:02 server83 scripts.sh: cPanel Status: active Nov 9 07:24:02 server83 scripts.sh: Memory Status: 12/31 GB - 39.65% Nov 9 07:24:02 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 07:24:02 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 07:24:02 server83 scripts.sh: Local Version: 4.4.5 Nov 9 07:24:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.85.120 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=20290 DF PROTO=TCP SPT=21314 DPT=8827 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 07:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8983 SEQ=1 Nov 9 07:24:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46620 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65114 SEQ=1 Nov 9 07:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21359 SEQ=1 Nov 9 07:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14212 SEQ=1 Nov 9 07:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=12 DF PROTO=ICMP TYPE=8 CODE=0 ID=47820 SEQ=13586 Nov 9 07:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8983 SEQ=1 Nov 9 07:24:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=9830 PROTO=TCP SPT=56114 DPT=7805 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:24:10 server83 letsencrypt.live.cgi: time="2025-11-09T07:24:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=iirdindi WantedNames="[]" Nov 9 07:24:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58313 SEQ=1 Nov 9 07:24:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.141.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=53895 DPT=8448 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5430 SEQ=1 Nov 9 07:24:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44586 SEQ=1 Nov 9 07:24:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=46188 DPT=8448 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25149 SEQ=1 Nov 9 07:24:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3421 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:24:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7587 SEQ=1 Nov 9 07:24:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41112 PROTO=TCP SPT=44992 DPT=8013 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2509 PROTO=TCP SPT=40630 DPT=2869 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:24:26 server83 letsencrypt.live.cgi: time="2025-11-09T07:24:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rackup WantedNames="[]" Nov 9 07:24:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3413 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:24:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33060 PROTO=TCP SPT=39090 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:24:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33061 PROTO=TCP SPT=39090 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.159 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=20591 PROTO=TCP SPT=62040 DPT=19847 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59675 PROTO=TCP SPT=54250 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33062 PROTO=TCP SPT=39090 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57704 PROTO=TCP SPT=35514 DPT=4050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58481 SEQ=1 Nov 9 07:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15620 SEQ=1 Nov 9 07:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40992 SEQ=1 Nov 9 07:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14244 SEQ=1 Nov 9 07:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38383 SEQ=1 Nov 9 07:24:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59676 PROTO=TCP SPT=54250 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:24:38 server83 pam_imunify_daemon.bin: time="2025-11-09T07:24:38+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:24:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59678 PROTO=TCP SPT=54250 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:24:41 server83 letsencrypt.live.cgi: time="2025-11-09T07:24:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wacu WantedNames="[]" Nov 9 07:24:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52024 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39370 PROTO=TCP SPT=41407 DPT=6575 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:24:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26368 SEQ=1 Nov 9 07:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15567 SEQ=1 Nov 9 07:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26511 SEQ=1 Nov 9 07:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26368 SEQ=1 Nov 9 07:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63944 SEQ=1 Nov 9 07:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35676 SEQ=1 Nov 9 07:24:57 server83 letsencrypt.live.cgi: time="2025-11-09T07:24:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=legalmindz WantedNames="[]" Nov 9 07:24:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.254 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=39248 DF PROTO=TCP SPT=19870 DPT=9575 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:25:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15842 SEQ=1 Nov 9 07:25:01 server83 systemd: Started Session 308341 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308342 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308343 of user root. Nov 9 07:25:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:25:01 server83 systemd: Started Session 308348 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308350 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308346 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308345 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308349 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308352 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308347 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308355 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308344 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308353 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308357 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308356 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308354 of user root. Nov 9 07:25:01 server83 systemd: Started Session 308351 of user root. Nov 9 07:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:25:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27124 SEQ=1 Nov 9 07:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6920 SEQ=1 Nov 9 07:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12921 SEQ=1 Nov 9 07:25:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8756 PROTO=TCP SPT=36319 DPT=7578 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:25:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=48259 PROTO=TCP SPT=14539 DPT=11211 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:25:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24018 SEQ=1 Nov 9 07:25:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1632 PROTO=TCP SPT=43448 DPT=2518 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:25:13 server83 letsencrypt.live.cgi: time="2025-11-09T07:25:13+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sspamahavidyalay WantedNames="[]" Nov 9 07:25:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53161 SEQ=1 Nov 9 07:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13471 SEQ=1 Nov 9 07:25:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3420 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16055 SEQ=1 Nov 9 07:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16055 SEQ=1 Nov 9 07:25:23 server83 aibolit_wrapper[31759]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626533234048044.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626533234049726.txt --log=/tmp/malware_cleaner_log_17626533234051156.txt --progress=/tmp/malware_cleaner_progress_17626533234050792.json --csv_result=/tmp/revisium_csvfile_17626533234050962.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13471 SEQ=1 Nov 9 07:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59958 SEQ=1 Nov 9 07:25:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.249 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49702 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:25:28 server83 letsencrypt.live.cgi: time="2025-11-09T07:25:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crmjatanexportsc WantedNames="[]" Nov 9 07:25:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.191.209.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40853 PROTO=TCP SPT=41356 DPT=26000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53474 SEQ=1 Nov 9 07:25:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:25:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12082 SEQ=1 Nov 9 07:25:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=22671 PROTO=TCP SPT=21679 DPT=1723 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14694 SEQ=1 Nov 9 07:25:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60461 DPT=3629 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7882 SEQ=1 Nov 9 07:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53474 SEQ=1 Nov 9 07:25:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23934 SEQ=1 Nov 9 07:25:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45916 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:25:44 server83 letsencrypt.live.cgi: time="2025-11-09T07:25:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dsmmv WantedNames="[]" Nov 9 07:25:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:25:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36302 PROTO=TCP SPT=47461 DPT=4677 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18889 SEQ=1 Nov 9 07:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2589 SEQ=1 Nov 9 07:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37925 SEQ=1 Nov 9 07:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2589 SEQ=1 Nov 9 07:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9709 SEQ=1 Nov 9 07:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9709 SEQ=1 Nov 9 07:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8009 SEQ=1 Nov 9 07:25:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8715 PROTO=TCP SPT=49956 DPT=29017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:25:59 server83 letsencrypt.live.cgi: time="2025-11-09T07:25:59+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=muskanmusic WantedNames="[]" error="Account is suspended" Nov 9 07:26:01 server83 systemd: Started Session 308360 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308358 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308362 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308361 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308359 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308363 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308364 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308365 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308366 of user root. Nov 9 07:26:01 server83 systemd: Started Session 308367 of user root. Nov 9 07:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:26:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12773 SEQ=1 Nov 9 07:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.188 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=22249 DF PROTO=TCP SPT=4148 DPT=10006 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:26:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.167 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56067 DPT=541 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:26:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.105.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54544 DPT=20005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:26:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.69 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55578 DPT=16097 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:26:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3419 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:26:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:26:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=legalmoth WantedNames="[]" Nov 9 07:26:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.234 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=49626 PROTO=TCP SPT=17558 DPT=43290 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:26:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65228 SEQ=1 Nov 9 07:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57412 SEQ=1 Nov 9 07:26:20 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12096 SEQ=1 Nov 9 07:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12096 SEQ=1 Nov 9 07:26:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39788 SEQ=1 Nov 9 07:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8751 SEQ=1 Nov 9 07:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57971 SEQ=1 Nov 9 07:26:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54635 PROTO=TCP SPT=33263 DPT=7647 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:26:30 server83 letsencrypt.live.cgi: time="2025-11-09T07:26:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=psmabvs WantedNames="[]" Nov 9 07:26:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23604 SEQ=1 Nov 9 07:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46200 SEQ=1 Nov 9 07:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30370 SEQ=1 Nov 9 07:26:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=5.188.206.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49381 PROTO=TCP SPT=40590 DPT=45000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54718 SEQ=1 Nov 9 07:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57535 SEQ=1 Nov 9 07:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3418 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:26:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=51955 PROTO=TCP SPT=56337 DPT=505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:26:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.119 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=30155 PROTO=TCP SPT=39197 DPT=5323 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:26:46 server83 pam_imunify_daemon.bin: time="2025-11-09T07:26:46+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:26:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:26:46 server83 letsencrypt.live.cgi: time="2025-11-09T07:26:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=milcome WantedNames="[]" Nov 9 07:26:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36311 PROTO=TCP SPT=49956 DPT=29073 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59767 SEQ=1 Nov 9 07:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59767 SEQ=1 Nov 9 07:26:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3412 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61913 SEQ=1 Nov 9 07:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54295 SEQ=1 Nov 9 07:26:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22875 SEQ=1 Nov 9 07:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24822 SEQ=1 Nov 9 07:26:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=19427 PROTO=TCP SPT=59070 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19722 PROTO=TCP SPT=59311 DPT=4158 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:27:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:27:01 server83 systemd: Started Session 308368 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308370 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308371 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308372 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308369 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308373 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308374 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308375 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308376 of user root. Nov 9 07:27:01 server83 systemd: Started Session 308377 of user root. Nov 9 07:27:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.58 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43008 DPT=4434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:02 server83 letsencrypt.live.cgi: time="2025-11-09T07:27:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sainteperinehosp WantedNames="[]" Nov 9 07:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21403 SEQ=1 Nov 9 07:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42049 SEQ=1 Nov 9 07:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51239 SEQ=1 Nov 9 07:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42049 SEQ=1 Nov 9 07:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54322 SEQ=1 Nov 9 07:27:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19838 SEQ=1 Nov 9 07:27:10 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 07:27:10 server83 systemd: Stopped Status Update Service. Nov 9 07:27:10 server83 systemd: Started Status Update Service. Nov 9 07:27:15 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:27:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.251 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=35 ID=13691 PROTO=UDP SPT=9244 DPT=35620 LEN=32 Nov 9 07:27:17 server83 letsencrypt.live.cgi: time="2025-11-09T07:27:17+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sara0402 WantedNames="[]" error="Account is suspended" Nov 9 07:27:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47932 SEQ=1 Nov 9 07:27:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33536 SEQ=1 Nov 9 07:27:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33328 SEQ=1 Nov 9 07:27:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43284 SEQ=1 Nov 9 07:27:25 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:27:25 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:27:25 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:27:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58005 DPT=18443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37921 SEQ=1 Nov 9 07:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28265 SEQ=1 Nov 9 07:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62458 SEQ=1 Nov 9 07:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37921 SEQ=1 Nov 9 07:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9034 SEQ=1 Nov 9 07:27:33 server83 letsencrypt.live.cgi: time="2025-11-09T07:27:33+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=anamphar WantedNames="[]" error="Account is suspended" Nov 9 07:27:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=8860 PROTO=TCP SPT=56256 DPT=8001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:27:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5420 PROTO=TCP SPT=57143 DPT=8619 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:27:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36442 PROTO=TCP SPT=36769 DPT=5357 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:27:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12521 DF PROTO=TCP SPT=26576 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:27:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.189 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51283 DPT=18443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12522 DF PROTO=TCP SPT=26576 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:27:48 server83 letsencrypt.live.cgi: time="2025-11-09T07:27:48+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=camayurco WantedNames="[]" Nov 9 07:27:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12523 DF PROTO=TCP SPT=26576 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21607 SEQ=1 Nov 9 07:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21091 SEQ=1 Nov 9 07:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60817 SEQ=1 Nov 9 07:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60817 SEQ=1 Nov 9 07:27:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26350 PROTO=TCP SPT=43457 DPT=2499 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21607 SEQ=1 Nov 9 07:27:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55643 DPT=9456 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31061 SEQ=1 Nov 9 07:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12524 DF PROTO=TCP SPT=26576 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:27:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=352 SEQ=1 Nov 9 07:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13765 PROTO=TCP SPT=42239 DPT=6665 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:28:01 server83 systemd: Started Session 308378 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308379 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308380 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308381 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308384 of user root. Nov 9 07:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 07:28:01 server83 systemd: Started Session 308382 of user metalarts. Nov 9 07:28:01 server83 systemd: Started Session 308383 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308385 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308386 of user root. Nov 9 07:28:01 server83 systemd: Started Session 308387 of user root. Nov 9 07:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 07:28:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=31283 PROTO=TCP SPT=56753 DPT=8116 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:28:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12525 DF PROTO=TCP SPT=26576 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.78.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34822 DPT=6281 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.174 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53964 DPT=25160 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:28:04 server83 letsencrypt.live.cgi: time="2025-11-09T07:28:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=stargrouponline WantedNames="[]" Nov 9 07:28:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=36847 PROTO=TCP SPT=39271 DPT=3006 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7669 SEQ=1 Nov 9 07:28:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12526 DF PROTO=TCP SPT=26943 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7109 SEQ=1 Nov 9 07:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7109 SEQ=1 Nov 9 07:28:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.31 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52575 PROTO=TCP SPT=55466 DPT=4841 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:28:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12527 DF PROTO=TCP SPT=26943 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12939 SEQ=1 Nov 9 07:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15694 SEQ=1 Nov 9 07:28:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12528 DF PROTO=TCP SPT=26943 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.215.226 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=0 DF PROTO=TCP SPT=59426 DPT=6008 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:28:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12529 DF PROTO=TCP SPT=26943 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6078 PROTO=TCP SPT=39988 DPT=4369 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:28:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37293 SEQ=1 Nov 9 07:28:19 server83 letsencrypt.live.cgi: time="2025-11-09T07:28:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bharathmatrimo WantedNames="[]" Nov 9 07:28:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39784 SEQ=1 Nov 9 07:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 07:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 07:28:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12530 DF PROTO=TCP SPT=61751 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12531 DF PROTO=TCP SPT=61756 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61803 SEQ=1 Nov 9 07:28:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12532 DF PROTO=TCP SPT=61751 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37293 SEQ=1 Nov 9 07:28:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12533 DF PROTO=TCP SPT=61756 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25842 SEQ=1 Nov 9 07:28:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12534 DF PROTO=TCP SPT=26943 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39036 SEQ=1 Nov 9 07:28:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12535 DF PROTO=TCP SPT=61751 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12537 DF PROTO=TCP SPT=61751 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12538 DF PROTO=TCP SPT=61756 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1554 SEQ=1 Nov 9 07:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64214 PROTO=TCP SPT=45727 DPT=31282 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10383 SEQ=1 Nov 9 07:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21929 SEQ=1 Nov 9 07:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51803 SEQ=1 Nov 9 07:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47270 SEQ=1 Nov 9 07:28:34 server83 aibolit_wrapper[4030]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626535147545364.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626535147547078.txt --log=/tmp/malware_cleaner_log_17626535147549046.txt --progress=/tmp/malware_cleaner_progress_17626535147548516.json --csv_result=/tmp/revisium_csvfile_17626535147548744.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:28:35 server83 letsencrypt.live.cgi: time="2025-11-09T07:28:35+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=digital1978 WantedNames="[]" error="Account is suspended" Nov 9 07:28:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12539 DF PROTO=TCP SPT=61751 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12540 DF PROTO=TCP SPT=61756 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=7025 DF PROTO=ICMP TYPE=8 CODE=0 ID=5616 SEQ=17016 Nov 9 07:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47270 SEQ=1 Nov 9 07:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25810 SEQ=1 Nov 9 07:28:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.190.17.190 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=48711 PROTO=TCP SPT=61005 DPT=1224 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:28:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22337 PROTO=TCP SPT=33926 DPT=4166 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:28:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:28:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43204 SEQ=1 Nov 9 07:28:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58961 SEQ=1 Nov 9 07:28:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37148 SEQ=1 Nov 9 07:28:50 server83 letsencrypt.live.cgi: time="2025-11-09T07:28:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=godietsi WantedNames="[]" Nov 9 07:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45317 SEQ=1 Nov 9 07:28:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.89 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=41668 PROTO=TCP SPT=59100 DPT=6281 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4531] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4537] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4539] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4544] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4556] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4560] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:28:59 server83 NetworkManager[922]: <info> [1762653539.4575] dhcp4 (eth1): dhclient started with pid 4659 Nov 9 07:28:59 server83 dhclient[4659]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x202c84fc) Nov 9 07:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:29:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:29:01 server83 systemd: Started Session 308388 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308389 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308390 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308391 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308392 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308393 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308395 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308394 of user root. Nov 9 07:29:01 server83 systemd: Started Session 308396 of user root. Nov 9 07:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13515 SEQ=1 Nov 9 07:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63109 SEQ=1 Nov 9 07:29:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=18026 PROTO=TCP SPT=63739 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=18027 PROTO=TCP SPT=63739 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:06 server83 letsencrypt.live.cgi: time="2025-11-09T07:29:06+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=suryodayahospita WantedNames="[]" error="Account is suspended" Nov 9 07:29:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45414 SEQ=1 Nov 9 07:29:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37074 SEQ=1 Nov 9 07:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13236 PROTO=TCP SPT=65239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=18028 PROTO=TCP SPT=63739 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:07 server83 dhclient[4659]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x202c84fc) Nov 9 07:29:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13237 PROTO=TCP SPT=65239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=18029 PROTO=TCP SPT=63739 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64919 SEQ=1 Nov 9 07:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25300 SEQ=1 Nov 9 07:29:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13238 PROTO=TCP SPT=65239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37074 SEQ=1 Nov 9 07:29:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13240 PROTO=TCP SPT=65239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:29:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11103 SEQ=1 Nov 9 07:29:17 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:29:17 server83 dhclient[4659]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x202c84fc) Nov 9 07:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8766 SEQ=1 Nov 9 07:29:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:29:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8703 SEQ=1 Nov 9 07:29:21 server83 letsencrypt.live.cgi: time="2025-11-09T07:29:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rnsmahav WantedNames="[]" Nov 9 07:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44604 SEQ=1 Nov 9 07:29:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.121 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=13095 PROTO=TCP SPT=41676 DPT=25461 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42219 SEQ=1 Nov 9 07:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42219 SEQ=1 Nov 9 07:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=111.119.212.202 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=57710 DF PROTO=ICMP TYPE=8 CODE=0 ID=54314 SEQ=49723 Nov 9 07:29:31 server83 dhclient[4659]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x202c84fc) Nov 9 07:29:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:29:37 server83 letsencrypt.live.cgi: time="2025-11-09T07:29:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sseducation WantedNames="[]" Nov 9 07:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9961 SEQ=1 Nov 9 07:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43389 SEQ=1 Nov 9 07:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13551 SEQ=1 Nov 9 07:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33974 SEQ=1 Nov 9 07:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43389 SEQ=1 Nov 9 07:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9961 SEQ=1 Nov 9 07:29:44 server83 NetworkManager[922]: <warn> [1762653584.4513] dhcp4 (eth1): request timed out Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4674] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4659 Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4676] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:29:44 server83 NetworkManager[922]: <warn> [1762653584.4681] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4683] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4716] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4720] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4720] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4724] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4734] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4736] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:29:44 server83 NetworkManager[922]: <info> [1762653584.4749] dhcp4 (eth1): dhclient started with pid 6182 Nov 9 07:29:44 server83 dhclient[6182]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x3cd54a0) Nov 9 07:29:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:29:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50194 SEQ=1 Nov 9 07:29:49 server83 dhclient[6182]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3cd54a0) Nov 9 07:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10433 SEQ=1 Nov 9 07:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11513 SEQ=1 Nov 9 07:29:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3410 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42073 SEQ=1 Nov 9 07:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64331 SEQ=1 Nov 9 07:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64331 SEQ=1 Nov 9 07:29:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:29:52+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=taxiserviceinuda WantedNames="[]" error="Account is suspended" Nov 9 07:29:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.84.110 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=33985 DPT=8384 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:29:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:29:56 server83 dhclient[6182]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3cd54a0) Nov 9 07:30:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.233 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52009 DPT=9561 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:30:01 server83 systemd: Started Session 308397 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308399 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308398 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308400 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308404 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308403 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308405 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308401 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308406 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308402 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308407 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308408 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308409 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308410 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308411 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308412 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308413 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308414 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308416 of user root. Nov 9 07:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 07:30:01 server83 systemd: Started Session 308415 of user sanatanhinduvahi. Nov 9 07:30:01 server83 systemd: Started Session 308417 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308418 of user root. Nov 9 07:30:01 server83 systemd: Started Session 308419 of user root. Nov 9 07:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 07:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5396 SEQ=1 Nov 9 07:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16769 SEQ=1 Nov 9 07:30:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33924 PROTO=TCP SPT=46370 DPT=1895 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:06 server83 dhclient[6182]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3cd54a0) Nov 9 07:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8778 SEQ=1 Nov 9 07:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16769 SEQ=1 Nov 9 07:30:07 server83 letsencrypt.live.cgi: time="2025-11-09T07:30:07+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=poorvankfoods WantedNames="[]" error="Account is suspended" Nov 9 07:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20014 SEQ=1 Nov 9 07:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21290 SEQ=1 Nov 9 07:30:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.30 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=57718 PROTO=TCP SPT=43433 DPT=2525 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:30:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35361 SEQ=1 Nov 9 07:30:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=58079 PROTO=TCP SPT=51075 DPT=4369 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3417 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47267 PROTO=TCP SPT=49956 DPT=28004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:17 server83 pam_imunify_daemon.bin: time="2025-11-09T07:30:17+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50367 SEQ=1 Nov 9 07:30:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:30:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14989 SEQ=1 Nov 9 07:30:20 server83 dhclient[6182]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3cd54a0) Nov 9 07:30:23 server83 letsencrypt.live.cgi: time="2025-11-09T07:30:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=of3trade WantedNames="[]" Nov 9 07:30:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14409 PROTO=TCP SPT=56753 DPT=8110 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18158 SEQ=1 Nov 9 07:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58178 SEQ=1 Nov 9 07:30:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.115 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=8716 PROTO=TCP SPT=49579 DPT=8530 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:29 server83 NetworkManager[922]: <warn> [1762653629.4415] dhcp4 (eth1): request timed out Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4415] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4575] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6182 Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4575] dhcp4 (eth1): state changed timeout -> done Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4577] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:30:29 server83 NetworkManager[922]: <warn> [1762653629.4581] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4582] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4611] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4613] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4614] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4616] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4625] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4626] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:30:29 server83 NetworkManager[922]: <info> [1762653629.4636] dhcp4 (eth1): dhclient started with pid 10538 Nov 9 07:30:29 server83 dhclient[10538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x414cfcdb) Nov 9 07:30:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.17 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=60271 DPT=5985 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53644 SEQ=1 Nov 9 07:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19952 SEQ=1 Nov 9 07:30:35 server83 dhclient[10538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x414cfcdb) Nov 9 07:30:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=50848 PROTO=TCP SPT=44157 DPT=5280 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:30:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=29264 DF PROTO=ICMP TYPE=8 CODE=0 ID=41999 SEQ=16331 Nov 9 07:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=31457 PROTO=TCP SPT=41142 DPT=705 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53644 SEQ=1 Nov 9 07:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19952 SEQ=1 Nov 9 07:30:38 server83 letsencrypt.live.cgi: time="2025-11-09T07:30:38+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=boawells WantedNames="[]" error="Account is suspended" Nov 9 07:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35275 SEQ=1 Nov 9 07:30:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3409 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:30:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3416 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:46 server83 dhclient[10538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x414cfcdb) Nov 9 07:30:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30299 SEQ=1 Nov 9 07:30:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30299 SEQ=1 Nov 9 07:30:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15798 SEQ=1 Nov 9 07:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53906 SEQ=1 Nov 9 07:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53435 SEQ=1 Nov 9 07:30:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53435 SEQ=1 Nov 9 07:30:53 server83 letsencrypt.live.cgi: time="2025-11-09T07:30:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cafebudd WantedNames="[]" Nov 9 07:30:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52465 DPT=9528 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:30:55 server83 dhclient[10538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x414cfcdb) Nov 9 07:30:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.147.249 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19328 DPT=19328 LEN=16 Nov 9 07:30:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3415 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:30:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62238 PROTO=TCP SPT=43448 DPT=2553 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=106.75.137.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=45477 PROTO=TCP SPT=58914 DPT=1610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:31:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:31:01 server83 systemd: Started Session 308420 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308422 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308423 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308421 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308424 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308425 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308426 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308427 of user root. Nov 9 07:31:01 server83 systemd: Started Session 308428 of user root. Nov 9 07:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48332 SEQ=1 Nov 9 07:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41991 SEQ=1 Nov 9 07:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48332 SEQ=1 Nov 9 07:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7486 SEQ=1 Nov 9 07:31:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3408 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42324 DPT=2100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57643 PROTO=TCP SPT=43448 DPT=2506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:09 server83 letsencrypt.live.cgi: time="2025-11-09T07:31:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=talkwithus WantedNames="[]" Nov 9 07:31:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:31:12 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.147.249 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19328 DPT=19328 LEN=16 Nov 9 07:31:13 server83 dhclient[10538]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x414cfcdb) Nov 9 07:31:14 server83 NetworkManager[922]: <warn> [1762653674.4503] dhcp4 (eth1): request timed out Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10538 Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4583] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:31:14 server83 NetworkManager[922]: <warn> [1762653674.4586] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4587] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4615] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4617] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4617] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4619] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4627] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4628] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:31:14 server83 NetworkManager[922]: <info> [1762653674.4639] dhcp4 (eth1): dhclient started with pid 16203 Nov 9 07:31:14 server83 dhclient[16203]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x260ca21f) Nov 9 07:31:15 server83 aibolit_wrapper[16286]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626536750912966.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626536750914212.txt --log=/tmp/malware_cleaner_log_17626536750915064.txt --progress=/tmp/malware_cleaner_progress_17626536750914838.json --csv_result=/tmp/revisium_csvfile_17626536750914938.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:31:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.168.227 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44805 PROTO=TCP SPT=36707 DPT=4369 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53998 PROTO=TCP SPT=56698 DPT=8213 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:20 server83 dhclient[16203]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x260ca21f) Nov 9 07:31:21 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52954 SEQ=1 Nov 9 07:31:21 server83 aibolit_wrapper[17171]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626536814966812.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626536814969192.txt --progress=/tmp/malware_cleaner_progress_17626536814968858.json --csv_result=/tmp/revisium_csvfile_17626536814969010.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35183 SEQ=1 Nov 9 07:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21702 SEQ=1 Nov 9 07:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22486 SEQ=1 Nov 9 07:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22486 SEQ=1 Nov 9 07:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49841 SEQ=1 Nov 9 07:31:24 server83 scripts.sh: Sun Nov 9 07:31:24 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:31:25 server83 letsencrypt.live.cgi: time="2025-11-09T07:31:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=parkerschnabel WantedNames="[]" Nov 9 07:31:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25847 SEQ=1 Nov 9 07:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56844 SEQ=1 Nov 9 07:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49177 SEQ=1 Nov 9 07:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47197 SEQ=1 Nov 9 07:31:33 server83 dhclient[16203]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x260ca21f) Nov 9 07:31:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=15033 DF PROTO=ICMP TYPE=8 CODE=0 ID=3190 SEQ=51380 Nov 9 07:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24197 SEQ=1 Nov 9 07:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47197 SEQ=1 Nov 9 07:31:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3414 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46320 SEQ=1 Nov 9 07:31:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.130 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42325 DPT=2100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:41 server83 letsencrypt.live.cgi: time="2025-11-09T07:31:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vaisnavi WantedNames="[]" Nov 9 07:31:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=47755 PROTO=TCP SPT=51641 DPT=20080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24153 PROTO=TCP SPT=45727 DPT=34334 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42970 PROTO=TCP SPT=49956 DPT=26285 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:31:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:31:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45120 PROTO=TCP SPT=50404 DPT=5135 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:47 server83 pam_imunify_daemon.bin: time="2025-11-09T07:31:47+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:31:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49561 SEQ=1 Nov 9 07:31:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8553 SEQ=1 Nov 9 07:31:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29528 SEQ=1 Nov 9 07:31:50 server83 dhclient[16203]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x260ca21f) Nov 9 07:31:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.124 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49822 DPT=9643 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8553 SEQ=1 Nov 9 07:31:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.87 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50088 DPT=9698 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:31:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:31:56 server83 letsencrypt.live.cgi: time="2025-11-09T07:31:56+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=duratechconchem WantedNames="[]" error="Account is suspended" Nov 9 07:31:59 server83 NetworkManager[922]: <warn> [1762653719.4494] dhcp4 (eth1): request timed out Nov 9 07:31:59 server83 NetworkManager[922]: <info> [1762653719.4494] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:31:59 server83 NetworkManager[922]: <info> [1762653719.4654] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16203 Nov 9 07:31:59 server83 NetworkManager[922]: <info> [1762653719.4654] dhcp4 (eth1): state changed timeout -> done Nov 9 07:31:59 server83 NetworkManager[922]: <info> [1762653719.4657] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:31:59 server83 NetworkManager[922]: <warn> [1762653719.4662] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:31:59 server83 NetworkManager[922]: <info> [1762653719.4665] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:32:01 server83 systemd: Started Session 308431 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308429 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308432 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308433 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308430 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308434 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308435 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308436 of user root. Nov 9 07:32:01 server83 systemd: Started Session 308437 of user root. Nov 9 07:32:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4170 SEQ=1 Nov 9 07:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35682 SEQ=1 Nov 9 07:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18222 SEQ=1 Nov 9 07:32:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54630 SEQ=1 Nov 9 07:32:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=1245 PROTO=TCP SPT=50272 DPT=26589 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:32:12 server83 letsencrypt.live.cgi: time="2025-11-09T07:32:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=balramsa WantedNames="[]" Nov 9 07:32:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=18984 PROTO=TCP SPT=21679 DPT=39640 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1133 SEQ=1 Nov 9 07:32:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:32:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36301 SEQ=1 Nov 9 07:32:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.19.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49090 DPT=2226 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36301 SEQ=1 Nov 9 07:32:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22508 PROTO=TCP SPT=46370 DPT=3130 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51473 SEQ=1 Nov 9 07:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20392 SEQ=1 Nov 9 07:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32828 SEQ=1 Nov 9 07:32:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.114.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51476 DPT=2226 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:32:27 server83 letsencrypt.live.cgi: time="2025-11-09T07:32:27+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=chazeinternation WantedNames="[]" error="Account is suspended" Nov 9 07:32:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6398 PROTO=TCP SPT=40090 DPT=5259 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:32:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:32:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:32:29 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=39166 PROTO=TCP SPT=39712 DPT=8004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=24278 PROTO=TCP SPT=39712 DPT=2088 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=45633 PROTO=TCP SPT=39712 DPT=30472 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=47147 PROTO=TCP SPT=39712 DPT=9663 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=38722 PROTO=TCP SPT=39712 DPT=2939 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=32614 PROTO=TCP SPT=39712 DPT=7822 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=47077 PROTO=TCP SPT=39712 DPT=8168 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=26647 PROTO=TCP SPT=39712 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=43242 PROTO=TCP SPT=39712 DPT=8082 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=41979 PROTO=TCP SPT=39712 DPT=30001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=57096 PROTO=TCP SPT=39712 DPT=8347 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=25944 PROTO=TCP SPT=39712 DPT=32400 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1029 SEQ=1 Nov 9 07:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59312 SEQ=1 Nov 9 07:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2020 SEQ=1 Nov 9 07:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47749 SEQ=1 Nov 9 07:32:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=53468 PROTO=TCP SPT=39712 DPT=5520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14081 SEQ=1 Nov 9 07:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47749 SEQ=1 Nov 9 07:32:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=30754 PROTO=TCP SPT=39712 DPT=7411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:42 server83 letsencrypt.live.cgi: time="2025-11-09T07:32:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=swiftlogisticspt WantedNames="[]" Nov 9 07:32:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=168 PROTO=TCP SPT=39712 DPT=36505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=22360 PROTO=TCP SPT=39712 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=26410 PROTO=TCP SPT=39712 DPT=9553 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 07:32:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=60515 PROTO=TCP SPT=39712 DPT=37531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51048 SEQ=1 Nov 9 07:32:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51048 SEQ=1 Nov 9 07:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41516 SEQ=1 Nov 9 07:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43202 SEQ=1 Nov 9 07:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=16318 DF PROTO=ICMP TYPE=8 CODE=0 ID=50339 SEQ=35524 Nov 9 07:32:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=12556 PROTO=TCP SPT=39712 DPT=9988 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19854 SEQ=1 Nov 9 07:32:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=45048 PROTO=TCP SPT=39712 DPT=9980 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.235.254.214 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=18011 DF PROTO=ICMP TYPE=8 CODE=0 ID=36868 SEQ=9059 Nov 9 07:32:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=47798 PROTO=TCP SPT=39712 DPT=30013 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=59767 PROTO=TCP SPT=39712 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=45358 PROTO=TCP SPT=39712 DPT=31657 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:32:58 server83 letsencrypt.live.cgi: time="2025-11-09T07:32:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=onlybook WantedNames="[]" Nov 9 07:33:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=10288 PROTO=TCP SPT=39712 DPT=8859 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:01 server83 systemd: Started Session 308438 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308439 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308440 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308441 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308443 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308442 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308444 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308445 of user root. Nov 9 07:33:01 server83 systemd: Started Session 308446 of user root. Nov 9 07:33:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=65242 PROTO=TCP SPT=39712 DPT=8005 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45080 SEQ=1 Nov 9 07:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32366 SEQ=1 Nov 9 07:33:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38124 SEQ=1 Nov 9 07:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=7528 PROTO=TCP SPT=39712 DPT=6620 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=44248 PROTO=TCP SPT=39712 DPT=1488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12542 DF PROTO=TCP SPT=50892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=56465 PROTO=TCP SPT=39712 DPT=16688 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.101.145 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=58632 PROTO=TCP SPT=39712 DPT=30017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38124 SEQ=1 Nov 9 07:33:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12543 DF PROTO=TCP SPT=50892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45080 SEQ=1 Nov 9 07:33:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9326 PROTO=TCP SPT=39812 DPT=5274 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12544 DF PROTO=TCP SPT=50892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:33:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:33:14 server83 letsencrypt.live.cgi: time="2025-11-09T07:33:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=securitydelcom WantedNames="[]" Nov 9 07:33:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12545 DF PROTO=TCP SPT=50892 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:33:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52468 DPT=4081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44973 SEQ=1 Nov 9 07:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64644 SEQ=1 Nov 9 07:33:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41071 SEQ=1 Nov 9 07:33:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53031 DPT=91 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6521 SEQ=1 Nov 9 07:33:25 server83 aibolit_wrapper[32349]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626538050803404.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626538050804668.txt --log=/tmp/malware_cleaner_log_17626538050805798.txt --progress=/tmp/malware_cleaner_progress_17626538050805490.json --csv_result=/tmp/revisium_csvfile_17626538050805628.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:33:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.151.134 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19320 DPT=19320 LEN=16 Nov 9 07:33:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.171 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52965 DPT=18326 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:29 server83 letsencrypt.live.cgi: time="2025-11-09T07:33:29+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=foreverwinningtr WantedNames="[]" Nov 9 07:33:30 server83 aibolit_wrapper[562]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626538103402006.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626538103403698.txt --log=/tmp/malware_cleaner_log_17626538103405154.txt --progress=/tmp/malware_cleaner_progress_17626538103404706.json --csv_result=/tmp/revisium_csvfile_17626538103404908.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:33:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.121 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=55514 PROTO=TCP SPT=58075 DPT=21 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:33:32 server83 systemd: Started Session c2848 of user root. Nov 9 07:33:33 server83 scripts.sh: Load Average: 4.15 , 2.98 Nov 9 07:33:33 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 07:33:33 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 07:33:33 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 07:33:33 server83 scripts.sh: HTTPD Status: inactive Nov 9 07:33:33 server83 scripts.sh: MySQL Status: active Nov 9 07:33:33 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 07:33:33 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 07:33:33 server83 scripts.sh: SSHD Status: active Nov 9 07:33:33 server83 scripts.sh: FTP Status: active Nov 9 07:33:33 server83 scripts.sh: LiteSpeed Status: Active Nov 9 07:33:33 server83 scripts.sh: Imunify Status: Active Nov 9 07:33:33 server83 scripts.sh: cPanel Status: active Nov 9 07:33:33 server83 scripts.sh: Memory Status: 12/31 GB - 41.28% Nov 9 07:33:33 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 07:33:33 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 07:33:33 server83 scripts.sh: Local Version: 4.4.5 Nov 9 07:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31838 SEQ=1 Nov 9 07:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55597 SEQ=1 Nov 9 07:33:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59498 SEQ=1 Nov 9 07:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19888 SEQ=1 Nov 9 07:33:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33689 PROTO=TCP SPT=52602 DPT=5851 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52582 SEQ=1 Nov 9 07:33:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.149 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=34131 PROTO=TCP SPT=57178 DPT=6032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=36104 PROTO=TCP SPT=56114 DPT=7815 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:45 server83 letsencrypt.live.cgi: time="2025-11-09T07:33:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=myonlineexp WantedNames="[]" Nov 9 07:33:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54775 PROTO=TCP SPT=45727 DPT=34332 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.197.193.179 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=41216 DF PROTO=TCP SPT=50197 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 07:33:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.197.193.179 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=41217 DF PROTO=TCP SPT=50197 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12056 SEQ=1 Nov 9 07:33:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26487 SEQ=1 Nov 9 07:33:48 server83 pam_imunify_daemon.bin: time="2025-11-09T07:33:48+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7668 SEQ=1 Nov 9 07:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53390 SEQ=1 Nov 9 07:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4834 SEQ=1 Nov 9 07:33:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.197.193.179 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=41218 DF PROTO=TCP SPT=50197 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12056 SEQ=1 Nov 9 07:33:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.173.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51568 DPT=7401 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26792 PROTO=TCP SPT=49956 DPT=29426 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:33:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.197.193.179 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=41219 DF PROTO=TCP SPT=50197 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=21701 DF PROTO=ICMP TYPE=8 CODE=0 ID=42978 SEQ=20096 Nov 9 07:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=21050 DF PROTO=ICMP TYPE=8 CODE=0 ID=26365 SEQ=52439 Nov 9 07:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.115.246 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1122 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:34:01 server83 letsencrypt.live.cgi: time="2025-11-09T07:34:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=babudegree WantedNames="[]" Nov 9 07:34:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.197.193.179 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=41220 DF PROTO=TCP SPT=50197 DPT=14095 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:34:01 server83 systemd: Started Session 308447 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308448 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308449 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308450 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308451 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308452 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308453 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308454 of user root. Nov 9 07:34:01 server83 systemd: Started Session 308455 of user root. Nov 9 07:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17542 SEQ=1 Nov 9 07:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13720 SEQ=1 Nov 9 07:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60862 SEQ=1 Nov 9 07:34:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53476 SEQ=1 Nov 9 07:34:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24557 PROTO=TCP SPT=46370 DPT=1160 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51541 DPT=10092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:34:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21053 PROTO=TCP SPT=43448 DPT=2513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:34:16 server83 letsencrypt.live.cgi: time="2025-11-09T07:34:16+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vertigeshare WantedNames="[]" Nov 9 07:34:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19853 PROTO=TCP SPT=49720 DPT=9263 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:34:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45026 SEQ=1 Nov 9 07:34:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50377 DPT=722 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30991 SEQ=1 Nov 9 07:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54932 SEQ=1 Nov 9 07:34:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=38.54.50.50 DST=51.210.113.204 LEN=52 TOS=0x0A PREC=0x40 TTL=108 ID=21952 DF PROTO=TCP SPT=64874 DPT=9999 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 07:34:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:34:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=38.54.50.50 DST=51.210.113.204 LEN=52 TOS=0x0A PREC=0x40 TTL=108 ID=21953 DF PROTO=TCP SPT=64874 DPT=9999 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 07:34:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16621 SEQ=1 Nov 9 07:34:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45026 SEQ=1 Nov 9 07:34:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5578 PROTO=TCP SPT=49956 DPT=25472 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:29 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 07:34:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:34:30 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:34:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:34:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.132.41 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49597 DPT=9600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:34:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12546 DF PROTO=TCP SPT=53064 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:32 server83 letsencrypt.live.cgi: time="2025-11-09T07:34:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=balajifireservic WantedNames="[]" error="Account is suspended" Nov 9 07:34:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12547 DF PROTO=TCP SPT=53064 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:33 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:34:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14547 SEQ=1 Nov 9 07:34:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12548 DF PROTO=TCP SPT=53064 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56459 SEQ=1 Nov 9 07:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2686 PROTO=TCP SPT=49956 DPT=29440 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.73 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=31643 PROTO=TCP SPT=40077 DPT=9600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:34:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12549 DF PROTO=TCP SPT=53064 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12550 DF PROTO=TCP SPT=53262 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12551 DF PROTO=TCP SPT=53262 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3407 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12552 DF PROTO=TCP SPT=53262 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:34:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50033 SEQ=1 Nov 9 07:34:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60179 SEQ=1 Nov 9 07:34:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12553 DF PROTO=TCP SPT=53262 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:34:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12554 DF PROTO=TCP SPT=53064 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:47 server83 letsencrypt.live.cgi: time="2025-11-09T07:34:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=caponebkexpress WantedNames="[]" Nov 9 07:34:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12555 DF PROTO=TCP SPT=53450 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17384 SEQ=1 Nov 9 07:34:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12556 DF PROTO=TCP SPT=53450 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64946 PROTO=TCP SPT=43739 DPT=2582 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50033 SEQ=1 Nov 9 07:34:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12557 DF PROTO=TCP SPT=53450 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12558 DF PROTO=TCP SPT=53262 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:34:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=22672 PROTO=TCP SPT=56256 DPT=8011 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:34:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:34:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:34:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=47061 PROTO=TCP SPT=56256 DPT=8008 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:35:01 server83 systemd: Started Session 308456 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308461 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308458 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308462 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308457 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308459 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308460 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308463 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308465 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308466 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308467 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308470 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308464 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308468 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308471 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308469 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308472 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308474 of user root. Nov 9 07:35:01 server83 systemd: Started Session 308473 of user root. Nov 9 07:35:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43791 SEQ=1 Nov 9 07:35:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26483 SEQ=1 Nov 9 07:35:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41118 SEQ=1 Nov 9 07:35:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11959 SEQ=1 Nov 9 07:35:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=19280 DF PROTO=ICMP TYPE=8 CODE=0 ID=8719 SEQ=31837 Nov 9 07:35:03 server83 letsencrypt.live.cgi: time="2025-11-09T07:35:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=sachindoon WantedNames="[]" Nov 9 07:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12560 DF PROTO=TCP SPT=53450 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.202 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52488 DPT=45276 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38917 PROTO=TCP SPT=53687 DPT=12448 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3406 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:35:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.125 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=887 DF PROTO=TCP SPT=16729 DPT=9677 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:35:18 server83 letsencrypt.live.cgi: time="2025-11-09T07:35:18+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=gilundwebsolutio WantedNames="[]" error="Account is suspended" Nov 9 07:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=560 SEQ=1 Nov 9 07:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42335 SEQ=1 Nov 9 07:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22241 SEQ=1 Nov 9 07:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42335 SEQ=1 Nov 9 07:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42962 SEQ=1 Nov 9 07:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50848 SEQ=1 Nov 9 07:35:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29041 PROTO=TCP SPT=49956 DPT=27452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:25 server83 pam_imunify_daemon.bin: time="2025-11-09T07:35:25+05:30" level=warning msg="Send stats for 8 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=8 Nov 9 07:35:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3405 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=15205 PROTO=TCP SPT=21679 DPT=4058 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:35:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53600 PROTO=TCP SPT=46370 DPT=2354 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.103 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=35125 PROTO=TCP SPT=60312 DPT=9600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:35:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11028 PROTO=TCP SPT=53687 DPT=14866 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=23996 DF PROTO=ICMP TYPE=8 CODE=0 ID=65168 SEQ=9365 Nov 9 07:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51588 SEQ=1 Nov 9 07:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34106 SEQ=1 Nov 9 07:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37842 SEQ=1 Nov 9 07:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1037 SEQ=1 Nov 9 07:35:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:35:34 server83 letsencrypt.live.cgi: time="2025-11-09T07:35:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=waterguru WantedNames="[]" Nov 9 07:35:34 server83 aibolit_wrapper[17133]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626539347027028.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626539347028852.txt --log=/tmp/malware_cleaner_log_17626539347031052.txt --progress=/tmp/malware_cleaner_progress_17626539347030384.json --csv_result=/tmp/revisium_csvfile_17626539347030688.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:35:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3413 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:35:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58592 PROTO=TCP SPT=49956 DPT=27806 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:35:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55007 SEQ=1 Nov 9 07:35:49 server83 letsencrypt.live.cgi: time="2025-11-09T07:35:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shikraresort WantedNames="[]" Nov 9 07:35:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4340 SEQ=1 Nov 9 07:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31648 SEQ=1 Nov 9 07:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22125 SEQ=1 Nov 9 07:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14940 SEQ=1 Nov 9 07:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43188 SEQ=1 Nov 9 07:35:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:35:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:35:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:35:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.153 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55908 DPT=4648 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:36:01 server83 systemd: Started Session 308476 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308478 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308479 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308475 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308477 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308480 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308481 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308482 of user root. Nov 9 07:36:01 server83 systemd: Started Session 308483 of user root. Nov 9 07:36:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31132 PROTO=TCP SPT=57143 DPT=8602 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:36:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3404 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:36:05 server83 letsencrypt.live.cgi: time="2025-11-09T07:36:05+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=udaipurprivateda WantedNames="[]" error="Account is suspended" Nov 9 07:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5378 SEQ=1 Nov 9 07:36:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63019 PROTO=TCP SPT=45727 DPT=34598 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37515 SEQ=1 Nov 9 07:36:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52689 DPT=6622 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20752 SEQ=1 Nov 9 07:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56574 SEQ=1 Nov 9 07:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27251 SEQ=1 Nov 9 07:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33357 SEQ=1 Nov 9 07:36:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=161.35.207.98 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=16075 PROTO=TCP SPT=61000 DPT=5173 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:36:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:36:20 server83 letsencrypt.live.cgi: time="2025-11-09T07:36:20+05:30" level=error msg="Failed to process AutoSSL" Username=graticetech error="Experienced fatal pre-flight error for graticetech: User is over quota: graticetech (<nil>)" Nov 9 07:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61602 SEQ=1 Nov 9 07:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62172 SEQ=1 Nov 9 07:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47188 SEQ=1 Nov 9 07:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62065 SEQ=1 Nov 9 07:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40609 SEQ=1 Nov 9 07:36:21 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:36:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16862 SEQ=1 Nov 9 07:36:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.88 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=7800 PROTO=TCP SPT=5659 DPT=4000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:36:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:36:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43669 SEQ=1 Nov 9 07:36:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63697 SEQ=1 Nov 9 07:36:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.124 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55886 DPT=541 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:36:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:36:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23752 SEQ=1 Nov 9 07:36:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.252 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=42130 DF PROTO=TCP SPT=26592 DPT=9766 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:36:35 server83 letsencrypt.live.cgi: time="2025-11-09T07:36:35+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=aerowebtech WantedNames="[]" error="Account is suspended" Nov 9 07:36:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18510 PROTO=TCP SPT=48567 DPT=4665 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:36:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9672 SEQ=1 Nov 9 07:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23752 SEQ=1 Nov 9 07:36:40 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 07:36:40 server83 systemd: Stopped Status Update Service. Nov 9 07:36:40 server83 systemd: Started Status Update Service. Nov 9 07:36:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:36:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:36:50 server83 letsencrypt.live.cgi: time="2025-11-09T07:36:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=casper WantedNames="[]" Nov 9 07:36:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20313 SEQ=1 Nov 9 07:36:54 server83 pam_imunify_daemon.bin: time="2025-11-09T07:36:54+05:30" level=warning msg="Send stats for 7 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=7 Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4408] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4414] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4415] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4419] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4430] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4433] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:36:59 server83 NetworkManager[922]: <info> [1762654019.4445] dhcp4 (eth1): dhclient started with pid 28836 Nov 9 07:36:59 server83 dhclient[28836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x311f3d20) Nov 9 07:36:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1841 PROTO=TCP SPT=60763 DPT=8808 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:01 server83 systemd: Started Session 308485 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308484 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308486 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308487 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308488 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308489 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308490 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308491 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308492 of user root. Nov 9 07:37:01 server83 systemd: Started Session 308493 of user root. Nov 9 07:37:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13347 SEQ=1 Nov 9 07:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62372 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:06 server83 letsencrypt.live.cgi: time="2025-11-09T07:37:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cpdemo WantedNames="[]" Nov 9 07:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62373 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:37:07 server83 dhclient[28836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x311f3d20) Nov 9 07:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6160 SEQ=1 Nov 9 07:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16964 SEQ=1 Nov 9 07:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32541 SEQ=1 Nov 9 07:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55453 SEQ=1 Nov 9 07:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32411 SEQ=1 Nov 9 07:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62374 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62375 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9944 SEQ=1 Nov 9 07:37:20 server83 dhclient[28836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x311f3d20) Nov 9 07:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9944 SEQ=1 Nov 9 07:37:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62376 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.19 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=60497 PROTO=TCP SPT=59115 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10368 SEQ=1 Nov 9 07:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7861 SEQ=1 Nov 9 07:37:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62285 SEQ=1 Nov 9 07:37:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24870 PROTO=TCP SPT=52789 DPT=40965 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:37:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:37:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:37:29 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:37:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48043 PROTO=TCP SPT=57143 DPT=8617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:37:32 server83 letsencrypt.live.cgi: time="2025-11-09T07:37:32+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=amjad WantedNames="[]" Nov 9 07:37:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25044 PROTO=TCP SPT=45727 DPT=30042 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16643 SEQ=1 Nov 9 07:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14971 SEQ=1 Nov 9 07:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9280 SEQ=1 Nov 9 07:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54823 SEQ=1 Nov 9 07:37:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62377 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:37 server83 dhclient[28836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x311f3d20) Nov 9 07:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54066 SEQ=1 Nov 9 07:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54066 SEQ=1 Nov 9 07:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36454 SEQ=1 Nov 9 07:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18231 SEQ=1 Nov 9 07:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6280 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6281 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.193 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47435 DPT=3265 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6282 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56729 DPT=40844 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:44 server83 NetworkManager[922]: <warn> [1762654064.4513] dhcp4 (eth1): request timed out Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28836 Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4676] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:37:44 server83 NetworkManager[922]: <warn> [1762654064.4681] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4683] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4730] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4734] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4735] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4738] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4748] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4751] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:37:44 server83 NetworkManager[922]: <info> [1762654064.4762] dhcp4 (eth1): dhclient started with pid 1921 Nov 9 07:37:44 server83 dhclient[1921]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x51bfdf08) Nov 9 07:37:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50620 SEQ=1 Nov 9 07:37:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=30571 DF PROTO=ICMP TYPE=8 CODE=0 ID=31114 SEQ=27321 Nov 9 07:37:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:37:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6283 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16404 SEQ=1 Nov 9 07:37:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.153.51 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45377 DPT=3265 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2645 SEQ=1 Nov 9 07:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16404 SEQ=1 Nov 9 07:37:47 server83 letsencrypt.live.cgi: time="2025-11-09T07:37:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=arathingorillagl WantedNames="[]" Nov 9 07:37:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.40.250.19 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=7630 PROTO=TCP SPT=60921 DPT=8006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58837 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:37:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31691 SEQ=1 Nov 9 07:37:50 server83 dhclient[1921]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x51bfdf08) Nov 9 07:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6284 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:37:58 server83 dhclient[1921]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x51bfdf08) Nov 9 07:37:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3412 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:37:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:37:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.254.131.109 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=54702 DF PROTO=TCP SPT=55726 DPT=34513 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 07:38:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:01 server83 systemd: Started Session 308496 of user root. Nov 9 07:38:01 server83 systemd: Started Session 308494 of user root. Nov 9 07:38:01 server83 systemd: Started Session 308497 of user root. Nov 9 07:38:01 server83 systemd: Started Session 308495 of user root. Nov 9 07:38:01 server83 systemd: Started Session 308498 of user root. Nov 9 07:38:01 server83 systemd: Started Session 308499 of user root. Nov 9 07:38:01 server83 systemd: Started Session 308500 of user root. Nov 9 07:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:01 server83 systemd: Started Session 308501 of user root. Nov 9 07:38:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:01 server83 systemd: Started Session 308502 of user root. Nov 9 07:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27306 SEQ=1 Nov 9 07:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27306 SEQ=1 Nov 9 07:38:03 server83 letsencrypt.live.cgi: time="2025-11-09T07:38:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=jijivish WantedNames="[]" Nov 9 07:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9688 SEQ=1 Nov 9 07:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17456 PROTO=TCP SPT=51369 DPT=9434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.125 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58680 DPT=8020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62378 DF PROTO=TCP SPT=43402 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11772 SEQ=1 Nov 9 07:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6285 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:12 server83 dhclient[1921]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x51bfdf08) Nov 9 07:38:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.177 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=36609 PROTO=TCP SPT=53901 DPT=5060 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:38:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60956 SEQ=1 Nov 9 07:38:19 server83 letsencrypt.live.cgi: time="2025-11-09T07:38:19+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=kashikumbh WantedNames="[]" error="Account is suspended" Nov 9 07:38:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46323 SEQ=1 Nov 9 07:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47314 DF PROTO=TCP SPT=51070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56148 SEQ=1 Nov 9 07:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 07:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 07:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47315 DF PROTO=TCP SPT=51070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56148 SEQ=1 Nov 9 07:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64585 SEQ=1 Nov 9 07:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47316 DF PROTO=TCP SPT=51070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53176 DPT=7172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.125.26 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=50708 PROTO=TCP SPT=42079 DPT=8006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:23 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 07:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46323 SEQ=1 Nov 9 07:38:25 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 07:38:25 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 07:38:25 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:25 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47317 DF PROTO=TCP SPT=51070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:27 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 07:38:27 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 07:38:29 server83 NetworkManager[922]: <warn> [1762654109.4503] dhcp4 (eth1): request timed out Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4825] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1921 Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4825] dhcp4 (eth1): state changed timeout -> done Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4827] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:38:29 server83 NetworkManager[922]: <warn> [1762654109.4831] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4832] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4865] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4869] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4869] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4872] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4882] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4884] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:38:29 server83 NetworkManager[922]: <info> [1762654109.4963] dhcp4 (eth1): dhclient started with pid 7574 Nov 9 07:38:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32433 PROTO=TCP SPT=45727 DPT=30400 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:29 server83 dhclient[7574]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x60738e09) Nov 9 07:38:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:38:30 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 07:38:32 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 07:38:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39447 SEQ=1 Nov 9 07:38:34 server83 letsencrypt.live.cgi: time="2025-11-09T07:38:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=machinna WantedNames="[]" Nov 9 07:38:34 server83 dhclient[7574]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x60738e09) Nov 9 07:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47318 DF PROTO=TCP SPT=51070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39447 SEQ=1 Nov 9 07:38:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61560 PROTO=TCP SPT=46370 DPT=1902 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=35035 DF PROTO=ICMP TYPE=8 CODE=0 ID=15232 SEQ=53704 Nov 9 07:38:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14888 SEQ=1 Nov 9 07:38:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6000 SEQ=1 Nov 9 07:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56192 SEQ=1 Nov 9 07:38:41 server83 dhclient[7574]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x60738e09) Nov 9 07:38:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.86 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53490 DPT=1114 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=39.104.134.58 DST=145.239.177.179 LEN=40 TOS=0x18 PREC=0xA0 TTL=234 ID=39594 PROTO=TCP SPT=46760 DPT=2376 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6286 DF PROTO=TCP SPT=38772 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32509 SEQ=1 Nov 9 07:38:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16725 SEQ=1 Nov 9 07:38:48 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:38:48 server83 dhclient[7574]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x60738e09) Nov 9 07:38:50 server83 letsencrypt.live.cgi: time="2025-11-09T07:38:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=imtiazas WantedNames="[]" Nov 9 07:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32509 SEQ=1 Nov 9 07:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39452 SEQ=1 Nov 9 07:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47319 DF PROTO=TCP SPT=51070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50472 SEQ=1 Nov 9 07:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.104 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=43013 DPT=5014 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30199 PROTO=TCP SPT=49956 DPT=29784 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44902 SEQ=1 Nov 9 07:38:55 server83 dhclient[7574]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x60738e09) Nov 9 07:38:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53190 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:38:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=39390 PROTO=TCP SPT=53573 DPT=8899 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=42290 PROTO=TCP SPT=53573 DPT=30083 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=34426 PROTO=TCP SPT=53573 DPT=30005 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:38:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=42409 PROTO=TCP SPT=53573 DPT=2 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=1602 PROTO=TCP SPT=53573 DPT=1888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46366 SEQ=1 Nov 9 07:39:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24977 SEQ=1 Nov 9 07:39:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=5629 PROTO=TCP SPT=53573 DPT=8206 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50987 SEQ=1 Nov 9 07:39:01 server83 systemd: Started Session 308503 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308505 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308504 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308506 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308507 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308508 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308511 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308509 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308510 of user root. Nov 9 07:39:01 server83 systemd: Started Session 308512 of user root. Nov 9 07:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53119 SEQ=1 Nov 9 07:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17373 SEQ=1 Nov 9 07:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20093 SEQ=1 Nov 9 07:39:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=20247 PROTO=TCP SPT=53573 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=57752 PROTO=TCP SPT=53573 DPT=30007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47670 PROTO=TCP SPT=50011 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34856 PROTO=TCP SPT=61666 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=33600 PROTO=TCP SPT=53573 DPT=8788 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=21632 PROTO=TCP SPT=53573 DPT=30000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=4065 PROTO=TCP SPT=53573 DPT=30454 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:07 server83 dhclient[7574]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x60738e09) Nov 9 07:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49909 SEQ=1 Nov 9 07:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61529 SEQ=1 Nov 9 07:39:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=18289 PROTO=TCP SPT=53573 DPT=6002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=55779 PROTO=TCP SPT=53573 DPT=32400 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=22193 PROTO=TCP SPT=53573 DPT=30481 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=41804 PROTO=TCP SPT=35557 DPT=6612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=12981 PROTO=TCP SPT=35557 DPT=30007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54439 PROTO=TCP SPT=53573 DPT=8866 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=45356 PROTO=TCP SPT=35557 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:14 server83 NetworkManager[922]: <warn> [1762654154.4507] dhcp4 (eth1): request timed out Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4507] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4666] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7574 Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4666] dhcp4 (eth1): state changed timeout -> done Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4668] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:39:14 server83 NetworkManager[922]: <warn> [1762654154.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4701] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4704] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4704] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4706] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4715] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4717] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:39:14 server83 NetworkManager[922]: <info> [1762654154.4727] dhcp4 (eth1): dhclient started with pid 12062 Nov 9 07:39:14 server83 dhclient[12062]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x297fe334) Nov 9 07:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=64617 PROTO=TCP SPT=35557 DPT=30452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:39:15+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=stanwells WantedNames="[]" error="Account is suspended" Nov 9 07:39:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29160 PROTO=TCP SPT=35557 DPT=30013 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59109 SEQ=1 Nov 9 07:39:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=50931 PROTO=TCP SPT=35557 DPT=37531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59109 SEQ=1 Nov 9 07:39:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=21243 PROTO=TCP SPT=53573 DPT=8005 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46574 SEQ=1 Nov 9 07:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14552 SEQ=1 Nov 9 07:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46574 SEQ=1 Nov 9 07:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54078 SEQ=1 Nov 9 07:39:22 server83 dhclient[12062]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x297fe334) Nov 9 07:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=49734 PROTO=TCP SPT=53573 DPT=6899 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:22 server83 aibolit_wrapper[12786]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626541628625360.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626541628626518.txt --log=/tmp/malware_cleaner_log_17626541628627662.txt --progress=/tmp/malware_cleaner_progress_17626541628627434.json --csv_result=/tmp/revisium_csvfile_17626541628627544.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:39:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.250.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=1485 PROTO=TCP SPT=53573 DPT=8207 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=28942 PROTO=TCP SPT=35557 DPT=6003 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:27 server83 aibolit_wrapper[13199]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626541671268312.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626541671269930.txt --log=/tmp/malware_cleaner_log_17626541671271746.txt --progress=/tmp/malware_cleaner_progress_17626541671271314.json --csv_result=/tmp/revisium_csvfile_17626541671271524.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:39:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=45690 PROTO=TCP SPT=35557 DPT=2887 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:39:30 server83 letsencrypt.live.cgi: time="2025-11-09T07:39:30+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tecxyz WantedNames="[]" Nov 9 07:39:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=9106 PROTO=TCP SPT=35557 DPT=6002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38641 SEQ=1 Nov 9 07:39:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=52332 PROTO=TCP SPT=35557 DPT=8868 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61483 SEQ=1 Nov 9 07:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3783 SEQ=1 Nov 9 07:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38641 SEQ=1 Nov 9 07:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=38812 PROTO=TCP SPT=35557 DPT=30029 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=39531 PROTO=TCP SPT=35557 DPT=6411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=56899 PROTO=TCP SPT=35557 DPT=9885 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.153.51 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=52250 DPT=70 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61941 PROTO=TCP SPT=49956 DPT=29521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:35 server83 dhclient[12062]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x297fe334) Nov 9 07:39:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=14002 PROTO=TCP SPT=35557 DPT=9981 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=22725 PROTO=TCP SPT=35557 DPT=5569 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3783 SEQ=1 Nov 9 07:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31887 SEQ=1 Nov 9 07:39:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.36.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=37105 PROTO=TCP SPT=35557 DPT=30003 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64427 DF PROTO=TCP SPT=59620 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:39:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40691 PROTO=TCP SPT=58435 DPT=6981 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:39:46 server83 letsencrypt.live.cgi: time="2025-11-09T07:39:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=libertytreasury WantedNames="[]" Nov 9 07:39:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.84.60 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=47893 PROTO=TCP SPT=56386 DPT=8022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6690 SEQ=1 Nov 9 07:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2000 SEQ=1 Nov 9 07:39:48 server83 dhclient[12062]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x297fe334) Nov 9 07:39:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8960 SEQ=1 Nov 9 07:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8667 SEQ=1 Nov 9 07:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37575 SEQ=1 Nov 9 07:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58075 SEQ=1 Nov 9 07:39:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17886 SEQ=1 Nov 9 07:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64429 DF PROTO=TCP SPT=59620 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:39:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:39:59 server83 NetworkManager[922]: <warn> [1762654199.4386] dhcp4 (eth1): request timed out Nov 9 07:39:59 server83 NetworkManager[922]: <info> [1762654199.4387] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:39:59 server83 NetworkManager[922]: <info> [1762654199.4548] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12062 Nov 9 07:39:59 server83 NetworkManager[922]: <info> [1762654199.4549] dhcp4 (eth1): state changed timeout -> done Nov 9 07:39:59 server83 NetworkManager[922]: <info> [1762654199.4551] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:39:59 server83 NetworkManager[922]: <warn> [1762654199.4556] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:39:59 server83 NetworkManager[922]: <info> [1762654199.4558] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:40:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.163.34.54 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=55831 PROTO=TCP SPT=37077 DPT=5094 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:40:01 server83 systemd: Started Session 308514 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308516 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308515 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308517 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308513 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308520 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308519 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308521 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308518 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308522 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308523 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308524 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308525 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308526 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308527 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308528 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308529 of user root. Nov 9 07:40:01 server83 systemd: Started Session 308530 of user root. Nov 9 07:40:01 server83 letsencrypt.live.cgi: time="2025-11-09T07:40:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=daruka WantedNames="[]" Nov 9 07:40:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3403 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45144 SEQ=1 Nov 9 07:40:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12561 DF PROTO=TCP SPT=58702 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12562 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45074 SEQ=1 Nov 9 07:40:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32888 SEQ=1 Nov 9 07:40:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12563 DF PROTO=TCP SPT=58702 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12564 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45144 SEQ=1 Nov 9 07:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54250 SEQ=1 Nov 9 07:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6702 SEQ=1 Nov 9 07:40:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12565 DF PROTO=TCP SPT=58702 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12566 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=47517 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64430 DF PROTO=TCP SPT=59620 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:17 server83 letsencrypt.live.cgi: time="2025-11-09T07:40:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=totrades WantedNames="[]" Nov 9 07:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55319 SEQ=1 Nov 9 07:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12569 DF PROTO=TCP SPT=58702 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12570 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14203 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:21 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14204 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19230 SEQ=1 Nov 9 07:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21925 SEQ=1 Nov 9 07:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35171 SEQ=1 Nov 9 07:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14205 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11321 SEQ=1 Nov 9 07:40:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=63522 PROTO=TCP SPT=34710 DPT=46763 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:40:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14206 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52169 SEQ=1 Nov 9 07:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28888 SEQ=1 Nov 9 07:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57253 SEQ=1 Nov 9 07:40:32 server83 letsencrypt.live.cgi: time="2025-11-09T07:40:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=zenithfinex WantedNames="[]" error="Account is suspended" Nov 9 07:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57253 SEQ=1 Nov 9 07:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18628 SEQ=1 Nov 9 07:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32710 SEQ=1 Nov 9 07:40:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29028 PROTO=TCP SPT=49956 DPT=28980 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14207 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22514 SEQ=1 Nov 9 07:40:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.224 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38449 DPT=8030 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:40:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=38816 PROTO=TCP SPT=45772 DPT=18245 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:40:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64431 DF PROTO=TCP SPT=59620 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: circuit breaker is open Nov 9 07:40:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:40:46 server83 imunify360-php-daemon[734]: connections: {total = 17085, closed_as_old = 0, dropped = 1},#012messages: {total_received = 45980, blamer_received = 45972, blamer_filtered = 2685, aggregated = 2518, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 173, send = 0, send_failed = 175, stored = 2, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 7338, fevents_total = 16565,#012#011#011#011#011 fevents_filtered = {total = 29415, wrong_id = 131776, wrong_function_name = 8548938, match_file_false = 5987125, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 2668, fevents_stored_updated = 414, fevents_send_success = 0, fevents_send_failure = 37 } Nov 9 07:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 17651624 B, totalAlloc = 792453693800 B, sys = 68965640 B, rss = 184152064 B Nov 9 07:40:48 server83 letsencrypt.live.cgi: time="2025-11-09T07:40:48+05:30" level=error msg="Failed to process AutoSSL" Username=thecreativelaunc error="Experienced fatal pre-flight error for thecreativelaunc: User is over quota: thecreativelaunc (<nil>)" Nov 9 07:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1346 SEQ=1 Nov 9 07:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44509 SEQ=1 Nov 9 07:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30885 SEQ=1 Nov 9 07:40:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2401 SEQ=1 Nov 9 07:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15386 SEQ=1 Nov 9 07:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14208 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:40:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.92.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43902 DPT=40003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:40:55 server83 scripts.sh: Sun Nov 9 07:40:55 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:40:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.152.136 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=2053 PROTO=TCP SPT=56068 DPT=5903 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:40:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.27 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42315 PROTO=TCP SPT=22581 DPT=888 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:40:59 server83 aibolit_wrapper[22225]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626542595781762.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626542595783606.txt --log=/tmp/malware_cleaner_log_17626542595784902.txt --progress=/tmp/malware_cleaner_progress_17626542595784544.json --csv_result=/tmp/revisium_csvfile_17626542595784692.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:41:01 server83 systemd: Started Session 308534 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308531 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308532 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308535 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308536 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308537 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308533 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308538 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308539 of user root. Nov 9 07:41:01 server83 systemd: Started Session 308540 of user root. Nov 9 07:41:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3410 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:41:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.250.143.163 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=13811 DF PROTO=TCP SPT=14835 DPT=47000 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 07:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.181 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=46053 PROTO=TCP SPT=11874 DPT=8082 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.140 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=4929 PROTO=TCP SPT=33089 DPT=9035 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=55221 PROTO=TCP SPT=54230 DPT=9443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:41:03 server83 letsencrypt.live.cgi: time="2025-11-09T07:41:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=horizoncapsmobil WantedNames="[]" Nov 9 07:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35244 SEQ=1 Nov 9 07:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19085 SEQ=1 Nov 9 07:41:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.95 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=56467 DPT=4343 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:41:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=128.199.255.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=415 PROTO=TCP SPT=60000 DPT=29622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:41:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64813 PROTO=TCP SPT=53687 DPT=3432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25086 SEQ=1 Nov 9 07:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45460 SEQ=1 Nov 9 07:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61254 SEQ=1 Nov 9 07:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61595 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61596 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61597 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12571 DF PROTO=TCP SPT=60457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:41:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12572 DF PROTO=TCP SPT=60457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:41:15 server83 pam_imunify_daemon.bin: time="2025-11-09T07:41:15+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61598 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12573 DF PROTO=TCP SPT=60457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:41:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:41:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23138 SEQ=1 Nov 9 07:41:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18189 SEQ=1 Nov 9 07:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18189 SEQ=1 Nov 9 07:41:19 server83 letsencrypt.live.cgi: time="2025-11-09T07:41:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crossbridgeenerg WantedNames="[]" Nov 9 07:41:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12574 DF PROTO=TCP SPT=60457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12007 SEQ=1 Nov 9 07:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42927 SEQ=1 Nov 9 07:41:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52803 SEQ=1 Nov 9 07:41:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61599 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28873 SEQ=1 Nov 9 07:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14209 DF PROTO=TCP SPT=45760 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:41:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:41:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12575 DF PROTO=TCP SPT=60457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:41:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37403 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:41:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=20340 PROTO=TCP SPT=35763 DPT=1883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40292 SEQ=1 Nov 9 07:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18210 SEQ=1 Nov 9 07:41:35 server83 letsencrypt.live.cgi: time="2025-11-09T07:41:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hsdbtc WantedNames="[]" Nov 9 07:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58569 SEQ=1 Nov 9 07:41:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57446 SEQ=1 Nov 9 07:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13641 SEQ=1 Nov 9 07:41:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32560 SEQ=1 Nov 9 07:41:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15767 PROTO=TCP SPT=38729 DPT=6278 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61600 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37456 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37457 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37458 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37459 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:41:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3409 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:41:50 server83 letsencrypt.live.cgi: time="2025-11-09T07:41:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=unemail WantedNames="[]" Nov 9 07:41:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32679 SEQ=1 Nov 9 07:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8151 SEQ=1 Nov 9 07:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64560 SEQ=1 Nov 9 07:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8151 SEQ=1 Nov 9 07:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49183 SEQ=1 Nov 9 07:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37460 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=42037 PROTO=TCP SPT=21679 DPT=1434 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:42:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:42:01 server83 systemd: Started Session 308542 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308541 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308545 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308546 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308543 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308544 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308547 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308548 of user root. Nov 9 07:42:01 server83 systemd: Started Session 308549 of user root. Nov 9 07:42:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.132 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=28820 PROTO=TCP SPT=64862 DPT=37193 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:42:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55108 SEQ=1 Nov 9 07:42:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41315 SEQ=1 Nov 9 07:42:06 server83 letsencrypt.live.cgi: time="2025-11-09T07:42:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gptbiz WantedNames="[]" Nov 9 07:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65105 SEQ=1 Nov 9 07:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21500 SEQ=1 Nov 9 07:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2762 SEQ=1 Nov 9 07:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6616 SEQ=1 Nov 9 07:42:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34982 DPT=8060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61601 DF PROTO=TCP SPT=36566 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37461 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.148 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50798 DPT=688 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:42:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3408 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:42:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.132 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=22304 DF PROTO=TCP SPT=61404 DPT=22379 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:42:19 server83 aibolit_wrapper[26894]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626543391477832.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626543391480114.txt --log=/tmp/malware_cleaner_log_17626543391482746.txt --progress=/tmp/malware_cleaner_progress_17626543391482262.json --csv_result=/tmp/revisium_csvfile_17626543391482428.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:42:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48169 PROTO=TCP SPT=53687 DPT=12448 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:42:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21510 SEQ=1 Nov 9 07:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62675 SEQ=1 Nov 9 07:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50246 SEQ=1 Nov 9 07:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=124.243.190.78 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=55706 DF PROTO=ICMP TYPE=8 CODE=0 ID=45430 SEQ=28789 Nov 9 07:42:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:42:21 server83 letsencrypt.live.cgi: time="2025-11-09T07:42:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=returntech WantedNames="[]" Nov 9 07:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21510 SEQ=1 Nov 9 07:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41678 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.136 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=55864 PROTO=TCP SPT=8552 DPT=10034 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3373 SEQ=1 Nov 9 07:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41679 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41680 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:42:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3402 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:42:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.107.137 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=34032 DPT=5632 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41681 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:30 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:42:30 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:42:30 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37176 SEQ=1 Nov 9 07:42:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35447 SEQ=1 Nov 9 07:42:37 server83 letsencrypt.live.cgi: time="2025-11-09T07:42:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=spacetradeglobal WantedNames="[]" Nov 9 07:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41682 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57376 SEQ=1 Nov 9 07:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54557 SEQ=1 Nov 9 07:42:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.165.139 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34246 DPT=5544 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:42:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.221.137.47 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48439 DPT=8050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:42:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.91.93.202 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=36990 DF PROTO=TCP SPT=38014 DPT=18082 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 07:42:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=28862 PROTO=TCP SPT=56765 DPT=8307 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:42:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.172.111 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=5152 DF PROTO=TCP SPT=37226 DPT=4121 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:42:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:42:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:42:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19998 SEQ=1 Nov 9 07:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37462 DF PROTO=TCP SPT=44430 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28658 PROTO=TCP SPT=57999 DPT=4609 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61736 SEQ=1 Nov 9 07:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61736 SEQ=1 Nov 9 07:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11857 SEQ=1 Nov 9 07:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57492 SEQ=1 Nov 9 07:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42636 SEQ=1 Nov 9 07:42:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:42:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=truistbnk WantedNames="[]" Nov 9 07:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19998 SEQ=1 Nov 9 07:42:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=27937 PROTO=TCP SPT=53857 DPT=44392 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41683 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:42:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.65.175 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=3431 DF PROTO=TCP SPT=38298 DPT=706 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:42:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:43:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.220 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50735 DPT=9142 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:01 server83 systemd: Started Session 308551 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308552 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308553 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308554 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308550 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308556 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308555 of user root. Nov 9 07:43:01 server83 systemd: Started Session 308557 of user root. Nov 9 07:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:43:01 server83 systemd: Started Session 308558 of user root. Nov 9 07:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.49 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54428 DPT=9841 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53242 DPT=9716 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:03 server83 pam_imunify_daemon.bin: time="2025-11-09T07:43:03+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:43:03 server83 systemd: Started Session c2849 of user root. Nov 9 07:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18628 SEQ=1 Nov 9 07:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5274 SEQ=1 Nov 9 07:43:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12576 DF PROTO=TCP SPT=63353 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:43:03 server83 scripts.sh: Load Average: 5.55 , 4.72 Nov 9 07:43:03 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 07:43:03 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 07:43:03 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 07:43:03 server83 scripts.sh: HTTPD Status: inactive Nov 9 07:43:03 server83 scripts.sh: MySQL Status: active Nov 9 07:43:03 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 07:43:03 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 07:43:03 server83 scripts.sh: SSHD Status: active Nov 9 07:43:03 server83 scripts.sh: FTP Status: active Nov 9 07:43:03 server83 scripts.sh: LiteSpeed Status: Active Nov 9 07:43:03 server83 scripts.sh: Imunify Status: Active Nov 9 07:43:03 server83 scripts.sh: cPanel Status: active Nov 9 07:43:03 server83 scripts.sh: Memory Status: 12/31 GB - 40.31% Nov 9 07:43:03 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 07:43:03 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 07:43:03 server83 scripts.sh: Local Version: 4.4.5 Nov 9 07:43:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49328 PROTO=TCP SPT=46370 DPT=2731 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12577 DF PROTO=TCP SPT=63353 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:43:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.115.78 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=1180 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:43:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12578 DF PROTO=TCP SPT=63353 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:43:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.136 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50257 DPT=45748 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:08 server83 letsencrypt.live.cgi: time="2025-11-09T07:43:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hosting4webs WantedNames="[]" Nov 9 07:43:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23458 SEQ=1 Nov 9 07:43:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=111 SEQ=1 Nov 9 07:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23458 SEQ=1 Nov 9 07:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=111 SEQ=1 Nov 9 07:43:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=57780 DPT=9162 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12579 DF PROTO=TCP SPT=63353 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63855 DF PROTO=TCP SPT=54132 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63856 DF PROTO=TCP SPT=54132 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=50427 DPT=9161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=40003 PROTO=TCP SPT=53857 DPT=44332 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12580 DF PROTO=TCP SPT=63353 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63858 DF PROTO=TCP SPT=54132 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21193 SEQ=1 Nov 9 07:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62767 SEQ=1 Nov 9 07:43:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54007 PROTO=TCP SPT=53687 DPT=3034 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60192 SEQ=1 Nov 9 07:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36150 SEQ=1 Nov 9 07:43:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=35245 DPT=9165 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.138 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=19763 PROTO=TCP SPT=54741 DPT=8084 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:43:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=15747 PROTO=TCP SPT=53037 DPT=9042 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39517 PROTO=TCP SPT=48003 DPT=8018 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41684 DF PROTO=TCP SPT=59010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63859 DF PROTO=TCP SPT=54132 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14062 PROTO=TCP SPT=45727 DPT=30749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=60427 PROTO=TCP SPT=52773 DPT=3481 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:43:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32278 SEQ=1 Nov 9 07:43:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=58439 PROTO=TCP SPT=56185 DPT=7907 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:34 server83 letsencrypt.live.cgi: time="2025-11-09T07:43:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nirmalat WantedNames="[]" Nov 9 07:43:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38213 PROTO=TCP SPT=45727 DPT=33229 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:43:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56884 DPT=9156 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38522 SEQ=1 Nov 9 07:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32755 SEQ=1 Nov 9 07:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51233 SEQ=1 Nov 9 07:43:39 server83 aibolit_wrapper[29473]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626544189943486.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626544189945368.txt --log=/tmp/malware_cleaner_log_17626544189947360.txt --progress=/tmp/malware_cleaner_progress_17626544189946706.json --csv_result=/tmp/revisium_csvfile_17626544189946988.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:43:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=52428 DPT=9164 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17174 SEQ=1 Nov 9 07:43:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42114 SEQ=1 Nov 9 07:43:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37246 DPT=5080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63860 DF PROTO=TCP SPT=54132 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56964 PROTO=TCP SPT=44990 DPT=9398 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=461 PROTO=TCP SPT=41068 DPT=5811 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33130 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33131 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:43:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:43:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18076 SEQ=1 Nov 9 07:43:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12106 SEQ=1 Nov 9 07:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11806 SEQ=1 Nov 9 07:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48224 SEQ=1 Nov 9 07:43:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33132 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53622 SEQ=1 Nov 9 07:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54635 SEQ=1 Nov 9 07:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33133 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=38863 DPT=9159 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:43:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.127 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=1 DF PROTO=TCP SPT=64163 DPT=25565 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 07:43:59 server83 letsencrypt.live.cgi: time="2025-11-09T07:43:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dsnux WantedNames="[]" Nov 9 07:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33134 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:01 server83 systemd: Started Session 308560 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308563 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308562 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308559 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308561 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308565 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308564 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308566 of user root. Nov 9 07:44:01 server83 systemd: Started Session 308567 of user root. Nov 9 07:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:44:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34156 PROTO=TCP SPT=46370 DPT=2479 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:44:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2054 SEQ=1 Nov 9 07:44:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25164 SEQ=1 Nov 9 07:44:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61322 SEQ=1 Nov 9 07:44:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56791 SEQ=1 Nov 9 07:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9384 SEQ=1 Nov 9 07:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33359 SEQ=1 Nov 9 07:44:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=65409 PROTO=TCP SPT=57244 DPT=6359 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:44:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=doctorranajit WantedNames="[]" Nov 9 07:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63861 DF PROTO=TCP SPT=54132 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48323 DPT=22222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33135 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:18 server83 PAM-hulk[30367]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 07:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=8118 PROTO=TCP SPT=50272 DPT=5226 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:44:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27126 SEQ=1 Nov 9 07:44:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:44:21 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.78 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52352 DPT=9251 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2946 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2947 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2948 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:30 server83 letsencrypt.live.cgi: time="2025-11-09T07:44:30+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=caponeglobal WantedNames="[]" error="Account is suspended" Nov 9 07:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48704 SEQ=1 Nov 9 07:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4646 PROTO=TCP SPT=42121 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38816 SEQ=1 Nov 9 07:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2949 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31195 SEQ=1 Nov 9 07:44:33 server83 aibolit_wrapper[30660]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626544733951044.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626544733952306.txt --log=/tmp/malware_cleaner_log_17626544733953230.txt --progress=/tmp/malware_cleaner_progress_17626544733952942.json --csv_result=/tmp/revisium_csvfile_17626544733953082.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:44:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3401 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=56486 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:37 server83 aibolit_wrapper[30823]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626544777084112.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626544777085018.txt --log=/tmp/malware_cleaner_log_17626544777086118.txt --progress=/tmp/malware_cleaner_progress_17626544777085834.json --csv_result=/tmp/revisium_csvfile_17626544777085968.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59767 SEQ=1 Nov 9 07:44:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11865 SEQ=1 Nov 9 07:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11865 SEQ=1 Nov 9 07:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59767 SEQ=1 Nov 9 07:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.92.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51184 DPT=1051 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2950 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.189 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44550 DPT=1051 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:46 server83 letsencrypt.live.cgi: time="2025-11-09T07:44:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mailerpaypalinvo WantedNames="[]" Nov 9 07:44:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:44:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:44:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36165 SEQ=1 Nov 9 07:44:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14323 SEQ=1 Nov 9 07:44:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62430 SEQ=1 Nov 9 07:44:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33136 DF PROTO=TCP SPT=37932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57079 SEQ=1 Nov 9 07:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62430 SEQ=1 Nov 9 07:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2951 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:44:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=41270 DPT=9157 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.119.75.60 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=43566 PROTO=TCP SPT=38247 DPT=9999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4953] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4957] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4958] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4961] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4970] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4972] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:44:59 server83 NetworkManager[922]: <info> [1762654499.4983] dhcp4 (eth1): dhclient started with pid 31360 Nov 9 07:44:59 server83 dhclient[31360]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x56e0beb8) Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 systemd: Started Session 308571 of user root. Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:45:01 server83 systemd: Started Session 308569 of user root. Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 systemd: Started Session 308568 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308572 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308573 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308576 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308574 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308575 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308577 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308578 of user root. Nov 9 07:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 07:45:01 server83 systemd: Started Session 308580 of user sanatanhinduvahi. Nov 9 07:45:01 server83 systemd: Started Session 308581 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308570 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308579 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308582 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308584 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308583 of user root. Nov 9 07:45:01 server83 systemd: Started Session 308585 of user root. Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:45:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 07:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1764 SEQ=1 Nov 9 07:45:01 server83 letsencrypt.live.cgi: time="2025-11-09T07:45:01+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=claimcoinpayment WantedNames="[]" Nov 9 07:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58554 SEQ=1 Nov 9 07:45:02 server83 aibolit_wrapper[31674]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545029306652.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545029308122.txt --log=/tmp/malware_cleaner_log_17626545029309478.txt --progress=/tmp/malware_cleaner_progress_17626545029309096.json --csv_result=/tmp/revisium_csvfile_17626545029309270.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50000 SEQ=1 Nov 9 07:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.210 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=108 ID=5761 DF PROTO=ICMP TYPE=8 CODE=0 ID=36386 SEQ=38587 Nov 9 07:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8673 SEQ=1 Nov 9 07:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42257 SEQ=1 Nov 9 07:45:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=138.197.16.14 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=42926 PROTO=TCP SPT=60008 DPT=9081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:45:06 server83 dhclient[31360]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x56e0beb8) Nov 9 07:45:09 server83 aibolit_wrapper[32097]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545091255882.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545091257232.txt --log=/tmp/malware_cleaner_log_17626545091258836.txt --progress=/tmp/malware_cleaner_progress_17626545091258342.json --csv_result=/tmp/revisium_csvfile_17626545091258556.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:45:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:45:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.149.45 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21401 PROTO=TCP SPT=52009 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52232 DF PROTO=TCP SPT=96 DPT=23130 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:45:13 server83 dhclient[31360]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x56e0beb8) Nov 9 07:45:14 server83 pam_imunify_daemon.bin: time="2025-11-09T07:45:14+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 07:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.7 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56264 DPT=45713 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:45:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10489 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10490 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:17 server83 letsencrypt.live.cgi: time="2025-11-09T07:45:17+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dadkenson WantedNames="[]" Nov 9 07:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10491 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57099 PROTO=TCP SPT=49956 DPT=26873 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10492 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34233 SEQ=1 Nov 9 07:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37730 SEQ=1 Nov 9 07:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40368 SEQ=1 Nov 9 07:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34233 SEQ=1 Nov 9 07:45:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42457 PROTO=TCP SPT=45727 DPT=34719 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12495 SEQ=1 Nov 9 07:45:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3600 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2952 DF PROTO=TCP SPT=47324 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.132 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50415 DPT=23443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31239 SEQ=1 Nov 9 07:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10493 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10939 SEQ=1 Nov 9 07:45:32 server83 dhclient[31360]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x56e0beb8) Nov 9 07:45:33 server83 letsencrypt.live.cgi: time="2025-11-09T07:45:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bizpos WantedNames="[]" Nov 9 07:45:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.216 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=40997 PROTO=TCP SPT=54118 DPT=9443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6191 SEQ=1 Nov 9 07:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31802 SEQ=1 Nov 9 07:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27338 SEQ=1 Nov 9 07:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24005 SEQ=1 Nov 9 07:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27338 SEQ=1 Nov 9 07:45:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=56418 DPT=1010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:45:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41258 PROTO=TCP SPT=45727 DPT=31957 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:43 server83 dhclient[31360]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x56e0beb8) Nov 9 07:45:44 server83 NetworkManager[922]: <warn> [1762654544.4391] dhcp4 (eth1): request timed out Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4391] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4551] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31360 Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4551] dhcp4 (eth1): state changed timeout -> done Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4553] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:45:44 server83 NetworkManager[922]: <warn> [1762654544.4556] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4558] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4588] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4590] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4591] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4594] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4603] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4605] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:45:44 server83 NetworkManager[922]: <info> [1762654544.4614] dhcp4 (eth1): dhclient started with pid 613 Nov 9 07:45:44 server83 dhclient[613]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x17a98650) Nov 9 07:45:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53102 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:45:45 server83 PAM-hulk[625]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 07:45:45 server83 aibolit_wrapper[661]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545458869476.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545458870852.txt --log=/tmp/malware_cleaner_log_17626545458872206.txt --progress=/tmp/malware_cleaner_progress_17626545458871874.json --csv_result=/tmp/revisium_csvfile_17626545458872018.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:45:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10494 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:49 server83 letsencrypt.live.cgi: time="2025-11-09T07:45:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vps1rnassociate WantedNames="[]" Nov 9 07:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44187 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49570 SEQ=1 Nov 9 07:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11750 SEQ=1 Nov 9 07:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44188 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27620 PROTO=TCP SPT=53687 DPT=14866 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:50 server83 dhclient[613]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x17a98650) Nov 9 07:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3407 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44189 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.39 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=46871 PROTO=TCP SPT=37710 DPT=13568 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:45:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20501 PROTO=TCP SPT=49956 DPT=29865 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:45:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44190 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:45:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:45:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=34.122.156.88 DST=51.210.113.204 LEN=71 TOS=0x00 PREC=0x00 TTL=48 ID=58195 DF PROTO=UDP SPT=15907 DPT=8083 LEN=51 Nov 9 07:46:01 server83 aibolit_wrapper[1191]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545612133462.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545612135114.txt --log=/tmp/malware_cleaner_log_17626545612136714.txt --progress=/tmp/malware_cleaner_progress_17626545612136312.json --csv_result=/tmp/revisium_csvfile_17626545612136504.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:46:01 server83 systemd: Started Session 308586 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308587 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308588 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308590 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308591 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308589 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308592 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308594 of user root. Nov 9 07:46:01 server83 systemd: Started Session 308593 of user root. Nov 9 07:46:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59132 PROTO=TCP SPT=46182 DPT=6355 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13990 SEQ=1 Nov 9 07:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44855 SEQ=1 Nov 9 07:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52535 SEQ=1 Nov 9 07:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28415 SEQ=1 Nov 9 07:46:03 server83 dhclient[613]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x17a98650) Nov 9 07:46:04 server83 letsencrypt.live.cgi: time="2025-11-09T07:46:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bharadwaj WantedNames="[]" Nov 9 07:46:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7075 PROTO=TCP SPT=57143 DPT=8608 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44191 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57115 SEQ=1 Nov 9 07:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62044 SEQ=1 Nov 9 07:46:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41583 PROTO=TCP SPT=45727 DPT=30680 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7075 PROTO=TCP SPT=57143 DPT=8608 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44191 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57115 SEQ=1 Nov 9 07:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62044 SEQ=1 Nov 9 07:46:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41583 PROTO=TCP SPT=45727 DPT=30680 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:10 server83 dhclient[613]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x17a98650) Nov 9 07:46:10 server83 rsyslogd: imjournal: journal reloaded... [v8.24.0-57.el7_9.3 try http://www.rsyslog.com/e/0 ] Nov 9 07:46:10 server83 rsyslogd: imjournal: journal reloaded... [v8.24.0-57.el7_9.3 try http://www.rsyslog.com/e/0 ] Nov 9 07:46:11 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 07:46:11 server83 systemd: Stopped Status Update Service. Nov 9 07:46:11 server83 systemd: Started Status Update Service. Nov 9 07:46:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5092 PROTO=TCP SPT=46370 DPT=2384 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=31672 PROTO=TCP SPT=47238 DPT=22220 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=53270 PROTO=TCP SPT=47238 DPT=38965 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3599 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3406 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10495 DF PROTO=TCP SPT=38556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44192 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:21 server83 letsencrypt.live.cgi: time="2025-11-09T07:46:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hostlong WantedNames="[]" Nov 9 07:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29164 SEQ=1 Nov 9 07:46:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:46:21 server83 dhclient[613]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x17a98650) Nov 9 07:46:22 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.246 DST=51.210.113.204 LEN=130 TOS=0x00 PREC=0x00 TTL=35 ID=50006 PROTO=UDP SPT=40121 DPT=51980 LEN=110 Nov 9 07:46:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=58668 DF PROTO=ICMP TYPE=8 CODE=0 ID=15778 SEQ=6261 Nov 9 07:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43920 SEQ=1 Nov 9 07:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43920 SEQ=1 Nov 9 07:46:25 server83 aibolit_wrapper[1746]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545854498140.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545854499488.txt --log=/tmp/malware_cleaner_log_17626545854500576.txt --progress=/tmp/malware_cleaner_progress_17626545854500272.json --csv_result=/tmp/revisium_csvfile_17626545854500404.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:46:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=14.116.219.149 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=33187 PROTO=TCP SPT=51265 DPT=2375 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:29 server83 NetworkManager[922]: <warn> [1762654589.4493] dhcp4 (eth1): request timed out Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4493] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4653] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 613 Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4653] dhcp4 (eth1): state changed timeout -> done Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4656] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:46:29 server83 NetworkManager[922]: <warn> [1762654589.4661] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4663] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4696] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4700] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4701] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4706] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4717] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4721] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:46:29 server83 NetworkManager[922]: <info> [1762654589.4734] dhcp4 (eth1): dhclient started with pid 1863 Nov 9 07:46:29 server83 dhclient[1863]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x50c4f8ce) Nov 9 07:46:29 server83 aibolit_wrapper[1872]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545896976200.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545896977040.txt --log=/tmp/malware_cleaner_log_17626545896977792.txt --progress=/tmp/malware_cleaner_progress_17626545896977590.json --csv_result=/tmp/revisium_csvfile_17626545896977690.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48858 DF PROTO=TCP SPT=40360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48859 DF PROTO=TCP SPT=40360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:32 server83 dhclient[1863]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x50c4f8ce) Nov 9 07:46:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48860 DF PROTO=TCP SPT=40360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51867 PROTO=TCP SPT=46370 DPT=1639 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:34 server83 aibolit_wrapper[1965]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626545940049180.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626545940050436.txt --log=/tmp/malware_cleaner_log_17626545940051938.txt --progress=/tmp/malware_cleaner_progress_17626545940051608.json --csv_result=/tmp/revisium_csvfile_17626545940051766.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:46:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=29335 PROTO=TCP SPT=56033 DPT=7701 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:35 server83 pam_imunify_daemon.bin: time="2025-11-09T07:46:35+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42752 SEQ=1 Nov 9 07:46:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=15417 PROTO=TCP SPT=20723 DPT=2241 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8300 SEQ=1 Nov 9 07:46:36 server83 letsencrypt.live.cgi: time="2025-11-09T07:46:36+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=websnapi WantedNames="[]" error="Account is suspended" Nov 9 07:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9450 SEQ=1 Nov 9 07:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48861 DF PROTO=TCP SPT=40360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45999 SEQ=1 Nov 9 07:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50062 SEQ=1 Nov 9 07:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3405 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:38 server83 dhclient[1863]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x50c4f8ce) Nov 9 07:46:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32245 SEQ=1 Nov 9 07:46:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:46:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3598 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11384 PROTO=TCP SPT=45727 DPT=34489 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2044 PROTO=TCP SPT=43457 DPT=2470 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.188.206.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39764 PROTO=TCP SPT=40590 DPT=47000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=25142 PROTO=TCP SPT=56185 DPT=7910 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:46:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:46:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.4 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=61542 PROTO=TCP SPT=26200 DPT=12277 WINDOW=20177 RES=0x00 SYN URGP=0 Nov 9 07:46:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.161 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55386 DPT=3010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:46:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47996 PROTO=TCP SPT=63311 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:46:49 server83 dhclient[1863]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x50c4f8ce) Nov 9 07:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45643 SEQ=1 Nov 9 07:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32873 SEQ=1 Nov 9 07:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22690 PROTO=TCP SPT=46540 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:46:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:46:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pcmpcm WantedNames="[]" Nov 9 07:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44193 DF PROTO=TCP SPT=38206 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:46:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45339 SEQ=1 Nov 9 07:46:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52381 SEQ=1 Nov 9 07:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22694 PROTO=TCP SPT=46540 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:47:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:47:01 server83 systemd: Started Session 308600 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308596 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308599 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308601 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308595 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308602 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308597 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308598 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308603 of user root. Nov 9 07:47:01 server83 systemd: Started Session 308604 of user root. Nov 9 07:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48863 DF PROTO=TCP SPT=40360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52082 PROTO=TCP SPT=53805 DPT=4475 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27177 SEQ=1 Nov 9 07:47:03 server83 dhclient[1863]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x50c4f8ce) Nov 9 07:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9352 SEQ=1 Nov 9 07:47:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=581 PROTO=TCP SPT=51370 DPT=2222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:47:07 server83 letsencrypt.live.cgi: time="2025-11-09T07:47:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=interlinkfinexpr WantedNames="[]" Nov 9 07:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51918 SEQ=1 Nov 9 07:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45118 SEQ=1 Nov 9 07:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27341 SEQ=1 Nov 9 07:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51918 SEQ=1 Nov 9 07:47:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40878 PROTO=TCP SPT=44990 DPT=4602 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=15099 PROTO=TCP SPT=56033 DPT=7703 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:47:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3404 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:47:14 server83 NetworkManager[922]: <warn> [1762654634.4426] dhcp4 (eth1): request timed out Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4427] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4505] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1863 Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4506] dhcp4 (eth1): state changed timeout -> done Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4508] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:47:14 server83 NetworkManager[922]: <warn> [1762654634.4514] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4516] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4550] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4554] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4555] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4559] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4570] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4573] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:47:14 server83 NetworkManager[922]: <info> [1762654634.4586] dhcp4 (eth1): dhclient started with pid 2917 Nov 9 07:47:14 server83 dhclient[2917]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x81f65d6) Nov 9 07:47:21 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:47:22 server83 dhclient[2917]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x81f65d6) Nov 9 07:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61815 SEQ=1 Nov 9 07:47:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.23 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=2443 PROTO=TCP SPT=53276 DPT=10370 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52205 SEQ=1 Nov 9 07:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14220 SEQ=1 Nov 9 07:47:23 server83 letsencrypt.live.cgi: time="2025-11-09T07:47:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=baronmachinesint WantedNames="[]" Nov 9 07:47:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=8630 DPT=8081 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:47:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.61 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49864 DPT=6443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:47:30 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 07:47:31 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=217.76.54.225 DST=51.210.113.204 LEN=120 TOS=0x00 PREC=0x00 TTL=48 ID=3970 DF PROTO=UDP SPT=51561 DPT=8080 LEN=100 Nov 9 07:47:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14691 SEQ=1 Nov 9 07:47:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13247 SEQ=1 Nov 9 07:47:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41735 SEQ=1 Nov 9 07:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20696 SEQ=1 Nov 9 07:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31938 SEQ=1 Nov 9 07:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48864 DF PROTO=TCP SPT=40360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 07:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.182 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53555 DPT=18728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:47:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=57932 DPT=8008 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:47:37 server83 dhclient[2917]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x81f65d6) Nov 9 07:47:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52802 DPT=11497 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14691 SEQ=1 Nov 9 07:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=58388 DF PROTO=ICMP TYPE=8 CODE=0 ID=49556 SEQ=15698 Nov 9 07:47:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=27623 DPT=888 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17130 SEQ=1 Nov 9 07:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31946 SEQ=1 Nov 9 07:47:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:47:39 server83 letsencrypt.live.cgi: time="2025-11-09T07:47:39+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ansh3d WantedNames="[]" error="Account is suspended" Nov 9 07:47:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59774 DPT=4081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:39 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:47:39 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:47:39 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:47:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=26554 DPT=81 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:47:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=22917 DPT=8080 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:47:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=50864 DPT=8880 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:47:46 server83 dhclient[2917]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x81f65d6) Nov 9 07:47:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=13218 PROTO=TCP SPT=52729 DPT=18728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19870 SEQ=1 Nov 9 07:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56708 SEQ=1 Nov 9 07:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19870 SEQ=1 Nov 9 07:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56708 SEQ=1 Nov 9 07:47:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=57622 PROTO=TCP SPT=46205 DPT=18728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6560 SEQ=1 Nov 9 07:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24382 SEQ=1 Nov 9 07:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9366 SEQ=1 Nov 9 07:47:54 server83 letsencrypt.live.cgi: time="2025-11-09T07:47:54+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=feelmzone WantedNames="[]" error="Account is suspended" Nov 9 07:47:55 server83 pam_imunify_daemon.bin: time="2025-11-09T07:47:55+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:47:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.186 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44845 DPT=4081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:47:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=37091 PROTO=TCP SPT=50288 DPT=5226 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:47:59 server83 NetworkManager[922]: <warn> [1762654679.4394] dhcp4 (eth1): request timed out Nov 9 07:47:59 server83 NetworkManager[922]: <info> [1762654679.4394] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:47:59 server83 NetworkManager[922]: <info> [1762654679.4554] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2917 Nov 9 07:47:59 server83 NetworkManager[922]: <info> [1762654679.4554] dhcp4 (eth1): state changed timeout -> done Nov 9 07:47:59 server83 NetworkManager[922]: <info> [1762654679.4557] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:47:59 server83 NetworkManager[922]: <warn> [1762654679.4562] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:47:59 server83 NetworkManager[922]: <info> [1762654679.4564] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:48:01 server83 systemd: Started Session 308607 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308606 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308608 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308609 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308605 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308610 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308611 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308612 of user root. Nov 9 07:48:01 server83 systemd: Started Session 308613 of user root. Nov 9 07:48:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=14050 PROTO=TCP SPT=30222 DPT=22722 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17282 SEQ=1 Nov 9 07:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3561 SEQ=1 Nov 9 07:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12408 SEQ=1 Nov 9 07:48:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63959 SEQ=1 Nov 9 07:48:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2405 SEQ=1 Nov 9 07:48:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45951 PROTO=TCP SPT=52076 DPT=4367 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60127 SEQ=1 Nov 9 07:48:09 server83 letsencrypt.live.cgi: time="2025-11-09T07:48:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=abhaybal WantedNames="[]" Nov 9 07:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43504 SEQ=1 Nov 9 07:48:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:48:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47257 PROTO=TCP SPT=46370 DPT=1682 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:48:18 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 07:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 07:48:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14691 PROTO=TCP SPT=46370 DPT=2736 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10442 SEQ=1 Nov 9 07:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50889 SEQ=1 Nov 9 07:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10442 SEQ=1 Nov 9 07:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44776 SEQ=1 Nov 9 07:48:25 server83 letsencrypt.live.cgi: time="2025-11-09T07:48:25+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=drchulhachimney WantedNames="[]" error="Account is suspended" Nov 9 07:48:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5552 PROTO=TCP SPT=46370 DPT=1200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36902 SEQ=1 Nov 9 07:48:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.192 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=639 PROTO=TCP SPT=49239 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6290 SEQ=1 Nov 9 07:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=47835 DF PROTO=ICMP TYPE=8 CODE=0 ID=32855 SEQ=36499 Nov 9 07:48:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.56 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55758 PROTO=TCP SPT=48134 DPT=3671 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8308 SEQ=1 Nov 9 07:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42696 SEQ=1 Nov 9 07:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8308 SEQ=1 Nov 9 07:48:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.0 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=49030 DF PROTO=TCP SPT=31647 DPT=8200 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:48:40 server83 letsencrypt.live.cgi: time="2025-11-09T07:48:40+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=veethika WantedNames="[]" error="Account is suspended" Nov 9 07:48:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62156 PROTO=TCP SPT=45727 DPT=32567 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:48:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:48:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48188 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:48:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.230 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=21366 PROTO=TCP SPT=53028 DPT=43954 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22749 SEQ=1 Nov 9 07:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49335 SEQ=1 Nov 9 07:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61782 SEQ=1 Nov 9 07:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14558 SEQ=1 Nov 9 07:48:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57149 SEQ=1 Nov 9 07:48:55 server83 letsencrypt.live.cgi: time="2025-11-09T07:48:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vdpvtiti WantedNames="[]" Nov 9 07:48:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24756 PROTO=TCP SPT=48824 DPT=7919 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:01 server83 systemd: Started Session 308615 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308614 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308616 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308618 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308619 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308620 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308617 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308622 of user root. Nov 9 07:49:01 server83 systemd: Started Session 308621 of user root. Nov 9 07:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38653 SEQ=1 Nov 9 07:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10295 SEQ=1 Nov 9 07:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=50561 PROTO=TCP SPT=54744 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:49:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21358 PROTO=TCP SPT=34762 DPT=8407 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5738 SEQ=1 Nov 9 07:49:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=2602 PROTO=TCP SPT=54744 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23671 SEQ=1 Nov 9 07:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5738 SEQ=1 Nov 9 07:49:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:49:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:49:11 server83 letsencrypt.live.cgi: time="2025-11-09T07:49:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=efillingonline WantedNames="[]" Nov 9 07:49:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.183.47.176 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=48686 PROTO=TCP SPT=61001 DPT=1912 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.110 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=60036 PROTO=TCP SPT=50837 DPT=43211 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.98.152.33 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=177 PROTO=TCP SPT=33218 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.102.117.55 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=50777 PROTO=TCP SPT=59502 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=134.199.197.132 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=54770 DPT=3390 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58269 PROTO=TCP SPT=45727 DPT=32755 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:49:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=15064 PROTO=TCP SPT=54744 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:49:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15621 PROTO=TCP SPT=45727 DPT=30009 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7033 SEQ=1 Nov 9 07:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39964 SEQ=1 Nov 9 07:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1909 SEQ=1 Nov 9 07:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8192 SEQ=1 Nov 9 07:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41640 SEQ=1 Nov 9 07:49:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.242 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55224 DPT=48598 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:26 server83 letsencrypt.live.cgi: time="2025-11-09T07:49:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shriradhekunj WantedNames="[]" Nov 9 07:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=62039 DF PROTO=ICMP TYPE=8 CODE=0 ID=21184 SEQ=40958 Nov 9 07:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7069 SEQ=1 Nov 9 07:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60667 SEQ=1 Nov 9 07:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54451 SEQ=1 Nov 9 07:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60667 SEQ=1 Nov 9 07:49:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=38574 PROTO=TCP SPT=21679 DPT=8252 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14979 SEQ=1 Nov 9 07:49:40 server83 pam_imunify_daemon.bin: time="2025-11-09T07:49:40+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:49:42 server83 letsencrypt.live.cgi: time="2025-11-09T07:49:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=braylong WantedNames="[]" Nov 9 07:49:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:49:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.108 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50162 DPT=802 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:49:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47174 SEQ=1 Nov 9 07:49:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17279 SEQ=1 Nov 9 07:49:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12418 SEQ=1 Nov 9 07:49:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29179 SEQ=1 Nov 9 07:49:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56827 PROTO=TCP SPT=43739 DPT=2567 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:49:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17630 PROTO=TCP SPT=52229 DPT=9643 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:49:58 server83 letsencrypt.live.cgi: time="2025-11-09T07:49:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=slams WantedNames="[]" Nov 9 07:50:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.140.188 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=44 ID=0 DF PROTO=TCP SPT=38533 DPT=6008 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:01 server83 systemd: Started Session 308623 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308624 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308626 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308627 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308631 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308629 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308628 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308630 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308633 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308632 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308635 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308638 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308639 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308636 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308640 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308634 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308625 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308637 of user root. Nov 9 07:50:01 server83 systemd: Started Session 308641 of user root. Nov 9 07:50:01 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 07:50:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35714 SEQ=1 Nov 9 07:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55281 SEQ=1 Nov 9 07:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51030 SEQ=1 Nov 9 07:50:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36140 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28291 SEQ=1 Nov 9 07:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9874 SEQ=1 Nov 9 07:50:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12581 DF PROTO=TCP SPT=55667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12582 DF PROTO=TCP SPT=55667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12583 DF PROTO=TCP SPT=55667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49675 PROTO=TCP SPT=37143 DPT=4671 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.187.178.28 DST=145.239.177.179 LEN=66 TOS=0x00 PREC=0x00 TTL=43 ID=32163 DF PROTO=UDP SPT=13185 DPT=5991 LEN=46 Nov 9 07:50:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43151 PROTO=TCP SPT=57143 DPT=8603 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4347 SEQ=1 Nov 9 07:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61913 SEQ=1 Nov 9 07:50:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12584 DF PROTO=TCP SPT=55667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29193 SEQ=1 Nov 9 07:50:18 server83 letsencrypt.live.cgi: time="2025-11-09T07:50:18+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=wgmbonline WantedNames="[]" error="Account is suspended" Nov 9 07:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=385 SEQ=1 Nov 9 07:50:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4962 PROTO=TCP SPT=49956 DPT=26614 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12585 DF PROTO=TCP SPT=55948 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3597 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47022 PROTO=TCP SPT=45727 DPT=31584 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12586 DF PROTO=TCP SPT=55948 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12587 DF PROTO=TCP SPT=55667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12588 DF PROTO=TCP SPT=55948 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:26 server83 scripts.sh: Sun Nov 9 07:50:26 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:50:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:50:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39455 PROTO=TCP SPT=53789 DPT=45443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12589 DF PROTO=TCP SPT=55948 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49552 DPT=3629 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29183 SEQ=1 Nov 9 07:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28631 SEQ=1 Nov 9 07:50:33 server83 letsencrypt.live.cgi: time="2025-11-09T07:50:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=saikripadharmtru WantedNames="[]" Nov 9 07:50:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12590 DF PROTO=TCP SPT=55948 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48986 SEQ=1 Nov 9 07:50:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=36064 PROTO=TCP SPT=40870 DPT=5243 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53973 SEQ=1 Nov 9 07:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7444 SEQ=1 Nov 9 07:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7444 SEQ=1 Nov 9 07:50:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37235 PROTO=TCP SPT=46370 DPT=1135 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.11.247 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=6448 DF PROTO=TCP SPT=38697 DPT=25629 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:50:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:50:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3596 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40600 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57214 PROTO=TCP SPT=49956 DPT=25001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:50:48 server83 letsencrypt.live.cgi: time="2025-11-09T07:50:48+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ratingo WantedNames="[]" error="Account is suspended" Nov 9 07:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25637 SEQ=1 Nov 9 07:50:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.81.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=40932 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52332 SEQ=1 Nov 9 07:50:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40267 SEQ=1 Nov 9 07:50:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25637 SEQ=1 Nov 9 07:50:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.187.178.55 DST=51.210.113.204 LEN=66 TOS=0x08 PREC=0x40 TTL=43 ID=40145 DF PROTO=UDP SPT=13185 DPT=5991 LEN=46 Nov 9 07:50:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12591 DF PROTO=TCP SPT=56842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12592 DF PROTO=TCP SPT=56842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=34010 DPT=888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:50:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12593 DF PROTO=TCP SPT=56842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:50:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45755 PROTO=TCP SPT=43457 DPT=2642 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:51:01 server83 systemd: Started Session 308643 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308642 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308645 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308646 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308647 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308648 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308649 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308644 of user root. Nov 9 07:51:01 server83 systemd: Started Session 308650 of user root. Nov 9 07:51:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52015 PROTO=TCP SPT=50003 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12594 DF PROTO=TCP SPT=56842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40879 SEQ=1 Nov 9 07:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18987 SEQ=1 Nov 9 07:51:04 server83 letsencrypt.live.cgi: time="2025-11-09T07:51:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fasttrackdispatc WantedNames="[]" Nov 9 07:51:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:51:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3595 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1187 SEQ=1 Nov 9 07:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58021 SEQ=1 Nov 9 07:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44497 SEQ=1 Nov 9 07:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42100 SEQ=1 Nov 9 07:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18987 SEQ=1 Nov 9 07:51:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12595 DF PROTO=TCP SPT=56842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:51:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3403 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:51:19 server83 letsencrypt.live.cgi: time="2025-11-09T07:51:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mariolucasdme WantedNames="[]" Nov 9 07:51:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57052 SEQ=1 Nov 9 07:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1506 SEQ=1 Nov 9 07:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23697 SEQ=1 Nov 9 07:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57052 SEQ=1 Nov 9 07:51:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.199 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55110 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.134.89 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=39 ID=4851 DF PROTO=TCP SPT=40505 DPT=7871 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:51:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=16916 PROTO=TCP SPT=53762 DPT=10444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:51:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.163.13.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=51719 DPT=5632 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38565 SEQ=1 Nov 9 07:51:35 server83 letsencrypt.live.cgi: time="2025-11-09T07:51:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rbcroyal WantedNames="[]" Nov 9 07:51:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.104.195 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=47309 DPT=8084 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.128 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=52914 DPT=14344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52372 PROTO=TCP SPT=53730 DPT=9758 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3594 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48583 SEQ=1 Nov 9 07:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19920 SEQ=1 Nov 9 07:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15674 SEQ=1 Nov 9 07:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34369 SEQ=1 Nov 9 07:51:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=59649 PROTO=TCP SPT=52773 DPT=669 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:51:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=19714 PROTO=TCP SPT=53762 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:51:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:51:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.156 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=46708 DF PROTO=TCP SPT=37394 DPT=830 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:51:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:51:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.238 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=26110 PROTO=TCP SPT=13943 DPT=15816 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1382 SEQ=1 Nov 9 07:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41092 SEQ=1 Nov 9 07:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43118 SEQ=1 Nov 9 07:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22432 SEQ=1 Nov 9 07:51:51 server83 letsencrypt.live.cgi: time="2025-11-09T07:51:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tradingviewit WantedNames="[]" Nov 9 07:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41092 SEQ=1 Nov 9 07:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28126 SEQ=1 Nov 9 07:51:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12596 DF PROTO=TCP SPT=58342 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:51:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=3066 PROTO=TCP SPT=32982 DPT=16113 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.189 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52176 DPT=46498 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12597 DF PROTO=TCP SPT=58342 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:51:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12598 DF PROTO=TCP SPT=58342 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:52:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12599 DF PROTO=TCP SPT=58342 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:52:01 server83 systemd: Started Session 308651 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308652 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308654 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308655 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308653 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308657 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308656 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308658 of user root. Nov 9 07:52:01 server83 systemd: Started Session 308659 of user root. Nov 9 07:52:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4971 SEQ=1 Nov 9 07:52:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17158 SEQ=1 Nov 9 07:52:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26740 SEQ=1 Nov 9 07:52:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17158 SEQ=1 Nov 9 07:52:06 server83 letsencrypt.live.cgi: time="2025-11-09T07:52:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=smartdispatch WantedNames="[]" Nov 9 07:52:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55566 SEQ=1 Nov 9 07:52:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54050 DPT=9552 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:52:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47866 PROTO=TCP SPT=45727 DPT=31450 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:52:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12600 DF PROTO=TCP SPT=58342 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:52:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.221.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35348 DPT=14344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:52:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.11 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9669 DF PROTO=TCP SPT=39585 DPT=2339 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:52:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60654 SEQ=1 Nov 9 07:52:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48291 SEQ=1 Nov 9 07:52:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2211 SEQ=1 Nov 9 07:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60376 SEQ=1 Nov 9 07:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19751 SEQ=1 Nov 9 07:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48291 SEQ=1 Nov 9 07:52:22 server83 letsencrypt.live.cgi: time="2025-11-09T07:52:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=accountant WantedNames="[]" Nov 9 07:52:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:52:28 server83 pam_imunify_daemon.bin: time="2025-11-09T07:52:28+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 07:52:34 server83 systemd: Started Session c2850 of user root. Nov 9 07:52:34 server83 scripts.sh: Load Average: 2.85 , 3.35 Nov 9 07:52:34 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 07:52:34 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 07:52:34 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 07:52:34 server83 scripts.sh: HTTPD Status: inactive Nov 9 07:52:34 server83 scripts.sh: MySQL Status: active Nov 9 07:52:34 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 07:52:34 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 07:52:34 server83 scripts.sh: SSHD Status: active Nov 9 07:52:34 server83 scripts.sh: FTP Status: active Nov 9 07:52:34 server83 scripts.sh: LiteSpeed Status: Active Nov 9 07:52:34 server83 scripts.sh: Imunify Status: Active Nov 9 07:52:34 server83 scripts.sh: cPanel Status: active Nov 9 07:52:34 server83 scripts.sh: Memory Status: 12/31 GB - 40.22% Nov 9 07:52:34 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 07:52:34 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 07:52:34 server83 scripts.sh: Local Version: 4.4.5 Nov 9 07:52:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30060 SEQ=1 Nov 9 07:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60052 SEQ=1 Nov 9 07:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13463 SEQ=1 Nov 9 07:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19906 SEQ=1 Nov 9 07:52:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8458 PROTO=TCP SPT=56949 DPT=8522 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2476 SEQ=1 Nov 9 07:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19100 SEQ=1 Nov 9 07:52:37 server83 letsencrypt.live.cgi: time="2025-11-09T07:52:37+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=ramatourandtrave WantedNames="[]" error="Account is suspended" Nov 9 07:52:38 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:52:38 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:52:38 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:52:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.121.84.50 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40494 DPT=8008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:52:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.120.250 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=36436 DPT=555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:52:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54771 SEQ=1 Nov 9 07:52:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=14815 PROTO=TCP SPT=56256 DPT=8007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:52:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3631 SEQ=1 Nov 9 07:52:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26315 SEQ=1 Nov 9 07:52:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.148.140 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=7740 DF PROTO=TCP SPT=38666 DPT=15740 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54771 SEQ=1 Nov 9 07:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27164 SEQ=1 Nov 9 07:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3631 SEQ=1 Nov 9 07:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=667 SEQ=1 Nov 9 07:52:52 server83 letsencrypt.live.cgi: time="2025-11-09T07:52:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fastvaultcourier WantedNames="[]" Nov 9 07:52:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.225.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55109 DPT=8989 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4456] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4462] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4463] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4466] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4477] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4479] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:52:59 server83 NetworkManager[922]: <info> [1762654979.4491] dhcp4 (eth1): dhclient started with pid 11765 Nov 9 07:52:59 server83 dhclient[11765]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x2502eb95) Nov 9 07:53:01 server83 systemd: Started Session 308660 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308662 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308661 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308663 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308664 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308665 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308666 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308667 of user root. Nov 9 07:53:01 server83 systemd: Started Session 308668 of user root. Nov 9 07:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:53:02 server83 dhclient[11765]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2502eb95) Nov 9 07:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60947 SEQ=1 Nov 9 07:53:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62761 SEQ=1 Nov 9 07:53:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62827 SEQ=1 Nov 9 07:53:08 server83 letsencrypt.live.cgi: time="2025-11-09T07:53:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ukgloballogistic WantedNames="[]" Nov 9 07:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34174 SEQ=1 Nov 9 07:53:10 server83 dhclient[11765]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x2502eb95) Nov 9 07:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42839 PROTO=TCP SPT=46370 DPT=3135 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=51470 PROTO=TCP SPT=21679 DPT=32566 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:53:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:53:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.46.135.182 DST=51.210.113.204 LEN=1004 TOS=0x08 PREC=0x20 TTL=42 ID=60856 DF PROTO=UDP SPT=22640 DPT=5060 LEN=984 Nov 9 07:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51813 SEQ=1 Nov 9 07:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51813 SEQ=1 Nov 9 07:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32815 SEQ=1 Nov 9 07:53:24 server83 letsencrypt.live.cgi: time="2025-11-09T07:53:24+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=winggosoft WantedNames="[]" error="Account is suspended" Nov 9 07:53:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61811 SEQ=1 Nov 9 07:53:25 server83 dhclient[11765]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2502eb95) Nov 9 07:53:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34607 PROTO=TCP SPT=48155 DPT=4089 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38158 SEQ=1 Nov 9 07:53:32 server83 dhclient[11765]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x2502eb95) Nov 9 07:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25768 SEQ=1 Nov 9 07:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33180 SEQ=1 Nov 9 07:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=18741 DF PROTO=ICMP TYPE=8 CODE=0 ID=34999 SEQ=23600 Nov 9 07:53:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27135 SEQ=1 Nov 9 07:53:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.129.139.103 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36762 DF PROTO=ICMP TYPE=8 CODE=0 ID=43095 SEQ=3306 Nov 9 07:53:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42034 SEQ=1 Nov 9 07:53:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:53:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:53:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:53:38 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 07:53:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3402 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:53:39 server83 letsencrypt.live.cgi: time="2025-11-09T07:53:39+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=rkxiserviceindel WantedNames="[]" error="Account is suspended" Nov 9 07:53:44 server83 NetworkManager[922]: <warn> [1762655024.4413] dhcp4 (eth1): request timed out Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4413] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4572] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11765 Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4573] dhcp4 (eth1): state changed timeout -> done Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4574] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:53:44 server83 NetworkManager[922]: <warn> [1762655024.4577] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4578] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4606] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4608] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4608] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4610] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4619] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4620] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:53:44 server83 NetworkManager[922]: <info> [1762655024.4631] dhcp4 (eth1): dhclient started with pid 12871 Nov 9 07:53:44 server83 dhclient[12871]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x1a48b293) Nov 9 07:53:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.60 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=59320 DPT=5550 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:53:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:53:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23422 SEQ=1 Nov 9 07:53:47 server83 dhclient[12871]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1a48b293) Nov 9 07:53:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:53:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.254.155.21 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=35183 DF PROTO=TCP SPT=36207 DPT=4002 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 07:53:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34412 SEQ=1 Nov 9 07:53:54 server83 dhclient[12871]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1a48b293) Nov 9 07:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34412 SEQ=1 Nov 9 07:53:54 server83 letsencrypt.live.cgi: time="2025-11-09T07:53:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cyberz WantedNames="[]" Nov 9 07:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28807 SEQ=1 Nov 9 07:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26780 SEQ=1 Nov 9 07:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.176 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=14704 PROTO=TCP SPT=8657 DPT=6513 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:53:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.172 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54740 DPT=45992 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:54:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.183.202.223 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=47082 PROTO=TCP SPT=61012 DPT=8080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:54:01 server83 systemd: Started Session 308669 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308672 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308670 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308673 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308671 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308676 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308675 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308677 of user root. Nov 9 07:54:01 server83 systemd: Started Session 308674 of user root. Nov 9 07:54:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56843 PROTO=TCP SPT=56698 DPT=8210 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39684 SEQ=1 Nov 9 07:54:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29426 SEQ=1 Nov 9 07:54:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50514 SEQ=1 Nov 9 07:54:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=8669 PROTO=TCP SPT=55975 DPT=7618 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29426 SEQ=1 Nov 9 07:54:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3089 PROTO=TCP SPT=46189 DPT=9050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:54:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.165.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=35083 DPT=8989 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:54:06 server83 dhclient[12871]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x1a48b293) Nov 9 07:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35854 SEQ=1 Nov 9 07:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50270 SEQ=1 Nov 9 07:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48773 SEQ=1 Nov 9 07:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26345 SEQ=1 Nov 9 07:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40240 SEQ=1 Nov 9 07:54:10 server83 letsencrypt.live.cgi: time="2025-11-09T07:54:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=navajyot WantedNames="[]" Nov 9 07:54:11 server83 pam_imunify_daemon.bin: time="2025-11-09T07:54:11+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:54:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.85.84.75 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21936 PROTO=TCP SPT=51203 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.138.163.202 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61301 PROTO=TCP SPT=45432 DPT=8873 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50279 SEQ=1 Nov 9 07:54:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=4816 DF PROTO=ICMP TYPE=8 CODE=0 ID=12065 SEQ=8147 Nov 9 07:54:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:54:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35923 SEQ=1 Nov 9 07:54:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.97 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59573 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26781 SEQ=1 Nov 9 07:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35923 SEQ=1 Nov 9 07:54:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.61 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51826 DPT=46903 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6124 SEQ=1 Nov 9 07:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50279 SEQ=1 Nov 9 07:54:23 server83 dhclient[12871]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x1a48b293) Nov 9 07:54:25 server83 letsencrypt.live.cgi: time="2025-11-09T07:54:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=courwite WantedNames="[]" Nov 9 07:54:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39944 PROTO=TCP SPT=49120 DPT=3396 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15202 PROTO=TCP SPT=49956 DPT=29252 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:54:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:54:29 server83 NetworkManager[922]: <warn> [1762655069.4506] dhcp4 (eth1): request timed out Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4506] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4585] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12871 Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4585] dhcp4 (eth1): state changed timeout -> done Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4587] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:54:29 server83 NetworkManager[922]: <warn> [1762655069.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4621] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4623] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4624] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4626] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4635] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4637] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:54:29 server83 NetworkManager[922]: <info> [1762655069.4647] dhcp4 (eth1): dhclient started with pid 14170 Nov 9 07:54:29 server83 dhclient[14170]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x59bf1e6c) Nov 9 07:54:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26095 PROTO=TCP SPT=46370 DPT=2517 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:54:33 server83 dhclient[14170]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x59bf1e6c) Nov 9 07:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5565 SEQ=1 Nov 9 07:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45749 SEQ=1 Nov 9 07:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44508 SEQ=1 Nov 9 07:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65191 SEQ=1 Nov 9 07:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39924 SEQ=1 Nov 9 07:54:37 server83 dhclient[14170]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x59bf1e6c) Nov 9 07:54:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44508 SEQ=1 Nov 9 07:54:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.80.115 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=1180 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:54:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15901 SEQ=1 Nov 9 07:54:41 server83 letsencrypt.live.cgi: time="2025-11-09T07:54:41+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crmjournal WantedNames="[]" Nov 9 07:54:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.60 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=57743 DPT=5600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:54:45 server83 dhclient[14170]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x59bf1e6c) Nov 9 07:54:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:54:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26930 SEQ=1 Nov 9 07:54:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24772 PROTO=TCP SPT=50288 DPT=47332 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:54:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19011 SEQ=1 Nov 9 07:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19011 SEQ=1 Nov 9 07:54:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16047 SEQ=1 Nov 9 07:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64938 SEQ=1 Nov 9 07:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58468 SEQ=1 Nov 9 07:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58468 SEQ=1 Nov 9 07:54:56 server83 letsencrypt.live.cgi: time="2025-11-09T07:54:56+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=mpowerkids WantedNames="[]" error="Account is suspended" Nov 9 07:54:56 server83 dhclient[14170]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x59bf1e6c) Nov 9 07:54:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.141.199 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4841 DF PROTO=TCP SPT=43489 DPT=2227 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:54:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=9539 DF PROTO=TCP SPT=5159 DPT=10079 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:55:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=13902 PROTO=TCP SPT=43018 DPT=1594 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:55:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44715 SEQ=1 Nov 9 07:55:01 server83 systemd: Started Session 308679 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308680 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308681 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308682 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308678 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308684 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308683 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308685 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308686 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308688 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308689 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308690 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308687 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308691 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308694 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308693 of user root. Nov 9 07:55:01 server83 systemd: Started Session 308692 of user root. Nov 9 07:55:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7616 SEQ=1 Nov 9 07:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57110 SEQ=1 Nov 9 07:55:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.142.154.98 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=34700 PROTO=TCP SPT=58914 DPT=5357 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:55:07 server83 dhclient[14170]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x59bf1e6c) Nov 9 07:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55627 SEQ=1 Nov 9 07:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55627 SEQ=1 Nov 9 07:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23304 SEQ=1 Nov 9 07:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.239.10.26 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=54879 DF PROTO=ICMP TYPE=8 CODE=0 ID=42636 SEQ=22717 Nov 9 07:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14977 SEQ=1 Nov 9 07:55:11 server83 letsencrypt.live.cgi: time="2025-11-09T07:55:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=onlinehr WantedNames="[]" Nov 9 07:55:14 server83 NetworkManager[922]: <warn> [1762655114.4463] dhcp4 (eth1): request timed out Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4463] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4623] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 14170 Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4623] dhcp4 (eth1): state changed timeout -> done Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4625] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:55:14 server83 NetworkManager[922]: <warn> [1762655114.4628] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4630] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4658] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4660] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4661] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4663] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4672] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4673] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 07:55:14 server83 NetworkManager[922]: <info> [1762655114.4685] dhcp4 (eth1): dhclient started with pid 15205 Nov 9 07:55:14 server83 dhclient[15205]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x77ceb775) Nov 9 07:55:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.209 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=13668 DF PROTO=TCP SPT=9687 DPT=8161 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:55:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:55:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49796 SEQ=1 Nov 9 07:55:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=26760 DF PROTO=ICMP TYPE=8 CODE=0 ID=42033 SEQ=35522 Nov 9 07:55:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39117 SEQ=1 Nov 9 07:55:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14575 SEQ=1 Nov 9 07:55:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27761 SEQ=1 Nov 9 07:55:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.40.244 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=4434 DF PROTO=TCP SPT=46413 DPT=11112 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:55:23 server83 dhclient[15205]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x77ceb775) Nov 9 07:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60281 SEQ=1 Nov 9 07:55:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.211 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=10159 DF PROTO=TCP SPT=61667 DPT=29403 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:55:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5086 DF PROTO=TCP SPT=62172 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 07:55:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5087 DF PROTO=TCP SPT=62172 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 07:55:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=40175 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:27 server83 letsencrypt.live.cgi: time="2025-11-09T07:55:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=litoexpresslogis WantedNames="[]" Nov 9 07:55:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.89 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=15177 PROTO=TCP SPT=59541 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46042 SEQ=1 Nov 9 07:55:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.227.97.195 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=55149 DPT=1194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.192 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54592 DPT=12694 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.227.97.195 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=55149 DPT=9201 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.227.97.195 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=55133 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.227.97.195 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=55149 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24588 SEQ=1 Nov 9 07:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49848 SEQ=1 Nov 9 07:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31788 SEQ=1 Nov 9 07:55:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3593 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:55:38 server83 dhclient[15205]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x77ceb775) Nov 9 07:55:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10898 SEQ=1 Nov 9 07:55:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20597 SEQ=1 Nov 9 07:55:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12601 DF PROTO=TCP SPT=61911 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12602 DF PROTO=TCP SPT=61911 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:55:42 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 07:55:42 server83 systemd: Stopped Status Update Service. Nov 9 07:55:42 server83 systemd: Started Status Update Service. Nov 9 07:55:43 server83 letsencrypt.live.cgi: time="2025-11-09T07:55:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=swapoceanlogisti WantedNames="[]" Nov 9 07:55:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12603 DF PROTO=TCP SPT=61911 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:55:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44476 PROTO=TCP SPT=43448 DPT=2427 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:55:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 07:55:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12604 DF PROTO=TCP SPT=61911 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:55:48 server83 dhclient[15205]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x77ceb775) Nov 9 07:55:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2315 PROTO=TCP SPT=53687 DPT=12026 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53826 SEQ=1 Nov 9 07:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3945 SEQ=1 Nov 9 07:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3945 SEQ=1 Nov 9 07:55:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.5.25 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=61784 PROTO=TCP SPT=36703 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:55:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64699 SEQ=1 Nov 9 07:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41122 SEQ=1 Nov 9 07:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13056 SEQ=1 Nov 9 07:55:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.235 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13867 PROTO=TCP SPT=43827 DPT=5117 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:55:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12605 DF PROTO=TCP SPT=62237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:55:58 server83 dhclient[15205]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x77ceb775) Nov 9 07:55:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12608 DF PROTO=TCP SPT=62237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:55:58 server83 letsencrypt.live.cgi: time="2025-11-09T07:55:58+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=evershine WantedNames="[]" Nov 9 07:55:59 server83 NetworkManager[922]: <warn> [1762655159.4501] dhcp4 (eth1): request timed out Nov 9 07:55:59 server83 NetworkManager[922]: <info> [1762655159.4501] dhcp4 (eth1): state changed unknown -> timeout Nov 9 07:55:59 server83 NetworkManager[922]: <info> [1762655159.4660] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15205 Nov 9 07:55:59 server83 NetworkManager[922]: <info> [1762655159.4660] dhcp4 (eth1): state changed timeout -> done Nov 9 07:55:59 server83 NetworkManager[922]: <info> [1762655159.4662] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 07:55:59 server83 NetworkManager[922]: <warn> [1762655159.4665] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 07:55:59 server83 NetworkManager[922]: <info> [1762655159.4666] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 07:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:01 server83 systemd: Started Session 308698 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308695 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308697 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308700 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308702 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308699 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308701 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308696 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308703 of user root. Nov 9 07:56:01 server83 systemd: Started Session 308704 of user root. Nov 9 07:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12609 DF PROTO=TCP SPT=62237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18825 SEQ=1 Nov 9 07:56:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52824 SEQ=1 Nov 9 07:56:04 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.131 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=31 ID=4595 PROTO=UDP SPT=32599 DPT=2361 LEN=22 Nov 9 07:56:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36670 DPT=22222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1853 SEQ=1 Nov 9 07:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59592 SEQ=1 Nov 9 07:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4537 SEQ=1 Nov 9 07:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1853 SEQ=1 Nov 9 07:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2379 SEQ=1 Nov 9 07:56:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12610 DF PROTO=TCP SPT=62237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.2 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49820 DPT=2012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:56:14 server83 letsencrypt.live.cgi: time="2025-11-09T07:56:14+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=marketin WantedNames="[]" Nov 9 07:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.197 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=524 PROTO=TCP SPT=52080 DPT=5006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=33035 PROTO=TCP SPT=55179 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38571 SEQ=1 Nov 9 07:56:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15412 PROTO=TCP SPT=49956 DPT=25761 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62005 SEQ=1 Nov 9 07:56:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=33511 PROTO=TCP SPT=55179 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34582 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:56:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12611 DF PROTO=TCP SPT=62890 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8980 SEQ=1 Nov 9 07:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63656 SEQ=1 Nov 9 07:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38571 SEQ=1 Nov 9 07:56:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12612 DF PROTO=TCP SPT=62890 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25610 SEQ=1 Nov 9 07:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=34126 PROTO=TCP SPT=55179 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12613 DF PROTO=TCP SPT=62890 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.136 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=875 PROTO=TCP SPT=47252 DPT=41965 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 07:56:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.45 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=9005 PROTO=TCP SPT=56800 DPT=38968 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 07:56:29 server83 letsencrypt.live.cgi: time="2025-11-09T07:56:29+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=vmenterprizes WantedNames="[]" error="Account is suspended" Nov 9 07:56:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12614 DF PROTO=TCP SPT=62890 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61199 PROTO=TCP SPT=52789 DPT=669 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:56:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.82 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=53184 DF PROTO=TCP SPT=18824 DPT=5060 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 07:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12808 SEQ=1 Nov 9 07:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12808 SEQ=1 Nov 9 07:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47057 SEQ=1 Nov 9 07:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63605 SEQ=1 Nov 9 07:56:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:56:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12615 DF PROTO=TCP SPT=62890 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41812 SEQ=1 Nov 9 07:56:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3600 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36550 SEQ=1 Nov 9 07:56:43 server83 pam_imunify_daemon.bin: time="2025-11-09T07:56:43+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 07:56:44 server83 letsencrypt.live.cgi: time="2025-11-09T07:56:44+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=mahima WantedNames="[]" error="Account is suspended" Nov 9 07:56:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35025 PROTO=TCP SPT=53687 DPT=35229 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:56:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35719 SEQ=1 Nov 9 07:56:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35719 SEQ=1 Nov 9 07:56:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32037 SEQ=1 Nov 9 07:56:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38091 SEQ=1 Nov 9 07:56:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31903 SEQ=1 Nov 9 07:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23106 SEQ=1 Nov 9 07:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61356 SEQ=1 Nov 9 07:56:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24472 PROTO=TCP SPT=45727 DPT=31961 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:57:00 server83 letsencrypt.live.cgi: time="2025-11-09T07:57:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=choosename WantedNames="[]" Nov 9 07:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:01 server83 systemd: Started Session 308705 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308707 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308709 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308710 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308708 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308706 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308711 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308713 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308712 of user root. Nov 9 07:57:01 server83 systemd: Started Session 308714 of user root. Nov 9 07:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61544 SEQ=1 Nov 9 07:57:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=31577 PROTO=TCP SPT=56256 DPT=8018 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:57:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.94.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33683 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24202 SEQ=1 Nov 9 07:57:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55349 SEQ=1 Nov 9 07:57:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.134.156 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=3953 DF PROTO=TCP SPT=38443 DPT=2977 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:57:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9680 SEQ=1 Nov 9 07:57:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49029 SEQ=1 Nov 9 07:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55349 SEQ=1 Nov 9 07:57:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.128.84.187 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=42206 DPT=1234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42865 PROTO=TCP SPT=45727 DPT=34032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:57:15 server83 letsencrypt.live.cgi: time="2025-11-09T07:57:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=panso WantedNames="[]" Nov 9 07:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52957 SEQ=1 Nov 9 07:57:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.185 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57147 DPT=9428 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22491 SEQ=1 Nov 9 07:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38492 SEQ=1 Nov 9 07:57:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=65299 PROTO=TCP SPT=46025 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:57:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=48786 PROTO=TCP SPT=53298 DPT=222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:57:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28234 SEQ=1 Nov 9 07:57:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3599 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:57:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.92.27.179 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35251 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:31 server83 letsencrypt.live.cgi: time="2025-11-09T07:57:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=davidkingsolicit WantedNames="[]" Nov 9 07:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6115 SEQ=1 Nov 9 07:57:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11945 PROTO=TCP SPT=49713 DPT=6543 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:39 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:39 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:39 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:39 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19536 SEQ=1 Nov 9 07:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29109 SEQ=1 Nov 9 07:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23889 SEQ=1 Nov 9 07:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63403 SEQ=1 Nov 9 07:57:42 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 07:57:42 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 07:57:42 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 07:57:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10159 PROTO=TCP SPT=57266 DPT=9477 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46067 DF PROTO=TCP SPT=45364 DPT=8180 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29549 DF PROTO=TCP SPT=33506 DPT=161 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11211 DF PROTO=TCP SPT=48788 DPT=162 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 07:57:46 server83 letsencrypt.live.cgi: time="2025-11-09T07:57:46+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=hellotrustindia WantedNames="[]" Nov 9 07:57:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11212 DF PROTO=TCP SPT=48788 DPT=162 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29550 DF PROTO=TCP SPT=33506 DPT=161 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:47 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:47 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:57:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14473 DF PROTO=TCP SPT=48374 DPT=9761 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:49 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 07:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18575 SEQ=1 Nov 9 07:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55213 SEQ=1 Nov 9 07:57:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34776 DF PROTO=TCP SPT=37022 DPT=1883 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61716 SEQ=1 Nov 9 07:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61716 SEQ=1 Nov 9 07:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47865 SEQ=1 Nov 9 07:57:52 server83 pam_imunify_daemon.bin: time="2025-11-09T07:57:52+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 07:57:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43013 DF PROTO=TCP SPT=39674 DPT=2869 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38403 SEQ=1 Nov 9 07:57:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29691 DF PROTO=TCP SPT=38676 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26797 DF PROTO=TCP SPT=46316 DPT=9600 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32403 DF PROTO=TCP SPT=41770 DPT=5353 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26798 DF PROTO=TCP SPT=46316 DPT=9600 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32404 DF PROTO=TCP SPT=41770 DPT=5353 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29692 DF PROTO=TCP SPT=38676 DPT=631 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18688 PROTO=TCP SPT=54739 DPT=2617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:57:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34192 DF PROTO=TCP SPT=54256 DPT=9000 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57991 PROTO=TCP SPT=61297 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33469 DF PROTO=TCP SPT=37708 DPT=541 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22874 DF PROTO=TCP SPT=44344 DPT=271 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55666 DF PROTO=TCP SPT=40576 DPT=6633 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3937 PROTO=TCP SPT=41321 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:58:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57993 PROTO=TCP SPT=61297 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:58:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59203 DF PROTO=TCP SPT=34674 DPT=2179 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=273 DF PROTO=TCP SPT=60812 DPT=4433 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3938 PROTO=TCP SPT=41321 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57994 PROTO=TCP SPT=61297 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 07:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=274 DF PROTO=TCP SPT=60812 DPT=4433 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:01 server83 systemd: Started Session 308715 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308716 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308717 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308719 of user root. Nov 9 07:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 07:58:01 server83 systemd: Started Session 308720 of user metalarts. Nov 9 07:58:01 server83 systemd: Started Session 308721 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308718 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308723 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308724 of user root. Nov 9 07:58:01 server83 systemd: Started Session 308722 of user root. Nov 9 07:58:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 07:58:02 server83 letsencrypt.live.cgi: time="2025-11-09T07:58:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kalamkasoilrefin WantedNames="[]" Nov 9 07:58:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38312 DF PROTO=TCP SPT=51882 DPT=9100 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:04 server83 aibolit_wrapper[20483]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626552844094052.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626552844095402.txt --log=/tmp/malware_cleaner_log_17626552844096556.txt --progress=/tmp/malware_cleaner_progress_17626552844096252.json --csv_result=/tmp/revisium_csvfile_17626552844096394.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6013 DF PROTO=TCP SPT=57936 DPT=4786 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26646 DF PROTO=TCP SPT=38238 DPT=5007 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6014 DF PROTO=TCP SPT=57936 DPT=4786 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26647 DF PROTO=TCP SPT=38238 DPT=5007 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11872 DF PROTO=TCP SPT=59558 DPT=448 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28675 DF PROTO=TCP SPT=36618 DPT=1026 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9876 SEQ=1 Nov 9 07:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38476 SEQ=1 Nov 9 07:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9876 SEQ=1 Nov 9 07:58:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10476 DF PROTO=TCP SPT=43704 DPT=789 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61328 SEQ=1 Nov 9 07:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52946 SEQ=1 Nov 9 07:58:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55546 DF PROTO=TCP SPT=38810 DPT=8009 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64745 DF PROTO=TCP SPT=54788 DPT=8081 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5941 DF PROTO=TCP SPT=58240 DPT=554 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19124 DF PROTO=TCP SPT=51338 DPT=22223 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:17 server83 letsencrypt.live.cgi: time="2025-11-09T07:58:17+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bkxpress WantedNames="[]" error="Account is suspended" Nov 9 07:58:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35657 DF PROTO=TCP SPT=43534 DPT=44818 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62914 DF PROTO=TCP SPT=60234 DPT=69 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 07:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 07:58:20 server83 imunify-auditd-log-reader[9638]: log reader failed to send statistics: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:58:22 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 07:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18817 SEQ=1 Nov 9 07:58:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6071 DF PROTO=TCP SPT=37626 DPT=8084 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:23 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 07:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40128 SEQ=1 Nov 9 07:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=138.201.158.24 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=61502 DF PROTO=ICMP TYPE=8 CODE=0 ID=8299 SEQ=35207 Nov 9 07:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50872 SEQ=1 Nov 9 07:58:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1044 DF PROTO=TCP SPT=33956 DPT=324 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6201 SEQ=1 Nov 9 07:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26547 SEQ=1 Nov 9 07:58:25 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 07:58:26 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 07:58:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39011 DF PROTO=TCP SPT=37976 DPT=20000 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:27 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 07:58:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22253 PROTO=TCP SPT=45727 DPT=34615 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:58:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39012 DF PROTO=TCP SPT=37976 DPT=20000 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39362 DF PROTO=TCP SPT=39770 DPT=636 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65453 DF PROTO=TCP SPT=38114 DPT=5684 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53454 DF PROTO=TCP SPT=45394 DPT=5061 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:28 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 07:58:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53455 DF PROTO=TCP SPT=45394 DPT=5061 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4388 DF PROTO=TCP SPT=50792 DPT=8883 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63177 SEQ=1 Nov 9 07:58:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42201 SEQ=1 Nov 9 07:58:32 server83 aibolit_wrapper[21251]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626553127044146.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626553127046142.txt --log=/tmp/malware_cleaner_log_17626553127048714.txt --progress=/tmp/malware_cleaner_progress_17626553127048014.json --csv_result=/tmp/revisium_csvfile_17626553127048328.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:58:33 server83 letsencrypt.live.cgi: time="2025-11-09T07:58:33+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=mtbhongkong WantedNames="[]" Nov 9 07:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49406 DF PROTO=TCP SPT=55318 DPT=6653 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42047 DF PROTO=TCP SPT=45696 DPT=2221 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6268 DF PROTO=TCP SPT=32952 DPT=1911 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6269 DF PROTO=TCP SPT=32952 DPT=1911 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42048 DF PROTO=TCP SPT=45696 DPT=2221 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=11443 PROTO=TCP SPT=53273 DPT=1883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43381 SEQ=1 Nov 9 07:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6176 SEQ=1 Nov 9 07:58:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45788 DF PROTO=TCP SPT=50564 DPT=22000 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1363 SEQ=1 Nov 9 07:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6352 SEQ=1 Nov 9 07:58:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44526 DF PROTO=TCP SPT=44008 DPT=5000 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: circuit breaker is open Nov 9 07:58:39 server83 imunify-realtime-av[6776]: failed to send stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58274 SEQ=1 Nov 9 07:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34085 SEQ=1 Nov 9 07:58:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52875 DF PROTO=TCP SPT=34094 DPT=3269 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:58:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:58:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54139 DF PROTO=TCP SPT=42350 DPT=5001 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:43 server83 imunify-auditd-log-reader[9638]: lost 11 message sequences Nov 9 07:58:43 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 07:58:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57292 DF PROTO=TCP SPT=53000 DPT=8082 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32563 DF PROTO=TCP SPT=44812 DPT=2200 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:48 server83 letsencrypt.live.cgi: time="2025-11-09T07:58:48+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=viveksha WantedNames="[]" error="Account is suspended" Nov 9 07:58:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33537 DF PROTO=TCP SPT=60062 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32235 DF PROTO=TCP SPT=37464 DPT=3702 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30428 DF PROTO=TCP SPT=37122 DPT=8447 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9231 SEQ=1 Nov 9 07:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37547 SEQ=1 Nov 9 07:58:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22697 DF PROTO=TCP SPT=37276 DPT=6679 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15588 SEQ=1 Nov 9 07:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35966 SEQ=1 Nov 9 07:58:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46860 DF PROTO=TCP SPT=59420 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:58:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6685 DF PROTO=TCP SPT=40776 DPT=8088 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32821 DF PROTO=TCP SPT=57064 DPT=853 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:59:01 server83 systemd: Started Session 308727 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308728 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308729 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308726 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308725 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308730 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308731 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308732 of user root. Nov 9 07:59:01 server83 systemd: Started Session 308733 of user root. Nov 9 07:59:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7660 SEQ=1 Nov 9 07:59:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34516 SEQ=1 Nov 9 07:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34168 DF PROTO=TCP SPT=58394 DPT=3000 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:02 server83 aibolit_wrapper[22242]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626553425265828.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626553425267450.txt --log=/tmp/malware_cleaner_log_17626553425268930.txt --progress=/tmp/malware_cleaner_progress_17626553425268536.json --csv_result=/tmp/revisium_csvfile_17626553425268702.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:59:03 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=intlogcompany WantedNames="[]" Nov 9 07:59:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21253 DF PROTO=TCP SPT=49718 DPT=514 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64047 DF PROTO=TCP SPT=58108 DPT=37777 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64048 DF PROTO=TCP SPT=58108 DPT=37777 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21254 DF PROTO=TCP SPT=49718 DPT=514 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32844 SEQ=1 Nov 9 07:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.191 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49342 DPT=1194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1341 DF PROTO=TCP SPT=39144 DPT=2376 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.50 DST=51.210.113.204 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=45106 PROTO=UDP SPT=33352 DPT=7778 LEN=17 Nov 9 07:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18341 SEQ=1 Nov 9 07:59:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12571 DF PROTO=TCP SPT=39740 DPT=1089 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44624 SEQ=1 Nov 9 07:59:10 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=81.86.94.85 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=28164 PROTO=UDP SPT=56634 DPT=11866 LEN=520 Nov 9 07:59:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21771 DF PROTO=TCP SPT=37530 DPT=22022 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34630 DF PROTO=TCP SPT=47020 DPT=5005 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:13 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 07:59:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7289 PROTO=TCP SPT=56949 DPT=8519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:59:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.104.241.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19534 DF PROTO=TCP SPT=34774 DPT=102 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 07:59:17 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=109.236.61.23 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=16561 DPT=123 LEN=16 Nov 9 07:59:19 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:19+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ximar WantedNames="[]" Nov 9 07:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35433 SEQ=1 Nov 9 07:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37157 SEQ=1 Nov 9 07:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34012 SEQ=1 Nov 9 07:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64345 SEQ=1 Nov 9 07:59:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 07:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=170 SEQ=1 Nov 9 07:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31893 SEQ=1 Nov 9 07:59:22 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:59:22 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:22+05:30" level=info msg="Processing reports now" Nov 9 07:59:22 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:22+05:30" level=warning msg="Failed to parse reporting.interval, falling back to 24h" dur= Nov 9 07:59:22 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:22+05:30" level=info msg="Reporting done" Nov 9 07:59:22 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:22+05:30" level=info msg="Next report time" fields.time="2025-11-10 07:59:22 +0530 IST" Nov 9 07:59:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.36.97.172 DST=51.210.113.204 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=7096 DF PROTO=TCP SPT=42453 DPT=1123 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 07:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35433 SEQ=1 Nov 9 07:59:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.180 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55699 DPT=47053 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:59:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32983 SEQ=1 Nov 9 07:59:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53383 PROTO=TCP SPT=46370 DPT=1675 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:59:34 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=thehealthywomen WantedNames="[]" Nov 9 07:59:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45932 DPT=790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2875 SEQ=1 Nov 9 07:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33467 SEQ=1 Nov 9 07:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2875 SEQ=1 Nov 9 07:59:38 server83 aibolit_wrapper[23248]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626553788510682.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626553788512306.txt --log=/tmp/malware_cleaner_log_17626553788514100.txt --progress=/tmp/malware_cleaner_progress_17626553788513606.json --csv_result=/tmp/revisium_csvfile_17626553788513854.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:59:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 07:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63269 SEQ=1 Nov 9 07:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10266 SEQ=1 Nov 9 07:59:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:59:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 07:59:41 server83 pam_imunify_daemon.bin: time="2025-11-09T07:59:41+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 07:59:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11394 PROTO=TCP SPT=36227 DPT=4883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 07:59:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20472 SEQ=1 Nov 9 07:59:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40764 SEQ=1 Nov 9 07:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37832 SEQ=1 Nov 9 07:59:50 server83 letsencrypt.live.cgi: time="2025-11-09T07:59:50+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=mymedeasy WantedNames="[]" error="Account is suspended" Nov 9 07:59:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=30822 PROTO=TCP SPT=21679 DPT=769 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:59:51 server83 aibolit_wrapper[23649]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626553910893430.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626553910895392.txt --log=/tmp/malware_cleaner_log_17626553910897406.txt --progress=/tmp/malware_cleaner_progress_17626553910896822.json --csv_result=/tmp/revisium_csvfile_17626553910897080.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 07:59:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=33470 PROTO=TCP SPT=56256 DPT=8015 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 07:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33180 SEQ=1 Nov 9 07:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47925 SEQ=1 Nov 9 07:59:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2262 PROTO=TCP SPT=50272 DPT=12440 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 07:59:57 server83 scripts.sh: Sun Nov 9 07:59:57 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 07:59:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:00:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.239 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33668 DF PROTO=TCP SPT=6590 DPT=3780 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:00:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63792 PROTO=TCP SPT=33838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:01 server83 systemd: Started Session 308734 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308735 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308738 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308739 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308737 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308736 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308741 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308742 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308740 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308743 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308745 of user root. Nov 9 08:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 08:00:01 server83 systemd: Started Session 308748 of user sanatanhinduvahi. Nov 9 08:00:01 server83 systemd: Started Session 308750 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308744 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308746 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308749 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308747 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308751 of user root. Nov 9 08:00:01 server83 systemd: Created slice User Slice of mailman. Nov 9 08:00:01 server83 systemd: Started Session 308752 of user mailman. Nov 9 08:00:01 server83 systemd: Started Session 308753 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308754 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308755 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308756 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308757 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308758 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308759 of user root. Nov 9 08:00:01 server83 systemd: Started Session 308760 of user root. Nov 9 08:00:01 server83 systemd: Removed slice User Slice of mailman. Nov 9 08:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 08:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63793 PROTO=TCP SPT=33838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28778 PROTO=TCP SPT=36512 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63794 PROTO=TCP SPT=33838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28779 PROTO=TCP SPT=36512 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63795 PROTO=TCP SPT=33838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28780 PROTO=TCP SPT=36512 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63796 PROTO=TCP SPT=33838 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:05 server83 letsencrypt.live.cgi: time="2025-11-09T08:00:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pflexlogistics WantedNames="[]" Nov 9 08:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=28781 PROTO=TCP SPT=36512 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10057 PROTO=TCP SPT=45727 DPT=30771 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:00:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5270 SEQ=1 Nov 9 08:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52687 SEQ=1 Nov 9 08:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2950 SEQ=1 Nov 9 08:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60969 SEQ=1 Nov 9 08:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46421 SEQ=1 Nov 9 08:00:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3591 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:00:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17489 SEQ=1 Nov 9 08:00:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28265 PROTO=TCP SPT=39172 DPT=5001 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:00:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56622 PROTO=TCP SPT=54794 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56623 PROTO=TCP SPT=54794 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30692 PROTO=TCP SPT=35372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30694 PROTO=TCP SPT=35372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50447 SEQ=1 Nov 9 08:00:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1763 PROTO=TCP SPT=51370 DPT=22222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2815 SEQ=1 Nov 9 08:00:21 server83 letsencrypt.live.cgi: time="2025-11-09T08:00:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=parasresidency WantedNames="[]" Nov 9 08:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52144 SEQ=1 Nov 9 08:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45348 SEQ=1 Nov 9 08:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50447 SEQ=1 Nov 9 08:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58991 SEQ=1 Nov 9 08:00:22 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:00:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.114.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=7765 PROTO=TCP SPT=37522 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.114.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=7767 PROTO=TCP SPT=37522 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:00:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28036 SEQ=1 Nov 9 08:00:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20649 SEQ=1 Nov 9 08:00:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30626 SEQ=1 Nov 9 08:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43761 SEQ=1 Nov 9 08:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22036 SEQ=1 Nov 9 08:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2059 PROTO=TCP SPT=35836 DPT=9609 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:00:36 server83 letsencrypt.live.cgi: time="2025-11-09T08:00:36+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=casbk WantedNames="[]" Nov 9 08:00:38 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:00:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2119 PROTO=TCP SPT=38060 DPT=5196 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:00:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:00:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23197 PROTO=TCP SPT=49956 DPT=25753 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:00:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.249 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=52813 DPT=24800 LEN=16 Nov 9 08:00:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50326 DPT=21194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=53262 PROTO=TCP SPT=56256 DPT=8014 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:00:44 server83 aibolit_wrapper[29670]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626554442805944.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626554442808240.txt --log=/tmp/malware_cleaner_log_17626554442810438.txt --progress=/tmp/malware_cleaner_progress_17626554442809798.json --csv_result=/tmp/revisium_csvfile_17626554442810088.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:00:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.config: ProactiveModel.Host should not be empty Nov 9 08:00:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.24 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51131 DPT=12443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36219 SEQ=1 Nov 9 08:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6363 SEQ=1 Nov 9 08:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56832 SEQ=1 Nov 9 08:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6363 SEQ=1 Nov 9 08:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23329 SEQ=1 Nov 9 08:00:52 server83 letsencrypt.live.cgi: time="2025-11-09T08:00:52+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=coolinge WantedNames="[]" Nov 9 08:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8898 SEQ=1 Nov 9 08:00:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:00:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36219 SEQ=1 Nov 9 08:00:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=50897 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4404] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4409] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4410] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4413] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4423] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4426] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:00:59 server83 NetworkManager[922]: <info> [1762655459.4439] dhcp4 (eth1): dhclient started with pid 31668 Nov 9 08:00:59 server83 dhclient[31668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x668a996b) Nov 9 08:01:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:00 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 08:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 08:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:01 server83 systemd: Started Session 308763 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308762 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308761 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308764 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308765 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308766 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308767 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308770 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308768 of user root. Nov 9 08:01:01 server83 systemd: Started Session 308769 of user root. Nov 9 08:01:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.14.122.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40580 DPT=717 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24545 SEQ=1 Nov 9 08:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6081 SEQ=1 Nov 9 08:01:05 server83 aibolit_wrapper[32767]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626554652102682.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626554652104732.txt --log=/tmp/malware_cleaner_log_17626554652106044.txt --progress=/tmp/malware_cleaner_progress_17626554652105678.json --csv_result=/tmp/revisium_csvfile_17626554652105840.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:01:05 server83 dhclient[31668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x668a996b) Nov 9 08:01:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3590 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6081 SEQ=1 Nov 9 08:01:07 server83 letsencrypt.live.cgi: time="2025-11-09T08:01:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=spacetbroka WantedNames="[]" Nov 9 08:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8070 SEQ=1 Nov 9 08:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6323 SEQ=1 Nov 9 08:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50014 SEQ=1 Nov 9 08:01:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.247 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=8773 DF PROTO=TCP SPT=33336 DPT=4453 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:01:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:01:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13894 PROTO=TCP SPT=36126 DPT=4761 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:01:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57146 SEQ=1 Nov 9 08:01:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37273 SEQ=1 Nov 9 08:01:20 server83 dhclient[31668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x668a996b) Nov 9 08:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7988 SEQ=1 Nov 9 08:01:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59039 SEQ=1 Nov 9 08:01:22 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:01:23 server83 letsencrypt.live.cgi: time="2025-11-09T08:01:23+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=quizipid WantedNames="[]" Nov 9 08:01:30 server83 aibolit_wrapper[3767]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626554900439714.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626554900440910.txt --log=/tmp/malware_cleaner_log_17626554900441992.txt --progress=/tmp/malware_cleaner_progress_17626554900441726.json --csv_result=/tmp/revisium_csvfile_17626554900441830.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:01:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:30 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 27 message sequences Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 08:01:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14146 SEQ=1 Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34809 SEQ=1 Nov 9 08:01:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3597 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21351 SEQ=1 Nov 9 08:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40679 SEQ=1 Nov 9 08:01:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.221.141.179 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=11856 DF PROTO=TCP SPT=12880 DPT=4430 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 08:01:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30779 SEQ=1 Nov 9 08:01:39 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30779 SEQ=1 Nov 9 08:01:39 server83 letsencrypt.live.cgi: time="2025-11-09T08:01:39+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=niazandsons WantedNames="[]" Nov 9 08:01:39 server83 dhclient[31668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x668a996b) Nov 9 08:01:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55195 PROTO=TCP SPT=46839 DPT=5406 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:01:44 server83 NetworkManager[922]: <warn> [1762655504.4505] dhcp4 (eth1): request timed out Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4505] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4665] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31668 Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4665] dhcp4 (eth1): state changed timeout -> done Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:01:44 server83 NetworkManager[922]: <warn> [1762655504.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4704] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4708] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4708] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4711] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4720] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4722] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:01:44 server83 NetworkManager[922]: <info> [1762655504.4734] dhcp4 (eth1): dhclient started with pid 5975 Nov 9 08:01:44 server83 dhclient[5975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5efefb8e) Nov 9 08:01:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:01:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 08:01:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3589 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:01:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14503 SEQ=1 Nov 9 08:01:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42379 SEQ=1 Nov 9 08:01:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3733 SEQ=1 Nov 9 08:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48051 SEQ=1 Nov 9 08:01:52 server83 dhclient[5975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x5efefb8e) Nov 9 08:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42379 SEQ=1 Nov 9 08:01:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3596 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:01:54 server83 letsencrypt.live.cgi: time="2025-11-09T08:01:54+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=grotrasave WantedNames="[]" Nov 9 08:01:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.190 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43654 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:01:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.127 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53957 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:01:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50438 DPT=9891 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:02:01 server83 systemd: Started Session 308771 of user root. Nov 9 08:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:01 server83 systemd: Started Session 308772 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308773 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308774 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308776 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308775 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308777 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308778 of user root. Nov 9 08:02:01 server83 systemd: Started Session 308779 of user root. Nov 9 08:02:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61635 SEQ=1 Nov 9 08:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60662 SEQ=1 Nov 9 08:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33539 SEQ=1 Nov 9 08:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60662 SEQ=1 Nov 9 08:02:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37956 SEQ=1 Nov 9 08:02:05 server83 systemd: Started Session c2851 of user root. Nov 9 08:02:05 server83 scripts.sh: Load Average: 5.07 , 4.08 Nov 9 08:02:05 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:02:05 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:02:05 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:02:05 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:02:05 server83 scripts.sh: MySQL Status: active Nov 9 08:02:05 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:02:05 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:02:05 server83 scripts.sh: SSHD Status: active Nov 9 08:02:05 server83 scripts.sh: FTP Status: active Nov 9 08:02:05 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:02:05 server83 scripts.sh: Imunify Status: Active Nov 9 08:02:05 server83 scripts.sh: cPanel Status: active Nov 9 08:02:05 server83 scripts.sh: Memory Status: 11/31 GB - 37.27% Nov 9 08:02:05 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:02:05 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:02:05 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:02:07 server83 imunify-auditd-log-reader[9638]: lost 13 message sequences Nov 9 08:02:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.54 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=23340 DF PROTO=UDP SPT=6544 DPT=19 LEN=9 Nov 9 08:02:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:08 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56783 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:02:10 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 08:02:10 server83 letsencrypt.live.cgi: time="2025-11-09T08:02:10+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=kartikey WantedNames="[]" Nov 9 08:02:11 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 08:02:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:02:11 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 08:02:12 server83 dhclient[5975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5efefb8e) Nov 9 08:02:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46547 PROTO=TCP SPT=33165 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:13 server83 aibolit_wrapper[10127]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626555334876952.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626555334878244.txt --log=/tmp/malware_cleaner_log_17626555334879406.txt --progress=/tmp/malware_cleaner_progress_17626555334879108.json --csv_result=/tmp/revisium_csvfile_17626555334879238.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3588 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46548 PROTO=TCP SPT=33165 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20933 PROTO=TCP SPT=44750 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35759 PROTO=TCP SPT=41900 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:02:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46549 PROTO=TCP SPT=33165 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=62292 PROTO=TCP SPT=37063 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13467 SEQ=1 Nov 9 08:02:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30967 PROTO=TCP SPT=60063 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31456 SEQ=1 Nov 9 08:02:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30969 PROTO=TCP SPT=60063 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19216 SEQ=1 Nov 9 08:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19216 SEQ=1 Nov 9 08:02:22 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40336 SEQ=1 Nov 9 08:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10063 SEQ=1 Nov 9 08:02:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7389 SEQ=1 Nov 9 08:02:25 server83 dhclient[5975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x5efefb8e) Nov 9 08:02:25 server83 letsencrypt.live.cgi: time="2025-11-09T08:02:25+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=drrajeshacharya WantedNames="[]" error="Account is suspended" Nov 9 08:02:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.190.247 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=44167 PROTO=TCP SPT=50552 DPT=9401 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:02:29 server83 NetworkManager[922]: <warn> [1762655549.4503] dhcp4 (eth1): request timed out Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5975 Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:02:29 server83 NetworkManager[922]: <warn> [1762655549.4592] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4595] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4630] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4635] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4636] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4641] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4652] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4655] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:02:29 server83 NetworkManager[922]: <info> [1762655549.4668] dhcp4 (eth1): dhclient started with pid 12303 Nov 9 08:02:29 server83 dhclient[12303]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x3b7305e) Nov 9 08:02:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37919 PROTO=TCP SPT=43557 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37920 PROTO=TCP SPT=43557 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=48098 PROTO=TCP SPT=39694 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37921 PROTO=TCP SPT=43557 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26702 SEQ=1 Nov 9 08:02:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=48099 PROTO=TCP SPT=39694 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37922 PROTO=TCP SPT=43557 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30854 PROTO=TCP SPT=49956 DPT=29418 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=48100 PROTO=TCP SPT=39694 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37923 PROTO=TCP SPT=43557 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:35 server83 dhclient[12303]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x3b7305e) Nov 9 08:02:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=48101 PROTO=TCP SPT=39694 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40881 SEQ=1 Nov 9 08:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42976 SEQ=1 Nov 9 08:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35310 SEQ=1 Nov 9 08:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47170 SEQ=1 Nov 9 08:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35310 SEQ=1 Nov 9 08:02:39 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:02:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.230 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40300 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:02:41 server83 letsencrypt.live.cgi: time="2025-11-09T08:02:41+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=isxiserviceinjai WantedNames="[]" error="Account is suspended" Nov 9 08:02:44 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:02:44 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:02:44 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:02:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3934 SEQ=1 Nov 9 08:02:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11425 SEQ=1 Nov 9 08:02:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36942 SEQ=1 Nov 9 08:02:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.classes: ProactiveModel.Host should not be empty Nov 9 08:02:47 server83 dhclient[12303]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3b7305e) Nov 9 08:02:48 server83 aibolit_wrapper[15107]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626555687315778.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626555687318212.txt --log=/tmp/malware_cleaner_log_17626555687320636.txt --progress=/tmp/malware_cleaner_progress_17626555687320016.json --csv_result=/tmp/revisium_csvfile_17626555687320292.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:02:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3594 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:02:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35164 SEQ=1 Nov 9 08:02:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.39 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53545 DPT=3000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:02:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.59 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54597 DPT=45735 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:02:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=49981 PROTO=TCP SPT=52773 DPT=28550 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:02:56 server83 letsencrypt.live.cgi: time="2025-11-09T08:02:56+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=starhubconnect WantedNames="[]" Nov 9 08:02:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:02:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.203.67.164 DST=145.239.177.179 LEN=108 TOS=0x00 PREC=0x00 TTL=46 ID=96 DF PROTO=UDP SPT=5353 DPT=8083 LEN=88 Nov 9 08:03:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19258 PROTO=TCP SPT=53687 DPT=11611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:03:01 server83 systemd: Started Session 308780 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308783 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308782 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308781 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308784 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308786 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308787 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308788 of user root. Nov 9 08:03:01 server83 systemd: Started Session 308785 of user root. Nov 9 08:03:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31253 PROTO=TCP SPT=38631 DPT=5069 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54051 SEQ=1 Nov 9 08:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45969 SEQ=1 Nov 9 08:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38055 SEQ=1 Nov 9 08:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53563 SEQ=1 Nov 9 08:03:04 server83 dhclient[12303]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x3b7305e) Nov 9 08:03:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5839 SEQ=1 Nov 9 08:03:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.114.152 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1234 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=44333 DF PROTO=ICMP TYPE=8 CODE=0 ID=15262 SEQ=18736 Nov 9 08:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47325 SEQ=1 Nov 9 08:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=61923 PROTO=TCP SPT=21679 DPT=45270 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21926 SEQ=1 Nov 9 08:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=43773 PROTO=TCP SPT=47254 DPT=46946 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38055 SEQ=1 Nov 9 08:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22127 SEQ=1 Nov 9 08:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5245 SEQ=1 Nov 9 08:03:11 server83 letsencrypt.live.cgi: time="2025-11-09T08:03:11+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=elimonetization WantedNames="[]" Nov 9 08:03:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7678 PROTO=TCP SPT=43457 DPT=2588 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:03:14 server83 NetworkManager[922]: <warn> [1762655594.4503] dhcp4 (eth1): request timed out Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12303 Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:03:14 server83 NetworkManager[922]: <warn> [1762655594.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4706] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4716] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4727] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4730] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:03:14 server83 NetworkManager[922]: <info> [1762655594.4739] dhcp4 (eth1): dhclient started with pid 18457 Nov 9 08:03:14 server83 dhclient[18457]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x418b9470) Nov 9 08:03:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.164 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54049 DPT=9693 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.31 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52751 PROTO=TCP SPT=2965 DPT=1201 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:03:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31751 PROTO=TCP SPT=46370 DPT=2878 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:03:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12621 DF PROTO=TCP SPT=54208 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:03:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30316 SEQ=1 Nov 9 08:03:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30316 SEQ=1 Nov 9 08:03:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12622 DF PROTO=TCP SPT=54208 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:03:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61733 SEQ=1 Nov 9 08:03:21 server83 dhclient[18457]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x418b9470) Nov 9 08:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5820 SEQ=1 Nov 9 08:03:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12623 DF PROTO=TCP SPT=54208 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:03:22 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39337 SEQ=1 Nov 9 08:03:23 server83 pam_imunify_daemon.bin: time="2025-11-09T08:03:23+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 08:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60146 PROTO=TCP SPT=50896 DPT=7911 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12624 DF PROTO=TCP SPT=54208 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:03:27 server83 letsencrypt.live.cgi: time="2025-11-09T08:03:27+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bhaviniwelfareso WantedNames="[]" Nov 9 08:03:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=36008 DPT=14443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:30 server83 dhclient[18457]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x418b9470) Nov 9 08:03:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27909 SEQ=1 Nov 9 08:03:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12625 DF PROTO=TCP SPT=54208 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:03:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=1.0.0.1 DST=145.239.177.179 LEN=224 TOS=0x00 PREC=0x00 TTL=51 ID=54549 DF PROTO=UDP SPT=53 DPT=41013 LEN=204 Nov 9 08:03:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.80 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52652 DPT=5445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=64536 PROTO=TCP SPT=47254 DPT=39421 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:03:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.188 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49279 DPT=8833 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=705 PROTO=TCP SPT=50272 DPT=12121 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:03:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.114.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=24126 PROTO=TCP SPT=55548 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:03:39 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60314 SEQ=1 Nov 9 08:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23580 SEQ=1 Nov 9 08:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7377 PROTO=TCP SPT=44597 DPT=4526 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.35.152.121 DST=51.210.113.204 LEN=99 TOS=0x00 PREC=0x00 TTL=50 ID=38774 DF PROTO=UDP SPT=23679 DPT=8000 LEN=79 Nov 9 08:03:43 server83 letsencrypt.live.cgi: time="2025-11-09T08:03:43+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=undel WantedNames="[]" Nov 9 08:03:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:03:44 server83 dhclient[18457]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x418b9470) Nov 9 08:03:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.70.133 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=18895 PROTO=TCP SPT=60000 DPT=9876 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:03:45 server83 imunify-auditd-log-reader[9638]: lost 11 message sequences Nov 9 08:03:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 08:03:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:03:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42251 SEQ=1 Nov 9 08:03:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.167 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=55929 DF PROTO=TCP SPT=56396 DPT=2121 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:03:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38019 PROTO=TCP SPT=51231 DPT=9397 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18673 SEQ=1 Nov 9 08:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34310 SEQ=1 Nov 9 08:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47716 SEQ=1 Nov 9 08:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42927 SEQ=1 Nov 9 08:03:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.103 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=55503 DPT=9997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32620 SEQ=1 Nov 9 08:03:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=182.119.227.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=62643 PROTO=TCP SPT=57194 DPT=11210 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:03:58 server83 letsencrypt.live.cgi: time="2025-11-09T08:03:58+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=hdprint WantedNames="[]" error="Account is suspended" Nov 9 08:03:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=22616 PROTO=TCP SPT=48864 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:03:59 server83 NetworkManager[922]: <warn> [1762655639.4494] dhcp4 (eth1): request timed out Nov 9 08:03:59 server83 NetworkManager[922]: <info> [1762655639.4495] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:03:59 server83 NetworkManager[922]: <info> [1762655639.4573] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18457 Nov 9 08:03:59 server83 NetworkManager[922]: <info> [1762655639.4574] dhcp4 (eth1): state changed timeout -> done Nov 9 08:03:59 server83 NetworkManager[922]: <info> [1762655639.4575] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:03:59 server83 NetworkManager[922]: <warn> [1762655639.4579] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:03:59 server83 NetworkManager[922]: <info> [1762655639.4580] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:04:01 server83 systemd: Started Session 308789 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308790 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308791 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308792 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308793 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308794 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308795 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308796 of user root. Nov 9 08:04:01 server83 systemd: Started Session 308797 of user root. Nov 9 08:04:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44773 SEQ=1 Nov 9 08:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=131 SEQ=1 Nov 9 08:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21314 SEQ=1 Nov 9 08:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44773 SEQ=1 Nov 9 08:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53950 SEQ=1 Nov 9 08:04:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.190.163.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=49795 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:04:13 server83 letsencrypt.live.cgi: time="2025-11-09T08:04:13+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=globalturnkeypro WantedNames="[]" error="Account is suspended" Nov 9 08:04:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=60979 PROTO=TCP SPT=44575 DPT=20221 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:04:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=64878 PROTO=TCP SPT=52773 DPT=13773 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:04:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31004 SEQ=1 Nov 9 08:04:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46585 SEQ=1 Nov 9 08:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18198 SEQ=1 Nov 9 08:04:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6863 SEQ=1 Nov 9 08:04:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=18484 PROTO=TCP SPT=52773 DPT=31798 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:04:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39290 PROTO=TCP SPT=57888 DPT=4052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:04:28 server83 letsencrypt.live.cgi: time="2025-11-09T08:04:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crmeccscloudlive WantedNames="[]" Nov 9 08:04:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:04:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.207.229 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=4627 DF PROTO=TCP SPT=45676 DPT=10998 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:04:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45793 DPT=23000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:04:35 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 08:04:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12626 DF PROTO=TCP SPT=56249 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:04:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55827 SEQ=1 Nov 9 08:04:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4577 SEQ=1 Nov 9 08:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55060 SEQ=1 Nov 9 08:04:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12627 DF PROTO=TCP SPT=56249 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52521 SEQ=1 Nov 9 08:04:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=46834 PROTO=TCP SPT=47254 DPT=9760 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:04:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12628 DF PROTO=TCP SPT=56249 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:04:41 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:04:41 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 08:04:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=5546 PROTO=TCP SPT=56033 DPT=7713 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:04:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12629 DF PROTO=TCP SPT=56249 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:04:44 server83 letsencrypt.live.cgi: time="2025-11-09T08:04:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=adtspl WantedNames="[]" Nov 9 08:04:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23939 SEQ=1 Nov 9 08:04:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=51841 DF PROTO=ICMP TYPE=8 CODE=0 ID=14529 SEQ=57802 Nov 9 08:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32441 SEQ=1 Nov 9 08:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53293 SEQ=1 Nov 9 08:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8849 SEQ=1 Nov 9 08:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9111 SEQ=1 Nov 9 08:04:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12630 DF PROTO=TCP SPT=56249 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:04:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21617 SEQ=1 Nov 9 08:04:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:04:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.118.241.146 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=13272 PROTO=TCP SPT=48501 DPT=5903 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:05:00 server83 letsencrypt.live.cgi: time="2025-11-09T08:05:00+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=stjoseph WantedNames="[]" Nov 9 08:05:01 server83 systemd: Started Session 308798 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308799 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308800 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308802 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308805 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308804 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308803 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308807 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308801 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308808 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308809 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308810 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308806 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308812 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308811 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308813 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308814 of user root. Nov 9 08:05:01 server83 systemd: Started Session 308815 of user root. Nov 9 08:05:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33746 SEQ=1 Nov 9 08:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50056 SEQ=1 Nov 9 08:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=59442 DF PROTO=ICMP TYPE=8 CODE=0 ID=36458 SEQ=25918 Nov 9 08:05:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=24570 PROTO=TCP SPT=61942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21036 SEQ=1 Nov 9 08:05:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=24571 PROTO=TCP SPT=61942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47609 SEQ=1 Nov 9 08:05:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54326 PROTO=TCP SPT=40012 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12409 PROTO=TCP SPT=45727 DPT=30885 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:05:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=24572 PROTO=TCP SPT=61942 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54327 PROTO=TCP SPT=40012 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54328 PROTO=TCP SPT=40012 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:13 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 08:05:13 server83 systemd: Stopped Status Update Service. Nov 9 08:05:13 server83 systemd: Started Status Update Service. Nov 9 08:05:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54330 PROTO=TCP SPT=40012 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:05:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:05:15 server83 letsencrypt.live.cgi: time="2025-11-09T08:05:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=nectaverse WantedNames="[]" Nov 9 08:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37796 SEQ=1 Nov 9 08:05:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=54945 DPT=39776 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49960 SEQ=1 Nov 9 08:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48866 SEQ=1 Nov 9 08:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37703 SEQ=1 Nov 9 08:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45259 SEQ=1 Nov 9 08:05:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50860 DPT=444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56682 SEQ=1 Nov 9 08:05:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20834 SEQ=1 Nov 9 08:05:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52591 SEQ=1 Nov 9 08:05:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40358 SEQ=1 Nov 9 08:05:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2326 SEQ=1 Nov 9 08:05:33 server83 letsencrypt.live.cgi: time="2025-11-09T08:05:33+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=alquasisonline WantedNames="[]" error="Account is suspended" Nov 9 08:05:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28073 PROTO=TCP SPT=40185 DPT=5736 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:05:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50816 PROTO=TCP SPT=61000 DPT=29248 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:05:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:05:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12631 DF PROTO=TCP SPT=58003 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:05:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12632 DF PROTO=TCP SPT=58003 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:05:49 server83 letsencrypt.live.cgi: time="2025-11-09T08:05:49+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=asmemor WantedNames="[]" Nov 9 08:05:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12633 DF PROTO=TCP SPT=58003 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:05:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46553 SEQ=1 Nov 9 08:05:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21017 SEQ=1 Nov 9 08:05:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31018 PROTO=TCP SPT=54739 DPT=2770 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:05:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55566 SEQ=1 Nov 9 08:05:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51102 SEQ=1 Nov 9 08:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1694 SEQ=1 Nov 9 08:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25475 SEQ=1 Nov 9 08:05:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12634 DF PROTO=TCP SPT=58003 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:06:01 server83 systemd: Started Session 308816 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308817 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308818 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308819 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308822 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308821 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308820 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308824 of user root. Nov 9 08:06:01 server83 systemd: Started Session 308823 of user root. Nov 9 08:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:06:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.92 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53240 DPT=23975 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:06:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12635 DF PROTO=TCP SPT=58003 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:06:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3587 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:03 server83 PAM-hulk[7426]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 08:06:04 server83 letsencrypt.live.cgi: time="2025-11-09T08:06:04+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cascadefinco WantedNames="[]" Nov 9 08:06:05 server83 pam_imunify_daemon.bin: time="2025-11-09T08:06:05+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 08:06:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50330 SEQ=1 Nov 9 08:06:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39240 SEQ=1 Nov 9 08:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50330 SEQ=1 Nov 9 08:06:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.191.209.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7562 PROTO=TCP SPT=41356 DPT=19000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.15.200.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=42231 PROTO=TCP SPT=32895 DPT=9999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:06:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=61294 DF PROTO=ICMP TYPE=8 CODE=0 ID=21760 SEQ=39506 Nov 9 08:06:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43991 SEQ=1 Nov 9 08:06:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3586 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52078 SEQ=1 Nov 9 08:06:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.57.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=5775 DF PROTO=TCP SPT=40950 DPT=3607 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:06:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52078 SEQ=1 Nov 9 08:06:19 server83 letsencrypt.live.cgi: time="2025-11-09T08:06:19+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bestwaycourierse WantedNames="[]" error="Account is suspended" Nov 9 08:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10459 SEQ=1 Nov 9 08:06:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40864 PROTO=TCP SPT=45727 DPT=34046 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24903 SEQ=1 Nov 9 08:06:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6195 PROTO=TCP SPT=49956 DPT=26109 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43991 SEQ=1 Nov 9 08:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10459 SEQ=1 Nov 9 08:06:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:06:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41215 SEQ=1 Nov 9 08:06:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12138 SEQ=1 Nov 9 08:06:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26590 SEQ=1 Nov 9 08:06:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3348 SEQ=1 Nov 9 08:06:35 server83 letsencrypt.live.cgi: time="2025-11-09T08:06:35+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=safdelco WantedNames="[]" Nov 9 08:06:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54935 DPT=16379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:06:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.240.170 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=57509 PROTO=TCP SPT=43960 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:06:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54894 PROTO=TCP SPT=40549 DPT=7395 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:06:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.65 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=60009 DF PROTO=TCP SPT=52123 DPT=3404 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:06:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12636 DF PROTO=TCP SPT=59551 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:06:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12637 DF PROTO=TCP SPT=59551 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:06:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.127 DST=145.239.177.179 LEN=32 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=23708 DPT=3283 LEN=12 Nov 9 08:06:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3585 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:06:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:06:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12638 DF PROTO=TCP SPT=59551 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:06:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3593 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:06:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47172 PROTO=TCP SPT=49956 DPT=25460 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33280 SEQ=1 Nov 9 08:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61847 SEQ=1 Nov 9 08:06:50 server83 letsencrypt.live.cgi: time="2025-11-09T08:06:50+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=karimlala WantedNames="[]" Nov 9 08:06:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14307 PROTO=TCP SPT=45727 DPT=32563 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3724 SEQ=1 Nov 9 08:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61847 SEQ=1 Nov 9 08:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1254 SEQ=1 Nov 9 08:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12463 SEQ=1 Nov 9 08:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37570 SEQ=1 Nov 9 08:06:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12640 DF PROTO=TCP SPT=59551 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:06:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.86 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55184 DPT=44330 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:01 server83 systemd: Started Session 308826 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308827 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308828 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308829 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308825 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308831 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308830 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308832 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308833 of user root. Nov 9 08:07:01 server83 systemd: Started Session 308834 of user root. Nov 9 08:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49528 SEQ=1 Nov 9 08:07:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65396 SEQ=1 Nov 9 08:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=39329 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:07:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:03 server83 imunify-auditd-log-reader[9638]: lost 16 message sequences Nov 9 08:07:03 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 08:07:03 server83 imunify-auditd-log-reader[9638]: lost 14 message sequences Nov 9 08:07:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:03 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 08:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=61965 DF PROTO=ICMP TYPE=8 CODE=0 ID=46782 SEQ=17506 Nov 9 08:07:04 server83 imunify-auditd-log-reader[9638]: lost 16 message sequences Nov 9 08:07:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:07:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:04 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:07:04 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 08:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13424 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:06 server83 letsencrypt.live.cgi: time="2025-11-09T08:07:06+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=gsnmahav WantedNames="[]" Nov 9 08:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13425 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7650 SEQ=1 Nov 9 08:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.186 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=12074 DF PROTO=TCP SPT=59257 DPT=22205 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20544 SEQ=1 Nov 9 08:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44330 SEQ=1 Nov 9 08:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13426 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.41 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55266 DPT=808 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13427 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3584 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:07:20 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 08:07:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7496 SEQ=1 Nov 9 08:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13428 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41516 SEQ=1 Nov 9 08:07:21 server83 letsencrypt.live.cgi: time="2025-11-09T08:07:21+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=foodhealthinfo WantedNames="[]" Nov 9 08:07:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7162 SEQ=1 Nov 9 08:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7496 SEQ=1 Nov 9 08:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54487 SEQ=1 Nov 9 08:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22803 SEQ=1 Nov 9 08:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47262 SEQ=1 Nov 9 08:07:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6203 SEQ=1 Nov 9 08:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54818 SEQ=1 Nov 9 08:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58385 PROTO=TCP SPT=45727 DPT=30523 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13429 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8238 SEQ=1 Nov 9 08:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12929 SEQ=1 Nov 9 08:07:37 server83 letsencrypt.live.cgi: time="2025-11-09T08:07:37+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ratnachirangoorg WantedNames="[]" Nov 9 08:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64961 SEQ=1 Nov 9 08:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29360 SEQ=1 Nov 9 08:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64597 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64598 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:07:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64599 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:43 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:07:43 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:07:43 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:07:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64600 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:07:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52601 SEQ=1 Nov 9 08:07:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.170 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=16820 PROTO=TCP SPT=55806 DPT=6033 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:07:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=235 SEQ=1 Nov 9 08:07:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32509 SEQ=1 Nov 9 08:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32509 SEQ=1 Nov 9 08:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14494 SEQ=1 Nov 9 08:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52972 SEQ=1 Nov 9 08:07:53 server83 letsencrypt.live.cgi: time="2025-11-09T08:07:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vitachat WantedNames="[]" Nov 9 08:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64601 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:01 server83 systemd: Started Session 308835 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308837 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308838 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308839 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308836 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308840 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308841 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308842 of user root. Nov 9 08:08:01 server83 systemd: Started Session 308843 of user root. Nov 9 08:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33786 SEQ=1 Nov 9 08:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11051 SEQ=1 Nov 9 08:08:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51226 PROTO=TCP SPT=51105 DPT=7486 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:08 server83 letsencrypt.live.cgi: time="2025-11-09T08:08:08+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=digitalr WantedNames="[]" Nov 9 08:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13344 SEQ=1 Nov 9 08:08:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13430 DF PROTO=TCP SPT=41564 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65143 SEQ=1 Nov 9 08:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64602 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=44928 PROTO=TCP SPT=47263 DPT=1171 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:08:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:08:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33359 SEQ=1 Nov 9 08:08:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49828 SEQ=1 Nov 9 08:08:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27543 SEQ=1 Nov 9 08:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42523 PROTO=TCP SPT=37243 DPT=9403 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25514 SEQ=1 Nov 9 08:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20892 SEQ=1 Nov 9 08:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63976 SEQ=1 Nov 9 08:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3167 DF PROTO=TCP SPT=38626 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.32 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=30192 PROTO=TCP SPT=55006 DPT=26135 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 08:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 08:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3168 DF PROTO=TCP SPT=38626 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3169 DF PROTO=TCP SPT=38626 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:24 server83 letsencrypt.live.cgi: time="2025-11-09T08:08:24+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=serviceprint WantedNames="[]" Nov 9 08:08:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.237 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55485 DPT=45206 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41120 PROTO=TCP SPT=53687 DPT=3034 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3170 DF PROTO=TCP SPT=38626 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.111 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52943 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19489 SEQ=1 Nov 9 08:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16622 SEQ=1 Nov 9 08:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29968 SEQ=1 Nov 9 08:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35005 SEQ=1 Nov 9 08:08:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33519 SEQ=1 Nov 9 08:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3171 DF PROTO=TCP SPT=38626 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29968 SEQ=1 Nov 9 08:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33519 SEQ=1 Nov 9 08:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53189 SEQ=1 Nov 9 08:08:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20727 PROTO=TCP SPT=49956 DPT=25100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:08:40 server83 letsencrypt.live.cgi: time="2025-11-09T08:08:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=realworldairdrop WantedNames="[]" Nov 9 08:08:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=200.9.154.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36616 DPT=1234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5150 PROTO=TCP SPT=41686 DPT=8661 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64603 DF PROTO=TCP SPT=37438 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:08:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58331 PROTO=TCP SPT=57939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:08:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58332 PROTO=TCP SPT=57939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:08:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25023 SEQ=1 Nov 9 08:08:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:08:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:08:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10166 SEQ=1 Nov 9 08:08:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25023 SEQ=1 Nov 9 08:08:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=8548 PROTO=TCP SPT=42298 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:08:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=58333 PROTO=TCP SPT=57939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:08:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=8549 PROTO=TCP SPT=42298 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13206 SEQ=1 Nov 9 08:08:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=8551 PROTO=TCP SPT=42298 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51138 SEQ=1 Nov 9 08:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50032 SEQ=1 Nov 9 08:08:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:08:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=19859 PROTO=TCP SPT=56753 DPT=8109 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:08:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55770 PROTO=TCP SPT=59146 DPT=8560 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:08:55 server83 letsencrypt.live.cgi: time="2025-11-09T08:08:55+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ipargus WantedNames="[]" Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4955] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4959] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4960] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4963] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4972] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4974] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:08:59 server83 NetworkManager[922]: <info> [1762655939.4985] dhcp4 (eth1): dhclient started with pid 29851 Nov 9 08:08:59 server83 dhclient[29851]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x7ef5cefc) Nov 9 08:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:09:01 server83 systemd: Started Session 308844 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308847 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308845 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308846 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308849 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308850 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308848 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308851 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308852 of user root. Nov 9 08:09:01 server83 systemd: Started Session 308853 of user root. Nov 9 08:09:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3639 SEQ=1 Nov 9 08:09:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40934 PROTO=TCP SPT=46370 DPT=1366 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:09:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44443 SEQ=1 Nov 9 08:09:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52291 PROTO=TCP SPT=46370 DPT=1877 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:09:04 server83 dhclient[29851]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x7ef5cefc) Nov 9 08:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1664 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28541 SEQ=1 Nov 9 08:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21590 SEQ=1 Nov 9 08:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1665 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61915 PROTO=TCP SPT=45727 DPT=32743 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30653 SEQ=1 Nov 9 08:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44443 SEQ=1 Nov 9 08:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28541 SEQ=1 Nov 9 08:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1666 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.8 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17076 PROTO=TCP SPT=41091 DPT=3007 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:09:11 server83 letsencrypt.live.cgi: time="2025-11-09T08:09:11+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=svasticlinic WantedNames="[]" error="Account is suspended" Nov 9 08:09:13 server83 dhclient[29851]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7ef5cefc) Nov 9 08:09:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1667 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3592 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:09:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=26041 PROTO=TCP SPT=52592 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60187 SEQ=1 Nov 9 08:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=26042 PROTO=TCP SPT=52592 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.41.152 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3199 DF PROTO=TCP SPT=38749 DPT=567 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52354 SEQ=1 Nov 9 08:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60187 SEQ=1 Nov 9 08:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=45269 PROTO=TCP SPT=40455 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:09:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35511 SEQ=1 Nov 9 08:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1668 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47224 SEQ=1 Nov 9 08:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=45271 PROTO=TCP SPT=40455 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3173 DF PROTO=TCP SPT=38626 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:25 server83 pam_imunify_daemon.bin: time="2025-11-09T08:09:25+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 08:09:26 server83 letsencrypt.live.cgi: time="2025-11-09T08:09:26+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=fchklimited WantedNames="[]" Nov 9 08:09:27 server83 scripts.sh: Sun Nov 9 08:09:27 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 08:09:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42850 PROTO=TCP SPT=50986 DPT=7153 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:09:32 server83 dhclient[29851]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x7ef5cefc) Nov 9 08:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42077 SEQ=1 Nov 9 08:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43578 SEQ=1 Nov 9 08:09:34 server83 PAM-hulk[32029]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 08:09:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:09:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.172.89.248 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=45677 DPT=1234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1669 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.103 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=39063 PROTO=TCP SPT=39284 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31073 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31074 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:42 server83 letsencrypt.live.cgi: time="2025-11-09T08:09:42+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=pjsctatneft WantedNames="[]" Nov 9 08:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.180 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56303 DPT=9023 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:09:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31075 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:44 server83 NetworkManager[922]: <warn> [1762655984.4505] dhcp4 (eth1): request timed out Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4505] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4665] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29851 Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4665] dhcp4 (eth1): state changed timeout -> done Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:09:44 server83 NetworkManager[922]: <warn> [1762655984.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4706] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4709] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4710] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4713] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4723] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4726] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:09:44 server83 NetworkManager[922]: <info> [1762655984.4737] dhcp4 (eth1): dhclient started with pid 2013 Nov 9 08:09:44 server83 dhclient[2013]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6973bf31) Nov 9 08:09:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:09:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31076 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:48 server83 dhclient[2013]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6973bf31) Nov 9 08:09:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31364 SEQ=1 Nov 9 08:09:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13834 SEQ=1 Nov 9 08:09:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45525 SEQ=1 Nov 9 08:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42953 SEQ=1 Nov 9 08:09:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10296 PROTO=TCP SPT=56114 DPT=7800 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24998 SEQ=1 Nov 9 08:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45525 SEQ=1 Nov 9 08:09:55 server83 dhclient[2013]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x6973bf31) Nov 9 08:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31077 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:09:57 server83 letsencrypt.live.cgi: time="2025-11-09T08:09:57+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=hemmac WantedNames="[]" error="Account is suspended" Nov 9 08:10:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.7 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=24939 DF PROTO=TCP SPT=8113 DPT=8828 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:10:01 server83 systemd: Started Session 308855 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308854 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308857 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308860 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308858 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308859 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308856 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308861 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308862 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308864 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308863 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308865 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308866 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308867 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308868 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308869 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308870 of user root. Nov 9 08:10:01 server83 systemd: Started Session 308871 of user root. Nov 9 08:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50242 SEQ=1 Nov 9 08:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53019 SEQ=1 Nov 9 08:10:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=65023 PROTO=TCP SPT=52789 DPT=3481 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60169 SEQ=1 Nov 9 08:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53631 SEQ=1 Nov 9 08:10:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1670 DF PROTO=TCP SPT=56950 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:10 server83 dhclient[2013]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x6973bf31) Nov 9 08:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31078 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.11 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=38246 PROTO=TCP SPT=47625 DPT=34012 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:10:12 server83 letsencrypt.live.cgi: time="2025-11-09T08:10:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=thebitfxpro WantedNames="[]" Nov 9 08:10:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.249 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=62922 DF PROTO=TCP SPT=38542 DPT=8180 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:10:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=31934 DF PROTO=ICMP TYPE=8 CODE=0 ID=29216 SEQ=10983 Nov 9 08:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19508 SEQ=1 Nov 9 08:10:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64270 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64540 SEQ=1 Nov 9 08:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64271 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:22 server83 dhclient[2013]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x6973bf31) Nov 9 08:10:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20319 SEQ=1 Nov 9 08:10:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14305 SEQ=1 Nov 9 08:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64272 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22412 PROTO=TCP SPT=46182 DPT=4280 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64273 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:28 server83 letsencrypt.live.cgi: time="2025-11-09T08:10:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tcib WantedNames="[]" Nov 9 08:10:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=41442 PROTO=TCP SPT=54230 DPT=9443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:10:29 server83 NetworkManager[922]: <warn> [1762656029.4513] dhcp4 (eth1): request timed out Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4674] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2013 Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4676] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:10:29 server83 NetworkManager[922]: <warn> [1762656029.4679] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4681] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4712] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4716] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4717] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4721] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4731] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4734] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:10:29 server83 NetworkManager[922]: <info> [1762656029.4747] dhcp4 (eth1): dhclient started with pid 6298 Nov 9 08:10:29 server83 dhclient[6298]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x48d9640c) Nov 9 08:10:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:10:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.40.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39984 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:10:32 server83 dhclient[6298]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x48d9640c) Nov 9 08:10:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12943 PROTO=TCP SPT=49956 DPT=25212 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51652 SEQ=1 Nov 9 08:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5188 SEQ=1 Nov 9 08:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64274 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:37 server83 dhclient[6298]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x48d9640c) Nov 9 08:10:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=16863 PROTO=TCP SPT=53762 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63360 SEQ=1 Nov 9 08:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5188 SEQ=1 Nov 9 08:10:43 server83 letsencrypt.live.cgi: time="2025-11-09T08:10:43+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=bigartdigital WantedNames="[]" error="Account is suspended" Nov 9 08:10:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31079 DF PROTO=TCP SPT=42686 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:10:50 server83 dhclient[6298]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x48d9640c) Nov 9 08:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26704 SEQ=1 Nov 9 08:10:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19506 PROTO=TCP SPT=43457 DPT=2455 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:10:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=124.243.182.144 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=9562 DF PROTO=ICMP TYPE=8 CODE=0 ID=64803 SEQ=18097 Nov 9 08:10:51 server83 pam_imunify_daemon.bin: time="2025-11-09T08:10:51+05:30" level=warning msg="Send stats for 7 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=7 Nov 9 08:10:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48918 SEQ=1 Nov 9 08:10:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35038 SEQ=1 Nov 9 08:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51750 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64275 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24895 SEQ=1 Nov 9 08:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44763 SEQ=1 Nov 9 08:10:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=3405 PROTO=TCP SPT=37369 DPT=16666 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:10:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.65 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=35533 PROTO=TCP SPT=49068 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:10:59 server83 letsencrypt.live.cgi: time="2025-11-09T08:10:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=godisone WantedNames="[]" Nov 9 08:11:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.185 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=63657 PROTO=TCP SPT=62252 DPT=18244 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:11:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:01 server83 systemd: Started Session 308875 of user root. Nov 9 08:11:01 server83 systemd: Started Session 308874 of user root. Nov 9 08:11:01 server83 systemd: Started Session 308872 of user root. Nov 9 08:11:01 server83 systemd: Started Session 308873 of user root. Nov 9 08:11:02 server83 systemd: Started Session 308876 of user root. Nov 9 08:11:02 server83 systemd: Started Session 308878 of user root. Nov 9 08:11:02 server83 systemd: Started Session 308877 of user root. Nov 9 08:11:02 server83 systemd: Started Session 308880 of user root. Nov 9 08:11:02 server83 systemd: Started Session 308881 of user root. Nov 9 08:11:02 server83 systemd: Started Session 308879 of user root. Nov 9 08:11:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49325 SEQ=1 Nov 9 08:11:04 server83 dhclient[6298]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x48d9640c) Nov 9 08:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.172.191.62 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=47200 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:06 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 08:11:06 server83 imunify-auditd-log-reader[9638]: lost 35 message sequences Nov 9 08:11:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36853 SEQ=1 Nov 9 08:11:07 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 08:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8201 SEQ=1 Nov 9 08:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32311 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12448 SEQ=1 Nov 9 08:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12448 SEQ=1 Nov 9 08:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32312 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.195.208.70 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=45403 PROTO=TCP SPT=34575 DPT=5839 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32313 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.18.241 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60761 DPT=2085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.128 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=35170 DPT=37777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3583 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:11:14 server83 NetworkManager[922]: <warn> [1762656074.4503] dhcp4 (eth1): request timed out Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6298 Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:11:14 server83 NetworkManager[922]: <warn> [1762656074.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4593] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4626] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4631] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4632] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4636] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4647] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4651] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:11:14 server83 NetworkManager[922]: <info> [1762656074.4664] dhcp4 (eth1): dhclient started with pid 11097 Nov 9 08:11:14 server83 dhclient[11097]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3ab3115a) Nov 9 08:11:15 server83 letsencrypt.live.cgi: time="2025-11-09T08:11:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dhsmail WantedNames="[]" Nov 9 08:11:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32314 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10605 SEQ=1 Nov 9 08:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56213 SEQ=1 Nov 9 08:11:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3591 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:11:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.51 DST=51.210.113.204 LEN=125 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=53051 DPT=11900 LEN=105 Nov 9 08:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39484 SEQ=1 Nov 9 08:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60274 SEQ=1 Nov 9 08:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.138.100.143 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=711 DF PROTO=ICMP TYPE=8 CODE=0 ID=62525 SEQ=3440 Nov 9 08:11:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=60.191.125.35 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=39323 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35530 SEQ=1 Nov 9 08:11:22 server83 dhclient[11097]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x3ab3115a) Nov 9 08:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59931 SEQ=1 Nov 9 08:11:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12641 DF PROTO=TCP SPT=64910 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32315 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64276 DF PROTO=TCP SPT=52738 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3189 PROTO=TCP SPT=51371 DPT=6204 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12644 DF PROTO=TCP SPT=64910 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:11:30 server83 letsencrypt.live.cgi: time="2025-11-09T08:11:30+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=etourguideinudai WantedNames="[]" error="Account is suspended" Nov 9 08:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45614 SEQ=1 Nov 9 08:11:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16483 SEQ=1 Nov 9 08:11:35 server83 systemd: Started Session c2852 of user root. Nov 9 08:11:36 server83 scripts.sh: Load Average: 4.77 , 4.11 Nov 9 08:11:36 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:11:36 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:11:36 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:11:36 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:11:36 server83 scripts.sh: MySQL Status: active Nov 9 08:11:36 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:11:36 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:11:36 server83 scripts.sh: SSHD Status: active Nov 9 08:11:36 server83 scripts.sh: FTP Status: active Nov 9 08:11:36 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:11:36 server83 scripts.sh: Imunify Status: Active Nov 9 08:11:36 server83 scripts.sh: cPanel Status: active Nov 9 08:11:36 server83 scripts.sh: Memory Status: 11/31 GB - 38.03% Nov 9 08:11:36 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:11:36 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:11:36 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3964 PROTO=TCP SPT=46370 DPT=2937 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:11:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12645 DF PROTO=TCP SPT=64910 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:11:39 server83 dhclient[11097]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x3ab3115a) Nov 9 08:11:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45614 SEQ=1 Nov 9 08:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32316 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7008 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7009 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:45 server83 letsencrypt.live.cgi: time="2025-11-09T08:11:45+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=yuvaayurvedic WantedNames="[]" Nov 9 08:11:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7010 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34855 SEQ=1 Nov 9 08:11:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3678 SEQ=1 Nov 9 08:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7011 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40571 SEQ=1 Nov 9 08:11:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39826 SEQ=1 Nov 9 08:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41737 SEQ=1 Nov 9 08:11:54 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:54 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 08:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7012 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:11:59 server83 dhclient[11097]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3ab3115a) Nov 9 08:11:59 server83 NetworkManager[922]: <warn> [1762656119.4503] dhcp4 (eth1): request timed out Nov 9 08:11:59 server83 NetworkManager[922]: <info> [1762656119.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:11:59 server83 NetworkManager[922]: <info> [1762656119.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11097 Nov 9 08:11:59 server83 NetworkManager[922]: <info> [1762656119.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 08:11:59 server83 NetworkManager[922]: <info> [1762656119.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:11:59 server83 NetworkManager[922]: <warn> [1762656119.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:11:59 server83 NetworkManager[922]: <info> [1762656119.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:11:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.195 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56505 DPT=9295 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 19 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 30 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 21 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 48 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:11:59 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:12:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43818 PROTO=TCP SPT=51503 DPT=9075 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:12:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=59589 PROTO=TCP SPT=55975 DPT=7624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:12:01 server83 systemd: Started Session 308882 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308884 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308883 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308886 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308887 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308888 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308885 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308889 of user root. Nov 9 08:12:01 server83 systemd: Started Session 308890 of user root. Nov 9 08:12:02 server83 letsencrypt.live.cgi: time="2025-11-09T08:12:02+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=blueoceanaindiac WantedNames="[]" Nov 9 08:12:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=52078 PROTO=TCP SPT=57401 DPT=8883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:12:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:12:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:12:03 server83 imunify-auditd-log-reader[9638]: lost 24 message sequences Nov 9 08:12:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:12:04 server83 imunify-auditd-log-reader[9638]: lost 38 message sequences Nov 9 08:12:04 server83 imunify-auditd-log-reader[9638]: lost 37 message sequences Nov 9 08:12:04 server83 imunify-auditd-log-reader[9638]: lost 20 message sequences Nov 9 08:12:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.32 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=37870 PROTO=TCP SPT=44487 DPT=8204 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:12:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49162 SEQ=1 Nov 9 08:12:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16386 SEQ=1 Nov 9 08:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24596 SEQ=1 Nov 9 08:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=122.8.187.130 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=58578 DF PROTO=ICMP TYPE=8 CODE=0 ID=38876 SEQ=2401 Nov 9 08:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28452 SEQ=1 Nov 9 08:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29099 SEQ=1 Nov 9 08:12:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:12:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32317 DF PROTO=TCP SPT=54458 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7013 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.10 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=48457 DPT=12654 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:12:17 server83 letsencrypt.live.cgi: time="2025-11-09T08:12:17+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=sumitrajasthantr WantedNames="[]" error="Account is suspended" Nov 9 08:12:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3590 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47482 SEQ=1 Nov 9 08:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43875 SEQ=1 Nov 9 08:12:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=278 SEQ=1 Nov 9 08:12:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47482 SEQ=1 Nov 9 08:12:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21353 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21354 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21355 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=51021 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21356 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12646 DF PROTO=TCP SPT=50291 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:12:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12647 DF PROTO=TCP SPT=50291 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:12:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35849 SEQ=1 Nov 9 08:12:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13953 SEQ=1 Nov 9 08:12:32 server83 letsencrypt.live.cgi: time="2025-11-09T08:12:32+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=herivip WantedNames="[]" error="Account is suspended" Nov 9 08:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25217 SEQ=1 Nov 9 08:12:32 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.37 DST=51.210.113.204 LEN=406 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=52526 DPT=5060 LEN=386 Nov 9 08:12:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12648 DF PROTO=TCP SPT=50291 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:12:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12649 DF PROTO=TCP SPT=50291 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:12:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62969 SEQ=1 Nov 9 08:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21357 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:12:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:12:45 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:12:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12650 DF PROTO=TCP SPT=50291 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:12:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.14 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=42310 DF PROTO=TCP SPT=31805 DPT=9390 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:12:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:12:47 server83 letsencrypt.live.cgi: time="2025-11-09T08:12:47+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=assetcoopen WantedNames="[]" error="Account is suspended" Nov 9 08:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7014 DF PROTO=TCP SPT=39004 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62918 SEQ=1 Nov 9 08:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56807 SEQ=1 Nov 9 08:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56807 SEQ=1 Nov 9 08:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62918 SEQ=1 Nov 9 08:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51364 SEQ=1 Nov 9 08:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51364 SEQ=1 Nov 9 08:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29116 SEQ=1 Nov 9 08:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.24.237.118 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54785 PROTO=TCP SPT=56076 DPT=9200 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21358 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:12:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.193 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=27554 PROTO=TCP SPT=53904 DPT=34437 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:12:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3589 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:12:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=21900 DF PROTO=TCP SPT=52599 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:13:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=28476 PROTO=TCP SPT=21679 DPT=5523 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:13:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=21901 DF PROTO=TCP SPT=52599 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:13:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54691 PROTO=TCP SPT=47867 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17342 SEQ=1 Nov 9 08:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58206 SEQ=1 Nov 9 08:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:13:01 server83 systemd: Started Session 308891 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308893 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308894 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308895 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308896 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308892 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308899 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308898 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308897 of user root. Nov 9 08:13:01 server83 systemd: Started Session 308900 of user root. Nov 9 08:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=21902 DF PROTO=TCP SPT=52599 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:13:02 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 08:13:03 server83 letsencrypt.live.cgi: time="2025-11-09T08:13:03+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=digitalchoice WantedNames="[]" Nov 9 08:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13560 SEQ=1 Nov 9 08:13:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47595 SEQ=1 Nov 9 08:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44934 PROTO=TCP SPT=47917 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54695 PROTO=TCP SPT=47867 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44935 PROTO=TCP SPT=47917 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=21903 DF PROTO=TCP SPT=52599 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44936 PROTO=TCP SPT=47917 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34163 SEQ=1 Nov 9 08:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=12621 PROTO=TCP SPT=3139 DPT=1201 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42058 DF PROTO=TCP SPT=59812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42059 DF PROTO=TCP SPT=59812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.180.99 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=105 ID=13789 DF PROTO=TCP SPT=62627 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:13:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63695 PROTO=TCP SPT=49956 DPT=25831 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:13:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13953 SEQ=1 Nov 9 08:13:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42061 DF PROTO=TCP SPT=59812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:18 server83 letsencrypt.live.cgi: time="2025-11-09T08:13:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wimpod WantedNames="[]" Nov 9 08:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42679 SEQ=1 Nov 9 08:13:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=60732 PROTO=TCP SPT=34221 DPT=2260 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:13:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.180.99 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=13791 DF PROTO=TCP SPT=62627 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 08:13:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2509 SEQ=1 Nov 9 08:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33131 SEQ=1 Nov 9 08:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40234 SEQ=1 Nov 9 08:13:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3588 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:13:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=138.201.158.24 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=63226 DF PROTO=ICMP TYPE=8 CODE=0 ID=8299 SEQ=46228 Nov 9 08:13:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56819 PROTO=TCP SPT=52773 DPT=13773 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21359 DF PROTO=TCP SPT=36778 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.80 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1424 PROTO=TCP SPT=28657 DPT=11101 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:13:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49420 SEQ=1 Nov 9 08:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17309 SEQ=1 Nov 9 08:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10142 SEQ=1 Nov 9 08:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22730 SEQ=1 Nov 9 08:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4322 SEQ=1 Nov 9 08:13:34 server83 letsencrypt.live.cgi: time="2025-11-09T08:13:34+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=jayant WantedNames="[]" error="Account is suspended" Nov 9 08:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49420 SEQ=1 Nov 9 08:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19334 SEQ=1 Nov 9 08:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29345 SEQ=1 Nov 9 08:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42063 DF PROTO=TCP SPT=59812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46055 DF PROTO=TCP SPT=40096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46056 DF PROTO=TCP SPT=40096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.137 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50486 DPT=33701 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:13:47 server83 pam_imunify_daemon.bin: time="2025-11-09T08:13:47+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 08:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3582 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36179 DPT=9020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:13:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54475 SEQ=1 Nov 9 08:13:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54475 SEQ=1 Nov 9 08:13:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46057 DF PROTO=TCP SPT=40096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:13:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8602 SEQ=1 Nov 9 08:13:49 server83 letsencrypt.live.cgi: time="2025-11-09T08:13:49+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=entrustfinance WantedNames="[]" error="Account is suspended" Nov 9 08:13:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23730 SEQ=1 Nov 9 08:13:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.177 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52823 DPT=9539 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:13:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.67.107 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=47261 DPT=8079 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61033 SEQ=1 Nov 9 08:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8602 SEQ=1 Nov 9 08:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46059 DF PROTO=TCP SPT=40096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:14:01 server83 systemd: Started Session 308902 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308903 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308901 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308904 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308905 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308906 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308907 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308908 of user root. Nov 9 08:14:01 server83 systemd: Started Session 308909 of user root. Nov 9 08:14:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=53342 PROTO=TCP SPT=55665 DPT=40670 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:14:05 server83 letsencrypt.live.cgi: time="2025-11-09T08:14:05+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=shrividyalaya WantedNames="[]" Nov 9 08:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22371 SEQ=1 Nov 9 08:14:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22565 SEQ=1 Nov 9 08:14:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23914 SEQ=1 Nov 9 08:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10217 SEQ=1 Nov 9 08:14:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43662 PROTO=TCP SPT=45727 DPT=32029 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:14:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55161 PROTO=TCP SPT=61638 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55162 PROTO=TCP SPT=61638 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:13 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=183.160.195.114 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=233 ID=44091 PROTO=UDP SPT=26514 DPT=69 LEN=28 Nov 9 08:14:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43189 PROTO=TCP SPT=48186 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55163 PROTO=TCP SPT=61638 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43190 PROTO=TCP SPT=48186 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55164 PROTO=TCP SPT=61638 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50600 PROTO=TCP SPT=38964 DPT=6797 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43192 PROTO=TCP SPT=48186 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:14:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52891 SEQ=1 Nov 9 08:14:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=1474 PROTO=TCP SPT=56337 DPT=11100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:14:20 server83 letsencrypt.live.cgi: time="2025-11-09T08:14:20+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=wemarket WantedNames="[]" Nov 9 08:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7184 SEQ=1 Nov 9 08:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8626 SEQ=1 Nov 9 08:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55860 SEQ=1 Nov 9 08:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13598 SEQ=1 Nov 9 08:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8626 SEQ=1 Nov 9 08:14:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17916 DF PROTO=TCP SPT=41028 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17917 DF PROTO=TCP SPT=41028 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17918 DF PROTO=TCP SPT=41028 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17919 DF PROTO=TCP SPT=41028 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16893 SEQ=1 Nov 9 08:14:36 server83 letsencrypt.live.cgi: time="2025-11-09T08:14:36+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=cachetexpress WantedNames="[]" error="Account is suspended" Nov 9 08:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35096 SEQ=1 Nov 9 08:14:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24874 PROTO=TCP SPT=53127 DPT=8573 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:14:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12651 DF PROTO=TCP SPT=53520 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35096 SEQ=1 Nov 9 08:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35266 SEQ=1 Nov 9 08:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8439 SEQ=1 Nov 9 08:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12652 DF PROTO=TCP SPT=53520 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.86.135 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1234 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15357 SEQ=1 Nov 9 08:14:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.251.67.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=56827 PROTO=TCP SPT=51856 DPT=42222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12653 DF PROTO=TCP SPT=53520 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17920 DF PROTO=TCP SPT=41028 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12654 DF PROTO=TCP SPT=53609 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12655 DF PROTO=TCP SPT=53609 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:43 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 08:14:43 server83 systemd: Stopped Status Update Service. Nov 9 08:14:43 server83 systemd: Started Status Update Service. Nov 9 08:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12656 DF PROTO=TCP SPT=53609 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24996 PROTO=TCP SPT=49956 DPT=29236 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:14:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:14:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12658 DF PROTO=TCP SPT=53609 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47490 PROTO=TCP SPT=60205 DPT=7660 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:14:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46061 DF PROTO=TCP SPT=40096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45636 SEQ=1 Nov 9 08:14:51 server83 letsencrypt.live.cgi: time="2025-11-09T08:14:51+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=natohighwayspatr WantedNames="[]" Nov 9 08:14:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45636 SEQ=1 Nov 9 08:14:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4353 SEQ=1 Nov 9 08:14:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12659 DF PROTO=TCP SPT=53520 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4590 SEQ=1 Nov 9 08:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53905 SEQ=1 Nov 9 08:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28734 SEQ=1 Nov 9 08:14:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.20 DST=51.210.113.204 LEN=121 TOS=0x00 PREC=0x00 TTL=48 ID=59435 PROTO=UDP SPT=47439 DPT=6881 LEN=101 Nov 9 08:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12660 DF PROTO=TCP SPT=53609 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43166 PROTO=TCP SPT=57863 DPT=5733 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:15:01 server83 systemd: Started Session 308912 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308911 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308910 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308913 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308914 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308915 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308917 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308916 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308918 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308919 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308920 of user root. Nov 9 08:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 08:15:01 server83 systemd: Started Session 308922 of user sanatanhinduvahi. Nov 9 08:15:01 server83 systemd: Started Session 308923 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308921 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308924 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308925 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308926 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308927 of user root. Nov 9 08:15:01 server83 systemd: Started Session 308928 of user root. Nov 9 08:15:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 08:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8368 SEQ=1 Nov 9 08:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26583 SEQ=1 Nov 9 08:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=57545 PROTO=TCP SPT=47238 DPT=40253 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:15:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=65236 PROTO=TCP SPT=40797 DPT=22817 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:15:07 server83 letsencrypt.live.cgi: time="2025-11-09T08:15:07+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=asdfuxco WantedNames="[]" Nov 9 08:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26583 SEQ=1 Nov 9 08:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8368 SEQ=1 Nov 9 08:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10441 SEQ=1 Nov 9 08:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2134 SEQ=1 Nov 9 08:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24469 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24470 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24471 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56966 SEQ=1 Nov 9 08:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37742 SEQ=1 Nov 9 08:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51382 SEQ=1 Nov 9 08:15:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37742 SEQ=1 Nov 9 08:15:22 server83 letsencrypt.live.cgi: time="2025-11-09T08:15:22+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=rtc WantedNames="[]" Nov 9 08:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24472 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50230 SEQ=1 Nov 9 08:15:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.90 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50393 DPT=220 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:15:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=48.217.233.154 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=40774 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:15:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10206 PROTO=TCP SPT=41009 DPT=4102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:15:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15457 PROTO=TCP SPT=49956 DPT=29519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:15:29 server83 pam_imunify_daemon.bin: time="2025-11-09T08:15:29+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 08:15:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17922 DF PROTO=TCP SPT=41028 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24473 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52478 SEQ=1 Nov 9 08:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30170 SEQ=1 Nov 9 08:15:34 server83 kernel: No UUID available providing old NGUID Nov 9 08:15:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1031 SEQ=1 Nov 9 08:15:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51952 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:15:38 server83 letsencrypt.live.cgi: time="2025-11-09T08:15:38+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=iyaantec WantedNames="[]" error="Account is suspended" Nov 9 08:15:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40100 PROTO=TCP SPT=53687 DPT=3432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20976 SEQ=1 Nov 9 08:15:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.187 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=51499 PROTO=TCP SPT=30381 DPT=7443 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:15:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3581 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:15:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24474 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27139 PROTO=TCP SPT=49956 DPT=25644 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61092 PROTO=TCP SPT=52789 DPT=34344 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3415 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44782 SEQ=1 Nov 9 08:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3416 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56760 SEQ=1 Nov 9 08:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42636 SEQ=1 Nov 9 08:15:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3417 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:15:53 server83 letsencrypt.live.cgi: time="2025-11-09T08:15:53+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=legacymail WantedNames="[]" Nov 9 08:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61537 SEQ=1 Nov 9 08:15:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27952 SEQ=1 Nov 9 08:15:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30063 SEQ=1 Nov 9 08:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3418 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:16:01 server83 systemd: Started Session 308929 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308931 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308930 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308932 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308933 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308934 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308935 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308936 of user root. Nov 9 08:16:01 server83 systemd: Started Session 308937 of user root. Nov 9 08:16:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51507 SEQ=1 Nov 9 08:16:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27846 SEQ=1 Nov 9 08:16:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38594 SEQ=1 Nov 9 08:16:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57753 SEQ=1 Nov 9 08:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3419 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21908 SEQ=1 Nov 9 08:16:09 server83 letsencrypt.live.cgi: time="2025-11-09T08:16:09+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bluefastdelservi WantedNames="[]" Nov 9 08:16:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13658 PROTO=TCP SPT=46370 DPT=2877 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:16:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:16:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34690 SEQ=1 Nov 9 08:16:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1606 SEQ=1 Nov 9 08:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24475 DF PROTO=TCP SPT=51434 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3420 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38425 SEQ=1 Nov 9 08:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14867 SEQ=1 Nov 9 08:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22227 SEQ=1 Nov 9 08:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23986 SEQ=1 Nov 9 08:16:25 server83 letsencrypt.live.cgi: time="2025-11-09T08:16:25+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=tegaugbune WantedNames="[]" Nov 9 08:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33815 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33816 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18085 SEQ=1 Nov 9 08:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33817 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61410 SEQ=1 Nov 9 08:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=30142 PROTO=TCP SPT=21679 DPT=17000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:16:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46130 SEQ=1 Nov 9 08:16:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48472 SEQ=1 Nov 9 08:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39792 SEQ=1 Nov 9 08:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30613 SEQ=1 Nov 9 08:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33818 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=49.0.250.197 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=23877 DF PROTO=ICMP TYPE=8 CODE=0 ID=475 SEQ=20642 Nov 9 08:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48472 SEQ=1 Nov 9 08:16:40 server83 letsencrypt.live.cgi: time="2025-11-09T08:16:40+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=bajrangiexporter WantedNames="[]" Nov 9 08:16:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22372 PROTO=TCP SPT=54739 DPT=2668 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33819 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3580 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:16:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:16:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14540 SEQ=1 Nov 9 08:16:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58516 SEQ=1 Nov 9 08:16:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28455 SEQ=1 Nov 9 08:16:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23747 SEQ=1 Nov 9 08:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53570 SEQ=1 Nov 9 08:16:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.100 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=44798 PROTO=TCP SPT=54112 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:16:50 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:16:50 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:16:51 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 08:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13041 SEQ=1 Nov 9 08:16:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.148.147.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=37922 DPT=84 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:16:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3421 DF PROTO=TCP SPT=49478 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:16:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15059 PROTO=TCP SPT=47308 DPT=6816 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:16:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42169 PROTO=TCP SPT=49956 DPT=28154 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:16:57 server83 letsencrypt.live.cgi: time="2025-11-09T08:16:57+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=adyanrea WantedNames="[]" Nov 9 08:16:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=26794 PROTO=TCP SPT=37940 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4675] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4681] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4683] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4687] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4699] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4701] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:16:59 server83 NetworkManager[922]: <info> [1762656419.4714] dhcp4 (eth1): dhclient started with pid 21882 Nov 9 08:16:59 server83 dhclient[21882]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x14b2a845) Nov 9 08:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33820 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:17:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9790 SEQ=1 Nov 9 08:17:01 server83 systemd: Started Session 308938 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308939 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308940 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308941 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308942 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308943 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308944 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308945 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308946 of user root. Nov 9 08:17:01 server83 systemd: Started Session 308947 of user root. Nov 9 08:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22064 SEQ=1 Nov 9 08:17:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=56743 PROTO=TCP SPT=56114 DPT=7819 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:03 server83 dhclient[21882]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x14b2a845) Nov 9 08:17:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29977 SEQ=1 Nov 9 08:17:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.129.151 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=47 ID=7642 DF PROTO=TCP SPT=44197 DPT=1942 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:17:07 server83 dhclient[21882]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x14b2a845) Nov 9 08:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18554 SEQ=1 Nov 9 08:17:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26438 PROTO=TCP SPT=34414 DPT=4418 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:17:11 server83 dhclient[21882]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x14b2a845) Nov 9 08:17:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3587 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:12 server83 letsencrypt.live.cgi: time="2025-11-09T08:17:12+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ndtsllc WantedNames="[]" Nov 9 08:17:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.119 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=5906 PROTO=TCP SPT=45150 DPT=18998 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:17:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:17:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=6689 PROTO=TCP SPT=56114 DPT=7803 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58201 SEQ=1 Nov 9 08:17:18 server83 dhclient[21882]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x14b2a845) Nov 9 08:17:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.217 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=55090 DF PROTO=TCP SPT=1436 DPT=24554 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:17:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3579 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14366 SEQ=1 Nov 9 08:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19220 SEQ=1 Nov 9 08:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23732 SEQ=1 Nov 9 08:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39500 SEQ=1 Nov 9 08:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61871 SEQ=1 Nov 9 08:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23732 SEQ=1 Nov 9 08:17:28 server83 letsencrypt.live.cgi: time="2025-11-09T08:17:28+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=crestcourier WantedNames="[]" Nov 9 08:17:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3586 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:17:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:17:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48039 SEQ=1 Nov 9 08:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55759 SEQ=1 Nov 9 08:17:34 server83 dhclient[21882]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x14b2a845) Nov 9 08:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33821 DF PROTO=TCP SPT=45758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14773 SEQ=1 Nov 9 08:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25886 SEQ=1 Nov 9 08:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52965 SEQ=1 Nov 9 08:17:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.29 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49167 DPT=27170 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20313 SEQ=1 Nov 9 08:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54926 SEQ=1 Nov 9 08:17:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.254 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53481 DPT=9404 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:17:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.242.196 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42982 DPT=17155 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:17:44 server83 letsencrypt.live.cgi: time="2025-11-09T08:17:44+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=ukmail WantedNames="[]" Nov 9 08:17:44 server83 NetworkManager[922]: <warn> [1762656464.4383] dhcp4 (eth1): request timed out Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4543] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21882 Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4543] dhcp4 (eth1): state changed timeout -> done Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4545] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:17:44 server83 NetworkManager[922]: <warn> [1762656464.4550] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4552] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4585] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4589] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4590] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4593] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4603] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4606] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:17:44 server83 NetworkManager[922]: <info> [1762656464.4616] dhcp4 (eth1): dhclient started with pid 23036 Nov 9 08:17:44 server83 dhclient[23036]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x16b37461) Nov 9 08:17:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.235.176.50 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=44017 DPT=123 LEN=200 Nov 9 08:17:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:17:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:17:45 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:17:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:17:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3578 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64718 PROTO=TCP SPT=46370 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21434 SEQ=1 Nov 9 08:17:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52255 SEQ=1 Nov 9 08:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51058 SEQ=1 Nov 9 08:17:52 server83 dhclient[23036]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x16b37461) Nov 9 08:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37223 SEQ=1 Nov 9 08:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6931 SEQ=1 Nov 9 08:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37223 SEQ=1 Nov 9 08:17:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.28.13 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=45 ID=46758 PROTO=UDP SPT=47782 DPT=4800 LEN=16 Nov 9 08:17:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3585 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:17:57 server83 pam_imunify_daemon.bin: time="2025-11-09T08:17:57+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 08:17:59 server83 letsencrypt.live.cgi: time="2025-11-09T08:17:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=dufflinx WantedNames="[]" Nov 9 08:18:01 server83 systemd: Started Session 308948 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308949 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308950 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308951 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308952 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308953 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308954 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308956 of user root. Nov 9 08:18:01 server83 systemd: Started Session 308955 of user root. Nov 9 08:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43261 SEQ=1 Nov 9 08:18:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63408 SEQ=1 Nov 9 08:18:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=4297 PROTO=TCP SPT=51748 DPT=4150 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:03 server83 dhclient[23036]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x16b37461) Nov 9 08:18:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6523 SEQ=1 Nov 9 08:18:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24525 SEQ=1 Nov 9 08:18:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.215.0.144 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46310 PROTO=TCP SPT=60024 DPT=120 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:18:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47071 SEQ=1 Nov 9 08:18:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=5026 PROTO=TCP SPT=45464 DPT=1107 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31419 SEQ=1 Nov 9 08:18:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25939 PROTO=TCP SPT=57143 DPT=8610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:18:12 server83 dhclient[23036]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x16b37461) Nov 9 08:18:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15392 PROTO=TCP SPT=45968 DPT=9866 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.103 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=22372 PROTO=TCP SPT=50154 DPT=17155 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:18:15 server83 letsencrypt.live.cgi: time="2025-11-09T08:18:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=eklavyabanquet WantedNames="[]" Nov 9 08:18:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46793 PROTO=TCP SPT=49956 DPT=29797 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64833 SEQ=1 Nov 9 08:18:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:18:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 08:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 08:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3611 SEQ=1 Nov 9 08:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22347 SEQ=1 Nov 9 08:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32050 SEQ=1 Nov 9 08:18:22 server83 dhclient[23036]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x16b37461) Nov 9 08:18:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40368 PROTO=TCP SPT=32950 DPT=6682 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63561 SEQ=1 Nov 9 08:18:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3584 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:18:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12270 PROTO=TCP SPT=43144 DPT=4463 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.44 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=50172 PROTO=TCP SPT=9623 DPT=9858 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:18:29 server83 NetworkManager[922]: <warn> [1762656509.4413] dhcp4 (eth1): request timed out Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4413] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4493] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23036 Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4493] dhcp4 (eth1): state changed timeout -> done Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4495] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:18:29 server83 NetworkManager[922]: <warn> [1762656509.4500] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4502] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4535] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4539] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4540] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4544] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4556] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4559] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:18:29 server83 NetworkManager[922]: <info> [1762656509.4570] dhcp4 (eth1): dhclient started with pid 24175 Nov 9 08:18:29 server83 dhclient[24175]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7f915254) Nov 9 08:18:31 server83 letsencrypt.live.cgi: time="2025-11-09T08:18:31+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=cabsafari WantedNames="[]" Nov 9 08:18:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.119.28.203 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=19343 PROTO=TCP SPT=50993 DPT=118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=29010 PROTO=TCP SPT=44848 DPT=4567 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11839 SEQ=1 Nov 9 08:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25279 SEQ=1 Nov 9 08:18:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6894 SEQ=1 Nov 9 08:18:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20103 SEQ=1 Nov 9 08:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35509 PROTO=TCP SPT=53687 DPT=5002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:18:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:18:37 server83 dhclient[24175]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7f915254) Nov 9 08:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20103 SEQ=1 Nov 9 08:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=33609 DF PROTO=ICMP TYPE=8 CODE=0 ID=37796 SEQ=48147 Nov 9 08:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26568 SEQ=1 Nov 9 08:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63634 PROTO=TCP SPT=56922 DPT=5242 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33002 DPT=24000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:18:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:18:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:18:47 server83 letsencrypt.live.cgi: time="2025-11-09T08:18:47+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=abhayrajyadavgro WantedNames="[]" Nov 9 08:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47171 SEQ=1 Nov 9 08:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7457 SEQ=1 Nov 9 08:18:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.184 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=43006 DF PROTO=TCP SPT=39969 DPT=5002 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34380 SEQ=1 Nov 9 08:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45174 SEQ=1 Nov 9 08:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58247 SEQ=1 Nov 9 08:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63492 SEQ=1 Nov 9 08:18:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.208.236 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=37998 DPT=123 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58247 SEQ=1 Nov 9 08:18:55 server83 dhclient[24175]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7f915254) Nov 9 08:18:58 server83 scripts.sh: Sun Nov 9 08:18:58 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 08:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:19:01 server83 systemd: Started Session 308957 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308958 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308959 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308960 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308962 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308961 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308964 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308963 of user root. Nov 9 08:19:01 server83 systemd: Started Session 308965 of user root. Nov 9 08:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:19:03 server83 letsencrypt.live.cgi: time="2025-11-09T08:19:03+05:30" level=info msg="Skipping because of pre-flight non-fatal failure" Function=processAutoSSLForAccount Retry=false Username=amittours WantedNames="[]" error="Account is suspended" Nov 9 08:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49314 SEQ=1 Nov 9 08:19:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35158 SEQ=1 Nov 9 08:19:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=292 PROTO=TCP SPT=11608 DPT=46337 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33853 SEQ=1 Nov 9 08:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28681 SEQ=1 Nov 9 08:19:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28681 SEQ=1 Nov 9 08:19:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.82.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41612 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.13 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57255 DPT=49144 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:19:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=59218 PROTO=TCP SPT=53314 DPT=222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:19:13 server83 dhclient[24175]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7f915254) Nov 9 08:19:14 server83 NetworkManager[922]: <warn> [1762656554.4507] dhcp4 (eth1): request timed out Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4507] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4667] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24175 Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4667] dhcp4 (eth1): state changed timeout -> done Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4669] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:19:14 server83 NetworkManager[922]: <warn> [1762656554.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4702] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4704] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4705] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4706] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4715] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4716] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:19:14 server83 NetworkManager[922]: <info> [1762656554.4727] dhcp4 (eth1): dhclient started with pid 25578 Nov 9 08:19:14 server83 dhclient[25578]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x31e2204b) Nov 9 08:19:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12913 PROTO=TCP SPT=49956 DPT=25113 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:19:18 server83 letsencrypt.live.cgi: time="2025-11-09T08:19:18+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=poulomiservice WantedNames="[]" Nov 9 08:19:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62300 SEQ=1 Nov 9 08:19:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51176 SEQ=1 Nov 9 08:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31903 SEQ=1 Nov 9 08:19:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.195 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35016 DPT=9060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:19:22 server83 dhclient[25578]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x31e2204b) Nov 9 08:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50877 SEQ=1 Nov 9 08:19:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23692 SEQ=1 Nov 9 08:19:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5985 SEQ=1 Nov 9 08:19:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4287 SEQ=1 Nov 9 08:19:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52998 SEQ=1 Nov 9 08:19:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12661 DF PROTO=TCP SPT=59192 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3742 SEQ=1 Nov 9 08:19:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12662 DF PROTO=TCP SPT=59192 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47693 SEQ=1 Nov 9 08:19:34 server83 letsencrypt.live.cgi: time="2025-11-09T08:19:34+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=falconxt WantedNames="[]" Nov 9 08:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12663 DF PROTO=TCP SPT=59192 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:19:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.252 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55513 DPT=8009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:19:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.137 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=33545 PROTO=TCP SPT=16964 DPT=83 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:19:37 server83 dhclient[25578]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x31e2204b) Nov 9 08:19:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12664 DF PROTO=TCP SPT=59192 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:19:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.148.190.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=19718 PROTO=TCP SPT=45719 DPT=30989 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:19:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12665 DF PROTO=TCP SPT=59192 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:19:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29148 SEQ=1 Nov 9 08:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5508 SEQ=1 Nov 9 08:19:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8797 SEQ=1 Nov 9 08:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5508 SEQ=1 Nov 9 08:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62799 SEQ=1 Nov 9 08:19:54 server83 pam_imunify_daemon.bin: time="2025-11-09T08:19:54+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 08:19:57 server83 dhclient[25578]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x31e2204b) Nov 9 08:19:59 server83 NetworkManager[922]: <warn> [1762656599.4421] dhcp4 (eth1): request timed out Nov 9 08:19:59 server83 NetworkManager[922]: <info> [1762656599.4421] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:19:59 server83 NetworkManager[922]: <info> [1762656599.4742] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25578 Nov 9 08:19:59 server83 NetworkManager[922]: <info> [1762656599.4742] dhcp4 (eth1): state changed timeout -> done Nov 9 08:19:59 server83 NetworkManager[922]: <info> [1762656599.4745] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:19:59 server83 NetworkManager[922]: <warn> [1762656599.4751] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:19:59 server83 NetworkManager[922]: <info> [1762656599.4753] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:19:59 server83 letsencrypt.live.cgi: time="2025-11-09T08:19:59+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=transglobalxpres WantedNames="[]" Nov 9 08:20:01 server83 systemd: Started Session 308967 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308966 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308968 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308969 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308970 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308972 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308971 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308973 of user root. Nov 9 08:20:01 server83 systemd: Started Session 308976 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308975 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308977 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308978 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308979 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308980 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308974 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308981 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308983 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308982 of user root. Nov 9 08:20:02 server83 systemd: Started Session 308984 of user root. Nov 9 08:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18722 SEQ=1 Nov 9 08:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60582 SEQ=1 Nov 9 08:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27940 SEQ=1 Nov 9 08:20:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13990 PROTO=TCP SPT=43448 DPT=2420 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10994 SEQ=1 Nov 9 08:20:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1196 SEQ=1 Nov 9 08:20:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29795 PROTO=TCP SPT=58603 DPT=6666 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:20:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.99 DST=145.239.177.179 LEN=58 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=50993 DPT=253 LEN=38 Nov 9 08:20:15 server83 letsencrypt.live.cgi: time="2025-11-09T08:20:15+05:30" level=info msg="AutoSSL running" Function=processAutoSSLForAccount Retry=false Username=vaishnavidegreec WantedNames="[]" Nov 9 08:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.247.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51653 DPT=9002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.50.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=53181 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12666 DF PROTO=TCP SPT=60333 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:20:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.209 DST=145.239.177.179 LEN=404 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=55124 DPT=6060 LEN=384 Nov 9 08:20:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12667 DF PROTO=TCP SPT=60333 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22050 SEQ=1 Nov 9 08:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55015 SEQ=1 Nov 9 08:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38966 SEQ=1 Nov 9 08:20:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.80 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49363 DPT=9597 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52910 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2250 SEQ=1 Nov 9 08:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22050 SEQ=1 Nov 9 08:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29526 SEQ=1 Nov 9 08:20:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5233 SEQ=1 Nov 9 08:20:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12669 DF PROTO=TCP SPT=60433 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:20:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12670 DF PROTO=TCP SPT=60433 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:20:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55946 PROTO=TCP SPT=43538 DPT=8867 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44598 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:30 server83 letsencrypt.live.cgi: time="2025-11-09T08:20:30+05:30" level=info msg="Finished processing scheduled AutoSSL" Nov 9 08:20:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.180.246.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=35865 PROTO=TCP SPT=21679 DPT=11401 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:20:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12674 DF PROTO=TCP SPT=60333 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:20:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55484 DPT=2084 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=6720 PROTO=TCP SPT=53989 DPT=222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52015 SEQ=1 Nov 9 08:20:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28467 SEQ=1 Nov 9 08:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12675 DF PROTO=TCP SPT=60433 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6088 PROTO=TCP SPT=38561 DPT=5550 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44927 PROTO=TCP SPT=56849 DPT=4540 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:20:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18 SEQ=1 Nov 9 08:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42975 PROTO=TCP SPT=54910 DPT=7069 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49563 DPT=9092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10788 SEQ=1 Nov 9 08:20:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.51.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4085 DF PROTO=TCP SPT=43749 DPT=1363 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34321 SEQ=1 Nov 9 08:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44393 SEQ=1 Nov 9 08:20:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44393 SEQ=1 Nov 9 08:20:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=48928 PROTO=TCP SPT=52883 DPT=7262 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:21:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42180 PROTO=TCP SPT=49872 DPT=7470 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:21:01 server83 systemd: Started Session 308987 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308986 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308988 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308989 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308985 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308991 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308990 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308992 of user root. Nov 9 08:21:01 server83 systemd: Started Session 308993 of user root. Nov 9 08:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16559 SEQ=1 Nov 9 08:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.223 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=63869 DF PROTO=ICMP TYPE=8 CODE=0 ID=21323 SEQ=5721 Nov 9 08:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25850 SEQ=1 Nov 9 08:21:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43658 PROTO=TCP SPT=57143 DPT=8623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:21:06 server83 systemd: Started Session c2853 of user root. Nov 9 08:21:07 server83 scripts.sh: Load Average: 2.43 , 2.82 Nov 9 08:21:07 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:21:07 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:21:07 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:21:07 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:21:07 server83 scripts.sh: MySQL Status: active Nov 9 08:21:07 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:21:07 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:21:07 server83 scripts.sh: SSHD Status: active Nov 9 08:21:07 server83 scripts.sh: FTP Status: active Nov 9 08:21:07 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:21:07 server83 scripts.sh: Imunify Status: Active Nov 9 08:21:07 server83 scripts.sh: cPanel Status: active Nov 9 08:21:07 server83 scripts.sh: Memory Status: 11/31 GB - 37.33% Nov 9 08:21:07 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:21:07 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:21:07 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25850 SEQ=1 Nov 9 08:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8603 SEQ=1 Nov 9 08:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8603 SEQ=1 Nov 9 08:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32858 SEQ=1 Nov 9 08:21:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.221.137.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55515 DPT=8050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31891 SEQ=1 Nov 9 08:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2404 SEQ=1 Nov 9 08:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31233 SEQ=1 Nov 9 08:21:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.127 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57195 DPT=3790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40054 SEQ=1 Nov 9 08:21:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.223.65.31 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50058 DF PROTO=TCP SPT=50322 DPT=4444 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 08:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34626 SEQ=1 Nov 9 08:21:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:21:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16382 PROTO=TCP SPT=45727 DPT=33022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:21:30 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 08:21:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5088 DF PROTO=TCP SPT=63362 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:21:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5089 DF PROTO=TCP SPT=63363 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:21:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=5090 DF PROTO=TCP SPT=63362 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:21:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5091 DF PROTO=TCP SPT=63363 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:21:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19616 SEQ=1 Nov 9 08:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61095 SEQ=1 Nov 9 08:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58444 SEQ=1 Nov 9 08:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3805 SEQ=1 Nov 9 08:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16476 SEQ=1 Nov 9 08:21:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=1257 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:21:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:21:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=20107 PROTO=TCP SPT=51522 DPT=103 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:21:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:21:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.249.246.196 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=0 DF PROTO=TCP SPT=56789 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63475 SEQ=1 Nov 9 08:21:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3576 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63475 SEQ=1 Nov 9 08:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56816 SEQ=1 Nov 9 08:21:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.188.206.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56318 PROTO=TCP SPT=40590 DPT=40000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:21:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.145 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31137 PROTO=TCP SPT=3184 DPT=22527 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:22:01 server83 systemd: Started Session 308994 of user root. Nov 9 08:22:01 server83 systemd: Started Session 308995 of user root. Nov 9 08:22:01 server83 systemd: Started Session 308996 of user root. Nov 9 08:22:01 server83 systemd: Started Session 308997 of user root. Nov 9 08:22:01 server83 systemd: Started Session 308998 of user root. Nov 9 08:22:01 server83 systemd: Started Session 308999 of user root. Nov 9 08:22:01 server83 systemd: Started Session 309000 of user root. Nov 9 08:22:01 server83 systemd: Started Session 309002 of user root. Nov 9 08:22:01 server83 systemd: Started Session 309001 of user root. Nov 9 08:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13763 SEQ=1 Nov 9 08:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61515 SEQ=1 Nov 9 08:22:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20359 PROTO=TCP SPT=48465 DPT=7559 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:22:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57237 SEQ=1 Nov 9 08:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12676 DF PROTO=TCP SPT=62955 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:22:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=40664 DF PROTO=ICMP TYPE=8 CODE=0 ID=65042 SEQ=58188 Nov 9 08:22:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12677 DF PROTO=TCP SPT=62955 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:22:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41155 PROTO=TCP SPT=46370 DPT=1921 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61515 SEQ=1 Nov 9 08:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20675 SEQ=1 Nov 9 08:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.12.59.118 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=36820 PROTO=TCP SPT=35781 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12678 DF PROTO=TCP SPT=62955 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:22:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12679 DF PROTO=TCP SPT=62955 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:22:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4389 SEQ=1 Nov 9 08:22:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14133 SEQ=1 Nov 9 08:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1635 PROTO=TCP SPT=49956 DPT=27000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12680 DF PROTO=TCP SPT=62955 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:22:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30801 PROTO=TCP SPT=50857 DPT=4019 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:22:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12046 SEQ=1 Nov 9 08:22:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3583 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12046 SEQ=1 Nov 9 08:22:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.204.255.106 DST=51.210.113.204 LEN=537 TOS=0x00 PREC=0x00 TTL=50 ID=15705 DF PROTO=UDP SPT=5067 DPT=5060 LEN=517 Nov 9 08:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=949 SEQ=1 Nov 9 08:22:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4024 PROTO=TCP SPT=33896 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:22:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.117.57.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=34809 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:22:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4025 PROTO=TCP SPT=33896 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:22:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:22:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12629 PROTO=TCP SPT=51829 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:22:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12631 PROTO=TCP SPT=51829 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42207 SEQ=1 Nov 9 08:22:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33098 SEQ=1 Nov 9 08:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13121 PROTO=TCP SPT=53227 DPT=4878 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=965 SEQ=1 Nov 9 08:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54775 PROTO=TCP SPT=56033 DPT=7715 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7670 SEQ=1 Nov 9 08:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21974 SEQ=1 Nov 9 08:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48195 SEQ=1 Nov 9 08:22:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.182 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42909 DPT=30960 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:22:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.128.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=0 DF PROTO=TCP SPT=56156 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:22:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:22:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:22:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:22:48 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:22:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3574 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33330 SEQ=1 Nov 9 08:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2257 SEQ=1 Nov 9 08:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13418 SEQ=1 Nov 9 08:22:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=32141 PROTO=TCP SPT=56749 DPT=8322 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46682 PROTO=TCP SPT=43739 DPT=2639 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:23:01 server83 systemd: Started Session 309003 of user root. Nov 9 08:23:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19352 PROTO=TCP SPT=46370 DPT=2693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:23:01 server83 systemd: Started Session 309004 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309005 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309008 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309007 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309006 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309009 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309010 of user root. Nov 9 08:23:01 server83 systemd: Started Session 309011 of user root. Nov 9 08:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=677 SEQ=1 Nov 9 08:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=677 SEQ=1 Nov 9 08:23:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7137 SEQ=1 Nov 9 08:23:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7137 SEQ=1 Nov 9 08:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53059 SEQ=1 Nov 9 08:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22601 SEQ=1 Nov 9 08:23:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19607 SEQ=1 Nov 9 08:23:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22779 PROTO=TCP SPT=46699 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22780 PROTO=TCP SPT=46699 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=28786 PROTO=TCP SPT=64721 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22781 PROTO=TCP SPT=46699 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=28787 PROTO=TCP SPT=64721 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22782 PROTO=TCP SPT=46699 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=28788 PROTO=TCP SPT=64721 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6737 SEQ=1 Nov 9 08:23:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=28790 PROTO=TCP SPT=64721 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24176 SEQ=1 Nov 9 08:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24176 SEQ=1 Nov 9 08:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29326 SEQ=1 Nov 9 08:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29326 SEQ=1 Nov 9 08:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19748 SEQ=1 Nov 9 08:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6737 SEQ=1 Nov 9 08:23:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36182 PROTO=TCP SPT=46370 DPT=2915 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:23:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4334 SEQ=1 Nov 9 08:23:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51544 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27171 SEQ=1 Nov 9 08:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25371 SEQ=1 Nov 9 08:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6179 SEQ=1 Nov 9 08:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4334 SEQ=1 Nov 9 08:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25371 SEQ=1 Nov 9 08:23:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=32739 PROTO=TCP SPT=56114 DPT=7809 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:23:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53877 DPT=47981 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:23:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5092 DF PROTO=TCP SPT=52933 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:23:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5093 DF PROTO=TCP SPT=52938 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:23:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5094 DF PROTO=TCP SPT=52933 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:23:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5095 DF PROTO=TCP SPT=52938 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:23:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.158 DST=51.210.113.204 LEN=75 TOS=0x00 PREC=0x00 TTL=108 ID=10247 DF PROTO=ICMP TYPE=8 CODE=0 ID=51457 SEQ=19345 Nov 9 08:23:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=5096 DF PROTO=TCP SPT=52933 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:23:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5268 SEQ=1 Nov 9 08:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14500 SEQ=1 Nov 9 08:23:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:23:56 server83 pam_imunify_daemon.bin: time="2025-11-09T08:23:56+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 08:23:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.115 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=42517 PROTO=TCP SPT=59656 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31006 PROTO=TCP SPT=41154 DPT=7885 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:24:01 server83 systemd: Started Session 309012 of user root. Nov 9 08:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:24:01 server83 systemd: Started Session 309013 of user root. Nov 9 08:24:01 server83 systemd: Started Session 309014 of user root. Nov 9 08:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:24:01 server83 systemd: Started Session 309016 of user root. Nov 9 08:24:01 server83 systemd: Started Session 309015 of user root. Nov 9 08:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:24:01 server83 systemd: Started Session 309017 of user root. Nov 9 08:24:01 server83 systemd: Started Session 309018 of user root. Nov 9 08:24:01 server83 systemd: Started Session 309019 of user root. Nov 9 08:24:01 server83 systemd: Started Session 309020 of user root. Nov 9 08:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13879 SEQ=1 Nov 9 08:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6944 SEQ=1 Nov 9 08:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41922 SEQ=1 Nov 9 08:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41922 SEQ=1 Nov 9 08:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3901 SEQ=1 Nov 9 08:24:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16847 PROTO=TCP SPT=56850 DPT=43284 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29000 SEQ=1 Nov 9 08:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56626 SEQ=1 Nov 9 08:24:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.125 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=36109 DPT=11453 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:14 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 08:24:14 server83 systemd: Stopped Status Update Service. Nov 9 08:24:14 server83 systemd: Started Status Update Service. Nov 9 08:24:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.10 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49983 DPT=4909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39034 SEQ=1 Nov 9 08:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55897 SEQ=1 Nov 9 08:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18200 SEQ=1 Nov 9 08:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54765 SEQ=1 Nov 9 08:24:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19441 PROTO=TCP SPT=45727 DPT=32033 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:24:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=26446 PROTO=TCP SPT=56850 DPT=38337 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:24:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16663 SEQ=1 Nov 9 08:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=54024 DF PROTO=ICMP TYPE=8 CODE=0 ID=19619 SEQ=56648 Nov 9 08:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48609 SEQ=1 Nov 9 08:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57974 SEQ=1 Nov 9 08:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57384 SEQ=1 Nov 9 08:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50805 SEQ=1 Nov 9 08:24:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.32 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=4516 PROTO=TCP SPT=54680 DPT=2967 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.218.206.118 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=45057 DPT=11453 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53694 SEQ=1 Nov 9 08:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=613 SEQ=1 Nov 9 08:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30526 SEQ=1 Nov 9 08:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=521 SEQ=1 Nov 9 08:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7105 PROTO=TCP SPT=46370 DPT=2531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:24:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:24:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.78.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39187 DPT=2967 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.136 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=4264 PROTO=TCP SPT=25138 DPT=12199 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:24:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56970 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:24:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.12 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=21201 PROTO=TCP SPT=26200 DPT=1180 WINDOW=11054 RES=0x00 SYN URGP=0 Nov 9 08:24:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3582 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4393] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4398] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4399] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4403] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4413] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4414] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:24:59 server83 NetworkManager[922]: <info> [1762656899.4426] dhcp4 (eth1): dhclient started with pid 3681 Nov 9 08:24:59 server83 dhclient[3681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x422d2d0a) Nov 9 08:25:01 server83 systemd: Started Session 309021 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309022 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309023 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309024 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309025 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309026 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309027 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309028 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309029 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309031 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309030 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309032 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309033 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309034 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309035 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309036 of user root. Nov 9 08:25:01 server83 systemd: Started Session 309037 of user root. Nov 9 08:25:02 server83 dhclient[3681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x422d2d0a) Nov 9 08:25:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10204 SEQ=1 Nov 9 08:25:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63665 SEQ=1 Nov 9 08:25:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42546 SEQ=1 Nov 9 08:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25538 SEQ=1 Nov 9 08:25:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58127 SEQ=1 Nov 9 08:25:09 server83 dhclient[3681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x422d2d0a) Nov 9 08:25:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21528 SEQ=1 Nov 9 08:25:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=6348 PROTO=TCP SPT=48961 DPT=8883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47832 PROTO=TCP SPT=45816 DPT=5149 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14681 PROTO=TCP SPT=54739 DPT=2665 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:25:18 server83 dhclient[3681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x422d2d0a) Nov 9 08:25:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.168.34 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3038 DF PROTO=TCP SPT=45658 DPT=2960 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:25:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22225 PROTO=TCP SPT=59050 DPT=5884 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18481 SEQ=1 Nov 9 08:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27798 SEQ=1 Nov 9 08:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39037 SEQ=1 Nov 9 08:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21669 SEQ=1 Nov 9 08:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55676 SEQ=1 Nov 9 08:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17688 SEQ=1 Nov 9 08:25:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43638 PROTO=TCP SPT=54413 DPT=4759 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10018 PROTO=TCP SPT=43260 DPT=5980 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:28 server83 dhclient[3681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x422d2d0a) Nov 9 08:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31136 SEQ=1 Nov 9 08:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14097 SEQ=1 Nov 9 08:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65384 SEQ=1 Nov 9 08:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29181 SEQ=1 Nov 9 08:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17739 SEQ=1 Nov 9 08:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17739 SEQ=1 Nov 9 08:25:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=35749 PROTO=TCP SPT=56956 DPT=8413 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:25:41 server83 dhclient[3681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x422d2d0a) Nov 9 08:25:44 server83 NetworkManager[922]: <warn> [1762656944.4418] dhcp4 (eth1): request timed out Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4419] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4578] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3681 Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4578] dhcp4 (eth1): state changed timeout -> done Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4580] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:25:44 server83 NetworkManager[922]: <warn> [1762656944.4586] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4588] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4620] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4624] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4625] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4629] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4639] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4641] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:25:44 server83 NetworkManager[922]: <info> [1762656944.4654] dhcp4 (eth1): dhclient started with pid 4890 Nov 9 08:25:44 server83 dhclient[4890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x64214079) Nov 9 08:25:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39551 SEQ=1 Nov 9 08:25:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11557 SEQ=1 Nov 9 08:25:47 server83 dhclient[4890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x64214079) Nov 9 08:25:50 server83 dhclient[4890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x64214079) Nov 9 08:25:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.99.69.185 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49488 PROTO=TCP SPT=34064 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.99.69.185 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49488 PROTO=TCP SPT=34064 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:25:57 server83 dhclient[4890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x64214079) Nov 9 08:25:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.227 DST=51.210.113.204 LEN=125 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=56909 DPT=1900 LEN=105 Nov 9 08:26:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16784 SEQ=1 Nov 9 08:26:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34618 SEQ=1 Nov 9 08:26:01 server83 systemd: Started Session 309038 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309040 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309039 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309042 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309041 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309044 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309045 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309046 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309043 of user root. Nov 9 08:26:01 server83 systemd: Started Session 309047 of user root. Nov 9 08:26:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47024 SEQ=1 Nov 9 08:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1173 SEQ=1 Nov 9 08:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47966 SEQ=1 Nov 9 08:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47024 SEQ=1 Nov 9 08:26:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:26:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=82.3.232.27 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=47 ID=47447 PROTO=UDP SPT=29163 DPT=21741 LEN=520 Nov 9 08:26:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.84.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44159 DPT=5822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:26:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=27482 PROTO=TCP SPT=56850 DPT=36489 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:26:14 server83 dhclient[4890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x64214079) Nov 9 08:26:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.210.89 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35658 DPT=5822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26803 SEQ=1 Nov 9 08:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38861 SEQ=1 Nov 9 08:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18526 SEQ=1 Nov 9 08:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24468 SEQ=1 Nov 9 08:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58784 SEQ=1 Nov 9 08:26:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=429 PROTO=TCP SPT=60561 DPT=9427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:26:21 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 08:26:29 server83 NetworkManager[922]: <warn> [1762656989.4448] dhcp4 (eth1): request timed out Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4448] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4608] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4890 Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4608] dhcp4 (eth1): state changed timeout -> done Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4610] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:26:29 server83 NetworkManager[922]: <warn> [1762656989.4615] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4617] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4649] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4654] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4655] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4659] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4669] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4672] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:26:29 server83 NetworkManager[922]: <info> [1762656989.4683] dhcp4 (eth1): dhclient started with pid 6054 Nov 9 08:26:29 server83 dhclient[6054]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x254a4b71) Nov 9 08:26:32 server83 dhclient[6054]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x254a4b71) Nov 9 08:26:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.129 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=8458 PROTO=TCP SPT=35727 DPT=1433 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:26:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31512 PROTO=TCP SPT=49956 DPT=27730 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:26:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=98.189.28.178 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=37 ID=56294 PROTO=UDP SPT=63651 DPT=27015 LEN=32 Nov 9 08:26:36 server83 dhclient[6054]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x254a4b71) Nov 9 08:26:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.233 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53048 DPT=9846 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:26:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59184 PROTO=TCP SPT=43448 DPT=2763 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9596 SEQ=1 Nov 9 08:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38102 SEQ=1 Nov 9 08:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47290 SEQ=1 Nov 9 08:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5150 SEQ=1 Nov 9 08:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6857 DF PROTO=TCP SPT=15165 DPT=9585 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:26:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.194.70.250 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=4718 DF PROTO=TCP SPT=38177 DPT=3796 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:26:43 server83 dhclient[6054]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x254a4b71) Nov 9 08:26:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17968 PROTO=TCP SPT=46370 DPT=1484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:26:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:26:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:26:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3573 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:26:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=34460 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:26:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2956 SEQ=1 Nov 9 08:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29226 SEQ=1 Nov 9 08:26:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=64130 PROTO=TCP SPT=55665 DPT=42397 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:26:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3581 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:26:54 server83 dhclient[6054]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x254a4b71) Nov 9 08:26:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:27:01 server83 systemd: Started Session 309048 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309049 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309052 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309053 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309054 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309050 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309055 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309051 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309056 of user root. Nov 9 08:27:01 server83 systemd: Started Session 309057 of user root. Nov 9 08:27:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56407 PROTO=TCP SPT=55665 DPT=16616 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56874 SEQ=1 Nov 9 08:27:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63132 SEQ=1 Nov 9 08:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61190 SEQ=1 Nov 9 08:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56874 SEQ=1 Nov 9 08:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37846 SEQ=1 Nov 9 08:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1541 SEQ=1 Nov 9 08:27:12 server83 dhclient[6054]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x254a4b71) Nov 9 08:27:14 server83 NetworkManager[922]: <warn> [1762657034.4436] dhcp4 (eth1): request timed out Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4437] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4596] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6054 Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4597] dhcp4 (eth1): state changed timeout -> done Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4599] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:27:14 server83 NetworkManager[922]: <warn> [1762657034.4604] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4606] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4639] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4644] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4645] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4648] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4658] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4661] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:27:14 server83 NetworkManager[922]: <info> [1762657034.4671] dhcp4 (eth1): dhclient started with pid 7395 Nov 9 08:27:14 server83 dhclient[7395]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x21b3a01b) Nov 9 08:27:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.21 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=53855 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:27:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.15 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=44308 PROTO=TCP SPT=44431 DPT=3454 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:27:18 server83 imunify-auditd-log-reader[9638]: lost 38 message sequences Nov 9 08:27:18 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:27:18 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:27:18 server83 imunify-auditd-log-reader[9638]: lost 26 message sequences Nov 9 08:27:18 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 08:27:19 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 08:27:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=30995 PROTO=TCP SPT=56256 DPT=8006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:27:21 server83 dhclient[7395]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x21b3a01b) Nov 9 08:27:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32204 SEQ=1 Nov 9 08:27:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53926 SEQ=1 Nov 9 08:27:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3230 SEQ=1 Nov 9 08:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3230 SEQ=1 Nov 9 08:27:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=62116 DF PROTO=ICMP TYPE=8 CODE=0 ID=3362 SEQ=33643 Nov 9 08:27:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=45595 PROTO=TCP SPT=54394 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:29 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:27:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=45596 PROTO=TCP SPT=54394 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:29 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:27:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37703 PROTO=TCP SPT=60933 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=45597 PROTO=TCP SPT=54394 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37704 PROTO=TCP SPT=60933 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=45598 PROTO=TCP SPT=54394 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37705 PROTO=TCP SPT=60933 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7809 SEQ=1 Nov 9 08:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53089 SEQ=1 Nov 9 08:27:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37707 PROTO=TCP SPT=60933 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:27:37 server83 dhclient[7395]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x21b3a01b) Nov 9 08:27:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.201 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=36715 DF PROTO=TCP SPT=54999 DPT=3790 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49377 SEQ=1 Nov 9 08:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49377 SEQ=1 Nov 9 08:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3605 SEQ=1 Nov 9 08:27:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:27:47 server83 dhclient[7395]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x21b3a01b) Nov 9 08:27:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23913 SEQ=1 Nov 9 08:27:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41573 SEQ=1 Nov 9 08:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51259 SEQ=1 Nov 9 08:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24126 SEQ=1 Nov 9 08:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23913 SEQ=1 Nov 9 08:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41573 SEQ=1 Nov 9 08:27:51 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:27:51 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:27:51 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:27:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.237.156.209 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38370 DPT=7513 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:27:56 server83 dhclient[7395]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x21b3a01b) Nov 9 08:27:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3580 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:27:59 server83 NetworkManager[922]: <warn> [1762657079.4442] dhcp4 (eth1): request timed out Nov 9 08:27:59 server83 NetworkManager[922]: <info> [1762657079.4442] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:27:59 server83 NetworkManager[922]: <info> [1762657079.4520] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7395 Nov 9 08:27:59 server83 NetworkManager[922]: <info> [1762657079.4521] dhcp4 (eth1): state changed timeout -> done Nov 9 08:27:59 server83 NetworkManager[922]: <info> [1762657079.4522] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:27:59 server83 NetworkManager[922]: <warn> [1762657079.4525] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:27:59 server83 NetworkManager[922]: <info> [1762657079.4526] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:27:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.106.10 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=39167 DPT=8091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64320 PROTO=TCP SPT=55653 DPT=5086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11704 PROTO=TCP SPT=35195 DPT=5802 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:01 server83 systemd: Started Session 309058 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309059 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309061 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309062 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309060 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309063 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309064 of user root. Nov 9 08:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 08:28:01 server83 systemd: Started Session 309065 of user metalarts. Nov 9 08:28:01 server83 systemd: Started Session 309066 of user root. Nov 9 08:28:01 server83 systemd: Started Session 309067 of user root. Nov 9 08:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:28:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 08:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38755 SEQ=1 Nov 9 08:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38650 SEQ=1 Nov 9 08:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25324 SEQ=1 Nov 9 08:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40009 SEQ=1 Nov 9 08:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40009 SEQ=1 Nov 9 08:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29759 SEQ=1 Nov 9 08:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25728 SEQ=1 Nov 9 08:28:12 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.203.255.20 DST=51.210.113.204 LEN=43 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=UDP SPT=51397 DPT=11211 LEN=23 Nov 9 08:28:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.97 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40305 DPT=7513 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=47247 PROTO=TCP SPT=47279 DPT=37886 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:28:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30569 SEQ=1 Nov 9 08:28:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29061 SEQ=1 Nov 9 08:28:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42143 SEQ=1 Nov 9 08:28:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57293 PROTO=TCP SPT=50506 DPT=5290 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.204 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57304 DPT=161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64669 PROTO=TCP SPT=43457 DPT=2464 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 08:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 08:28:21 server83 pam_imunify_daemon.bin: time="2025-11-09T08:28:21+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 08:28:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.138 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=64618 PROTO=TCP SPT=37415 DPT=9939 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14083 SEQ=1 Nov 9 08:28:29 server83 scripts.sh: Sun Nov 9 08:28:29 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 08:28:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:28:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.191 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48548 DPT=161 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.24 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=11773 PROTO=TCP SPT=46355 DPT=18180 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:28:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3579 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27118 SEQ=1 Nov 9 08:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32750 SEQ=1 Nov 9 08:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24027 SEQ=1 Nov 9 08:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.138.87.137 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=25720 DF PROTO=ICMP TYPE=8 CODE=0 ID=3337 SEQ=57291 Nov 9 08:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6317 SEQ=1 Nov 9 08:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46783 SEQ=1 Nov 9 08:28:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61337 PROTO=TCP SPT=43448 DPT=2640 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.146 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21426 PROTO=TCP SPT=40755 DPT=2323 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.239 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=16911 PROTO=TCP SPT=16432 DPT=12674 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53305 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.81 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=33425 DPT=20001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41812 PROTO=TCP SPT=35008 DPT=6626 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46673 SEQ=1 Nov 9 08:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13086 SEQ=1 Nov 9 08:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20930 SEQ=1 Nov 9 08:28:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:28:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3578 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:01 server83 systemd: Started Session 309068 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309069 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309070 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309071 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309073 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309072 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309075 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309074 of user root. Nov 9 08:29:01 server83 systemd: Started Session 309076 of user root. Nov 9 08:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31988 SEQ=1 Nov 9 08:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28776 SEQ=1 Nov 9 08:29:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=54811 PROTO=TCP SPT=35447 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12681 DF PROTO=TCP SPT=55326 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19266 SEQ=1 Nov 9 08:29:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12682 DF PROTO=TCP SPT=55326 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28776 SEQ=1 Nov 9 08:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53093 SEQ=1 Nov 9 08:29:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12683 DF PROTO=TCP SPT=55326 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12684 DF PROTO=TCP SPT=55326 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.208 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56448 DPT=11112 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:29:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12685 DF PROTO=TCP SPT=55326 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4039 PROTO=TCP SPT=54739 DPT=2658 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21298 PROTO=TCP SPT=46370 DPT=2612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54911 SEQ=1 Nov 9 08:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33131 SEQ=1 Nov 9 08:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54244 SEQ=1 Nov 9 08:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19824 SEQ=1 Nov 9 08:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=420 SEQ=1 Nov 9 08:29:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63897 SEQ=1 Nov 9 08:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17274 SEQ=1 Nov 9 08:29:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59903 PROTO=TCP SPT=46370 DPT=3198 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.24 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=60947 PROTO=TCP SPT=36969 DPT=1086 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:29:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.154 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=42362 PROTO=TCP SPT=42671 DPT=22187 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:29:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3572 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53273 DPT=22350 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38171 SEQ=1 Nov 9 08:29:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=2546 DF PROTO=ICMP TYPE=8 CODE=0 ID=25277 SEQ=39598 Nov 9 08:29:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38171 SEQ=1 Nov 9 08:29:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=27496 PROTO=TCP SPT=57182 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57292 SEQ=1 Nov 9 08:29:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.57 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50636 DPT=9872 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57292 SEQ=1 Nov 9 08:29:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16613 PROTO=TCP SPT=53687 DPT=11611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24073 SEQ=1 Nov 9 08:29:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=53522 DPT=8800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=22183 PROTO=TCP SPT=56033 DPT=7705 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:29:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:29:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.31.119.10 DST=145.239.177.179 LEN=118 TOS=0x00 PREC=0x00 TTL=45 ID=49121 DF PROTO=UDP SPT=8082 DPT=11211 LEN=98 Nov 9 08:29:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.167 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=35803 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:29:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.150.202.232 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=35548 DPT=1389 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:29:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60289 SEQ=1 Nov 9 08:29:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48811 SEQ=1 Nov 9 08:29:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2068 SEQ=1 Nov 9 08:29:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12686 DF PROTO=TCP SPT=56498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12687 DF PROTO=TCP SPT=56498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12688 DF PROTO=TCP SPT=56498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12689 DF PROTO=TCP SPT=56498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:29:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=5447 PROTO=TCP SPT=52293 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:01 server83 systemd: Started Session 309077 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309079 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309078 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309080 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309081 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309083 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309082 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309084 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309085 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309086 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309087 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309089 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309090 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309088 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309091 of user root. Nov 9 08:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 08:30:01 server83 systemd: Started Session 309092 of user sanatanhinduvahi. Nov 9 08:30:01 server83 systemd: Started Session 309093 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309094 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309095 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309097 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309098 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309099 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309100 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309101 of user root. Nov 9 08:30:01 server83 systemd: Started Session 309096 of user root. Nov 9 08:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14376 SEQ=1 Nov 9 08:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 08:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19759 SEQ=1 Nov 9 08:30:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11032 SEQ=1 Nov 9 08:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52457 SEQ=1 Nov 9 08:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37426 SEQ=1 Nov 9 08:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=595 SEQ=1 Nov 9 08:30:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12690 DF PROTO=TCP SPT=56845 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12691 DF PROTO=TCP SPT=56498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52457 SEQ=1 Nov 9 08:30:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12692 DF PROTO=TCP SPT=56845 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37426 SEQ=1 Nov 9 08:30:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12693 DF PROTO=TCP SPT=56845 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28866 SEQ=1 Nov 9 08:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=595 SEQ=1 Nov 9 08:30:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=40089 PROTO=TCP SPT=26564 DPT=30319 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:30:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12694 DF PROTO=TCP SPT=56845 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.83 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=21236 PROTO=TCP SPT=56375 DPT=34419 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:30:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:14 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:14 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:14 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:14 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 19 message sequences Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 18 message sequences Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 35 message sequences Nov 9 08:30:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 08:30:15 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:30:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=107.155.75.237 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=39984 SEQ=41163 Nov 9 08:30:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57209 SEQ=1 Nov 9 08:30:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.155.75.243 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=30282 SEQ=41494 Nov 9 08:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=107.155.75.250 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=9884 SEQ=41864 Nov 9 08:30:17 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:17 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48790 SEQ=1 Nov 9 08:30:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12695 DF PROTO=TCP SPT=56845 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62916 SEQ=1 Nov 9 08:30:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8943 SEQ=1 Nov 9 08:30:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12696 DF PROTO=TCP SPT=57284 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.106.206.76 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=5323 PROTO=TCP SPT=56971 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12697 DF PROTO=TCP SPT=57284 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12698 DF PROTO=TCP SPT=57284 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.207.253.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32770 DPT=6697 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12699 DF PROTO=TCP SPT=57284 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.134 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54575 DPT=6697 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29947 PROTO=TCP SPT=52092 DPT=5680 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:30:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62063 SEQ=1 Nov 9 08:30:37 server83 systemd: Started Session c2854 of user root. Nov 9 08:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12700 DF PROTO=TCP SPT=57284 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:30:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55612 SEQ=1 Nov 9 08:30:37 server83 scripts.sh: Load Average: 4.88 , 3.18 Nov 9 08:30:37 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:30:37 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:30:37 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:30:37 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:30:37 server83 scripts.sh: MySQL Status: active Nov 9 08:30:37 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:30:37 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:30:37 server83 scripts.sh: SSHD Status: active Nov 9 08:30:37 server83 scripts.sh: FTP Status: active Nov 9 08:30:37 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:30:37 server83 scripts.sh: Imunify Status: Active Nov 9 08:30:37 server83 scripts.sh: cPanel Status: active Nov 9 08:30:37 server83 scripts.sh: Memory Status: 12/31 GB - 40.23% Nov 9 08:30:37 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:30:37 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:30:37 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54210 SEQ=1 Nov 9 08:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35662 SEQ=1 Nov 9 08:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35662 SEQ=1 Nov 9 08:30:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.117.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17044 PROTO=TCP SPT=48609 DPT=8089 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2800 SEQ=1 Nov 9 08:30:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38153 PROTO=TCP SPT=41454 DPT=9846 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:30:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.159 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56221 DPT=4506 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:49 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:49 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:30:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56111 DPT=49142 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:30:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17142 SEQ=1 Nov 9 08:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17142 SEQ=1 Nov 9 08:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54813 SEQ=1 Nov 9 08:30:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=54387 DPT=17516 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:31:01 server83 systemd: Started Session 309102 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309103 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309104 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309105 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309106 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309107 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309108 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309109 of user root. Nov 9 08:31:01 server83 systemd: Started Session 309110 of user root. Nov 9 08:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61905 SEQ=1 Nov 9 08:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43954 SEQ=1 Nov 9 08:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14657 SEQ=1 Nov 9 08:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8290 SEQ=1 Nov 9 08:31:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38687 SEQ=1 Nov 9 08:31:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.135.215 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=6007 DF PROTO=TCP SPT=43366 DPT=23401 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:31:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16799 PROTO=TCP SPT=54340 DPT=7318 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:31:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50498 DPT=22460 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3571 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:31:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54952 PROTO=TCP SPT=49956 DPT=25032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:31:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.222 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52179 DPT=46813 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27392 SEQ=1 Nov 9 08:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40929 SEQ=1 Nov 9 08:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27040 SEQ=1 Nov 9 08:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48527 SEQ=1 Nov 9 08:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5525 SEQ=1 Nov 9 08:31:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23734 PROTO=TCP SPT=55665 DPT=38268 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:31:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.15.34.47 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=1 DF PROTO=TCP SPT=61000 DPT=25567 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 08:31:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29488 SEQ=1 Nov 9 08:31:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55990 SEQ=1 Nov 9 08:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59568 SEQ=1 Nov 9 08:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50019 SEQ=1 Nov 9 08:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52485 SEQ=1 Nov 9 08:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40252 SEQ=1 Nov 9 08:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50152 SEQ=1 Nov 9 08:31:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10745 PROTO=TCP SPT=46370 DPT=1751 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:31:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=47051 PROTO=TCP SPT=56749 DPT=8317 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:31:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51984 PROTO=TCP SPT=38726 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51985 PROTO=TCP SPT=38726 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21133 PROTO=TCP SPT=45871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51986 PROTO=TCP SPT=38726 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21134 PROTO=TCP SPT=45871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51987 PROTO=TCP SPT=38726 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40029 SEQ=1 Nov 9 08:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30011 SEQ=1 Nov 9 08:31:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21136 PROTO=TCP SPT=45871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21137 PROTO=TCP SPT=45871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:31:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57292 PROTO=TCP SPT=40130 DPT=9618 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:31:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.59.93.131 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=233 ID=8239 PROTO=TCP SPT=61008 DPT=8883 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:32:01 server83 systemd: Started Session 309113 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309111 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309114 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309112 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309115 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309116 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309118 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309117 of user root. Nov 9 08:32:01 server83 systemd: Started Session 309119 of user root. Nov 9 08:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16427 SEQ=1 Nov 9 08:32:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=7699 PROTO=TCP SPT=47238 DPT=32951 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:32:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43493 SEQ=1 Nov 9 08:32:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60018 DPT=24000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20650 SEQ=1 Nov 9 08:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13426 SEQ=1 Nov 9 08:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64247 SEQ=1 Nov 9 08:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16427 SEQ=1 Nov 9 08:32:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.12.59.118 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=59138 PROTO=TCP SPT=45190 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56673 PROTO=TCP SPT=38029 DPT=4384 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:32:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55787 SEQ=1 Nov 9 08:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9263 SEQ=1 Nov 9 08:32:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19412 SEQ=1 Nov 9 08:32:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52847 SEQ=1 Nov 9 08:32:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.150 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=48 ID=36237 PROTO=UDP SPT=44704 DPT=27960 LEN=22 Nov 9 08:32:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3570 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54132 SEQ=1 Nov 9 08:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27224 SEQ=1 Nov 9 08:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20085 SEQ=1 Nov 9 08:32:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.133 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=31 ID=50293 PROTO=UDP SPT=15692 DPT=2363 LEN=22 Nov 9 08:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54132 SEQ=1 Nov 9 08:32:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47987 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:32:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.4 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=56639 PROTO=TCP SPT=26200 DPT=6605 WINDOW=16052 RES=0x00 SYN URGP=0 Nov 9 08:32:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35742 SEQ=1 Nov 9 08:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11974 SEQ=1 Nov 9 08:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20952 SEQ=1 Nov 9 08:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=11158 PROTO=TCP SPT=56834 DPT=43284 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31066 SEQ=1 Nov 9 08:32:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=8796 PROTO=TCP SPT=47254 DPT=48919 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:32:48 server83 aibolit_wrapper[2050]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626573688627208.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626573688629200.txt --log=/tmp/malware_cleaner_log_17626573688631068.txt --progress=/tmp/malware_cleaner_progress_17626573688630528.json --csv_result=/tmp/revisium_csvfile_17626573688630778.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:32:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56139 SEQ=1 Nov 9 08:32:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9178 SEQ=1 Nov 9 08:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55959 SEQ=1 Nov 9 08:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55959 SEQ=1 Nov 9 08:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48755 SEQ=1 Nov 9 08:32:53 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:32:53 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:32:53 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:32:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:32:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3569 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:32:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=5680 PROTO=TCP SPT=55681 DPT=5060 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4574] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4578] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4579] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4583] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4593] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4596] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:32:59 server83 NetworkManager[922]: <info> [1762657379.4611] dhcp4 (eth1): dhclient started with pid 3527 Nov 9 08:32:59 server83 dhclient[3527]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x248984f1) Nov 9 08:33:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:33:01 server83 systemd: Started Session 309120 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309121 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309123 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309122 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309124 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309125 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309126 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309127 of user root. Nov 9 08:33:01 server83 systemd: Started Session 309128 of user root. Nov 9 08:33:02 server83 dhclient[3527]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x248984f1) Nov 9 08:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33458 SEQ=1 Nov 9 08:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65097 SEQ=1 Nov 9 08:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22888 SEQ=1 Nov 9 08:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62117 SEQ=1 Nov 9 08:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38073 SEQ=1 Nov 9 08:33:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3576 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63950 SEQ=1 Nov 9 08:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5828 SEQ=1 Nov 9 08:33:08 server83 dhclient[3527]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x248984f1) Nov 9 08:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.40.250.30 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=35653 PROTO=TCP SPT=48627 DPT=2323 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43567 DPT=16379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:33:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10023 PROTO=TCP SPT=46370 DPT=1385 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:15 server83 aibolit_wrapper[5648]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626573951464868.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626573951466034.txt --log=/tmp/malware_cleaner_log_17626573951466926.txt --progress=/tmp/malware_cleaner_progress_17626573951466730.json --csv_result=/tmp/revisium_csvfile_17626573951466814.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:33:15 server83 dhclient[3527]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x248984f1) Nov 9 08:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51966 SEQ=1 Nov 9 08:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2420 SEQ=1 Nov 9 08:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43158 SEQ=1 Nov 9 08:33:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.218 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52612 DPT=14896 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22996 SEQ=1 Nov 9 08:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55707 SEQ=1 Nov 9 08:33:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3568 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:21 server83 aibolit_wrapper[6552]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626574015839770.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626574015841674.txt --progress=/tmp/malware_cleaner_progress_17626574015841442.json --csv_result=/tmp/revisium_csvfile_17626574015841534.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:33:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.122 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54837 DPT=20222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:33:23 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 08:33:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42815 SEQ=1 Nov 9 08:33:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38461 PROTO=TCP SPT=53687 DPT=12026 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:27 server83 dhclient[3527]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x248984f1) Nov 9 08:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58339 SEQ=1 Nov 9 08:33:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58339 SEQ=1 Nov 9 08:33:36 server83 dhclient[3527]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x248984f1) Nov 9 08:33:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3575 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23324 SEQ=1 Nov 9 08:33:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46982 SEQ=1 Nov 9 08:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53741 SEQ=1 Nov 9 08:33:39 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:33:44 server83 NetworkManager[922]: <warn> [1762657424.4450] dhcp4 (eth1): request timed out Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4451] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4611] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3527 Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4611] dhcp4 (eth1): state changed timeout -> done Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4613] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:33:44 server83 NetworkManager[922]: <warn> [1762657424.4618] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4620] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4654] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4658] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4659] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4663] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4673] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4676] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:33:44 server83 NetworkManager[922]: <info> [1762657424.4687] dhcp4 (eth1): dhclient started with pid 9347 Nov 9 08:33:44 server83 dhclient[9347]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7554de8b) Nov 9 08:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29730 PROTO=TCP SPT=54739 DPT=2563 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:45 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 08:33:45 server83 systemd: Stopped Status Update Service. Nov 9 08:33:45 server83 systemd: Started Status Update Service. Nov 9 08:33:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.content: ProactiveModel.Host should not be empty Nov 9 08:33:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7064 PROTO=TCP SPT=49956 DPT=25307 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:33:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.2 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=9567 PROTO=TCP SPT=42934 DPT=27020 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41496 SEQ=1 Nov 9 08:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=450 SEQ=1 Nov 9 08:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41496 SEQ=1 Nov 9 08:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19395 SEQ=1 Nov 9 08:33:52 server83 dhclient[9347]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x7554de8b) Nov 9 08:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=138.201.158.24 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=32363 DF PROTO=ICMP TYPE=8 CODE=0 ID=8299 SEQ=59559 Nov 9 08:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=450 SEQ=1 Nov 9 08:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10745 SEQ=1 Nov 9 08:34:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3574 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:34:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=9518 PROTO=TCP SPT=56753 DPT=8108 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:34:01 server83 systemd: Started Session 309129 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309130 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309131 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309132 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309134 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309133 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309135 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309136 of user root. Nov 9 08:34:01 server83 systemd: Started Session 309137 of user root. Nov 9 08:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53736 SEQ=1 Nov 9 08:34:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40787 PROTO=TCP SPT=50212 DPT=8105 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.124.173.16 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=35577 PROTO=TCP SPT=36719 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25609 SEQ=1 Nov 9 08:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17746 SEQ=1 Nov 9 08:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51590 SEQ=1 Nov 9 08:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25609 SEQ=1 Nov 9 08:34:13 server83 dhclient[9347]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x7554de8b) Nov 9 08:34:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51829 SEQ=1 Nov 9 08:34:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58402 SEQ=1 Nov 9 08:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38578 SEQ=1 Nov 9 08:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38578 SEQ=1 Nov 9 08:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18037 SEQ=1 Nov 9 08:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60715 SEQ=1 Nov 9 08:34:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40115 PROTO=TCP SPT=52715 DPT=4755 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=61.143.45.59 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=10773 DF PROTO=TCP SPT=53006 DPT=1433 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:34:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:34:23 server83 dhclient[9347]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7554de8b) Nov 9 08:34:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.75.228.162 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=15716 DF PROTO=ICMP TYPE=8 CODE=0 ID=29012 SEQ=31148 Nov 9 08:34:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.115.246 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1257 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:34:29 server83 NetworkManager[922]: <warn> [1762657469.4379] dhcp4 (eth1): request timed out Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4379] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4458] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 9347 Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4458] dhcp4 (eth1): state changed timeout -> done Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4459] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:34:29 server83 NetworkManager[922]: <warn> [1762657469.4464] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4465] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4496] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4500] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4500] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4503] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4513] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4515] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:34:29 server83 NetworkManager[922]: <info> [1762657469.4526] dhcp4 (eth1): dhclient started with pid 14668 Nov 9 08:34:29 server83 dhclient[14668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x1419c8c3) Nov 9 08:34:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=221.145.31.23 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=19119 PROTO=TCP SPT=57149 DPT=4200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:34:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.171.30.213 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=35130 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60047 SEQ=1 Nov 9 08:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15873 SEQ=1 Nov 9 08:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62827 SEQ=1 Nov 9 08:34:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=48848 PROTO=TCP SPT=46750 DPT=9473 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12701 DF PROTO=TCP SPT=61909 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:34:35 server83 dhclient[14668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x1419c8c3) Nov 9 08:34:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.72 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=41107 DPT=2320 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12702 DF PROTO=TCP SPT=61909 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34379 SEQ=1 Nov 9 08:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65472 SEQ=1 Nov 9 08:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38739 SEQ=1 Nov 9 08:34:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12703 DF PROTO=TCP SPT=61909 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60047 SEQ=1 Nov 9 08:34:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24337 PROTO=TCP SPT=46370 DPT=3176 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:34:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12704 DF PROTO=TCP SPT=61909 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45760 PROTO=TCP SPT=60380 DPT=8017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63014 SEQ=1 Nov 9 08:34:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12705 DF PROTO=TCP SPT=61909 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30930 SEQ=1 Nov 9 08:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30930 SEQ=1 Nov 9 08:34:51 server83 dhclient[14668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1419c8c3) Nov 9 08:34:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12218 SEQ=1 Nov 9 08:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38571 SEQ=1 Nov 9 08:34:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.239 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52504 DPT=6365 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:34:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:34:59 server83 dhclient[14668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x1419c8c3) Nov 9 08:35:01 server83 systemd: Started Session 309139 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309138 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309141 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309143 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309145 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309140 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309146 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309142 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309144 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309147 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309148 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309149 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309150 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309151 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309154 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309152 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309153 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309155 of user root. Nov 9 08:35:01 server83 systemd: Started Session 309156 of user root. Nov 9 08:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42180 SEQ=1 Nov 9 08:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30660 SEQ=1 Nov 9 08:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14367 SEQ=1 Nov 9 08:35:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41258 PROTO=TCP SPT=58511 DPT=7608 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:35:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.249 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=61301 DF PROTO=TCP SPT=26812 DPT=9615 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42180 SEQ=1 Nov 9 08:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42053 SEQ=1 Nov 9 08:35:14 server83 dhclient[14668]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1419c8c3) Nov 9 08:35:14 server83 NetworkManager[922]: <warn> [1762657514.4482] dhcp4 (eth1): request timed out Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4482] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4561] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 14668 Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4562] dhcp4 (eth1): state changed timeout -> done Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4564] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:35:14 server83 NetworkManager[922]: <warn> [1762657514.4568] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4570] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4602] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4607] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4607] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4611] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4621] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4623] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:35:14 server83 NetworkManager[922]: <info> [1762657514.4634] dhcp4 (eth1): dhclient started with pid 20196 Nov 9 08:35:14 server83 dhclient[20196]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x5580141d) Nov 9 08:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52604 SEQ=1 Nov 9 08:35:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=43452 DPT=10003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23621 SEQ=1 Nov 9 08:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33573 SEQ=1 Nov 9 08:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6563 SEQ=1 Nov 9 08:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40983 SEQ=1 Nov 9 08:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45676 SEQ=1 Nov 9 08:35:21 server83 dhclient[20196]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x5580141d) Nov 9 08:35:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40535 SEQ=1 Nov 9 08:35:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:35:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.240.130 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=8134 PROTO=TCP SPT=55397 DPT=8291 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:35:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35833 SEQ=1 Nov 9 08:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19637 SEQ=1 Nov 9 08:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53124 SEQ=1 Nov 9 08:35:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.206.204 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4866 DF PROTO=TCP SPT=43344 DPT=2932 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:35:33 server83 dhclient[20196]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5580141d) Nov 9 08:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14818 SEQ=1 Nov 9 08:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31099 SEQ=1 Nov 9 08:35:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33114 PROTO=TCP SPT=51399 DPT=8657 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:35:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14818 SEQ=1 Nov 9 08:35:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12706 DF PROTO=TCP SPT=63461 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:35:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12707 DF PROTO=TCP SPT=63461 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:35:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12708 DF PROTO=TCP SPT=63461 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:35:47 server83 dhclient[20196]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x5580141d) Nov 9 08:35:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2185 SEQ=1 Nov 9 08:35:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12709 DF PROTO=TCP SPT=63461 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27961 SEQ=1 Nov 9 08:35:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.80 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49468 DPT=9157 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24369 SEQ=1 Nov 9 08:35:52 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 08:35:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.125.66 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=33729 DPT=1389 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24548 SEQ=1 Nov 9 08:35:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12710 DF PROTO=TCP SPT=63461 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:35:59 server83 NetworkManager[922]: <warn> [1762657559.4494] dhcp4 (eth1): request timed out Nov 9 08:35:59 server83 NetworkManager[922]: <info> [1762657559.4494] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:35:59 server83 NetworkManager[922]: <info> [1762657559.4573] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20196 Nov 9 08:35:59 server83 NetworkManager[922]: <info> [1762657559.4573] dhcp4 (eth1): state changed timeout -> done Nov 9 08:35:59 server83 NetworkManager[922]: <info> [1762657559.4576] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:35:59 server83 NetworkManager[922]: <warn> [1762657559.4580] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:35:59 server83 NetworkManager[922]: <info> [1762657559.4582] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:36:01 server83 systemd: Started Session 309157 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309158 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309159 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309162 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309161 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309163 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309160 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309164 of user root. Nov 9 08:36:01 server83 systemd: Started Session 309165 of user root. Nov 9 08:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19180 SEQ=1 Nov 9 08:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39419 SEQ=1 Nov 9 08:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51302 SEQ=1 Nov 9 08:36:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10590 SEQ=1 Nov 9 08:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34258 SEQ=1 Nov 9 08:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35237 SEQ=1 Nov 9 08:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13072 SEQ=1 Nov 9 08:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38621 SEQ=1 Nov 9 08:36:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.63 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56200 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:36:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.195 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51472 DPT=9860 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:36:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42273 SEQ=1 Nov 9 08:36:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42273 SEQ=1 Nov 9 08:36:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64934 SEQ=1 Nov 9 08:36:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53459 SEQ=1 Nov 9 08:36:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12711 DF PROTO=TCP SPT=64430 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:36:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12712 DF PROTO=TCP SPT=64430 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:36:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=11877 DF PROTO=TCP SPT=38805 DPT=9781 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:36:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12713 DF PROTO=TCP SPT=64430 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:36:28 server83 pam_imunify_daemon.bin: time="2025-11-09T08:36:28+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 08:36:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.127.224.63 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=13257 PROTO=TCP SPT=34171 DPT=3050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:36:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12714 DF PROTO=TCP SPT=64430 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21636 SEQ=1 Nov 9 08:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27837 SEQ=1 Nov 9 08:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47894 SEQ=1 Nov 9 08:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47894 SEQ=1 Nov 9 08:36:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.34 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=45963 DF PROTO=TCP SPT=56633 DPT=23042 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6619 SEQ=1 Nov 9 08:36:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10839 PROTO=TCP SPT=49956 DPT=25123 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:36:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=18500 PROTO=TCP SPT=34506 DPT=22422 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12715 DF PROTO=TCP SPT=64430 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=42198 DF PROTO=TCP SPT=56431 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=42200 DF PROTO=TCP SPT=56433 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.21.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=42201 DF PROTO=TCP SPT=56434 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:36:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=49060 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:36:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:36:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:36:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16171 SEQ=1 Nov 9 08:36:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=25870 PROTO=TCP SPT=47254 DPT=40209 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:36:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62123 SEQ=1 Nov 9 08:36:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6330 PROTO=TCP SPT=38396 DPT=5816 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47385 SEQ=1 Nov 9 08:36:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27410 PROTO=TCP SPT=49956 DPT=25656 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:36:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12969 PROTO=TCP SPT=56850 DPT=30873 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:36:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.194.70.251 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=6660 DF PROTO=TCP SPT=42476 DPT=10831 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=11114 DF PROTO=ICMP TYPE=8 CODE=0 ID=52581 SEQ=50434 Nov 9 08:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54981 SEQ=1 Nov 9 08:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16171 SEQ=1 Nov 9 08:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14533 SEQ=1 Nov 9 08:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4288 SEQ=1 Nov 9 08:36:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=1781 PROTO=TCP SPT=56185 DPT=7908 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:36:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63523 PROTO=TCP SPT=46370 DPT=3261 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:36:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10397 PROTO=TCP SPT=56185 DPT=7902 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27299 SEQ=1 Nov 9 08:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:37:01 server83 systemd: Started Session 309166 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309168 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309169 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309167 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309170 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309171 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309172 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309174 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309175 of user root. Nov 9 08:37:01 server83 systemd: Started Session 309173 of user root. Nov 9 08:37:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10392 SEQ=1 Nov 9 08:37:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42278 SEQ=1 Nov 9 08:37:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29157 SEQ=1 Nov 9 08:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29138 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29139 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37081 SEQ=1 Nov 9 08:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29140 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29141 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44576 SEQ=1 Nov 9 08:37:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29142 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.202.117.222 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=27412 PROTO=TCP SPT=52773 DPT=118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61422 SEQ=1 Nov 9 08:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12221 SEQ=1 Nov 9 08:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28075 SEQ=1 Nov 9 08:37:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3567 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37543 PROTO=TCP SPT=46370 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3663 SEQ=1 Nov 9 08:37:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34269 SEQ=1 Nov 9 08:37:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29143 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3494 PROTO=TCP SPT=45157 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59889 SEQ=1 Nov 9 08:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34269 SEQ=1 Nov 9 08:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56288 SEQ=1 Nov 9 08:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3495 PROTO=TCP SPT=45157 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52299 SEQ=1 Nov 9 08:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49720 DF PROTO=TCP SPT=47646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=65265 PROTO=TCP SPT=35566 DPT=6115 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54122 PROTO=TCP SPT=62138 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54124 PROTO=TCP SPT=62138 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52919 DPT=25000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:37:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37351 PROTO=TCP SPT=41356 DPT=10000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46020 SEQ=1 Nov 9 08:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.48.85.238 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=48 ID=19470 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=4 Nov 9 08:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65530 SEQ=1 Nov 9 08:37:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61812 SEQ=1 Nov 9 08:37:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.48.85.238 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=48 ID=20183 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=5 Nov 9 08:37:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.48.85.238 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=48 ID=20785 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=6 Nov 9 08:37:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.45 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52737 DPT=4545 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.48.85.238 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=48 ID=21775 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=8 Nov 9 08:37:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:37:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18180 SEQ=1 Nov 9 08:37:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32925 PROTO=TCP SPT=49956 DPT=25482 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:37:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:37:55 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49724 DF PROTO=TCP SPT=47646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58533 PROTO=TCP SPT=49956 DPT=25658 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3573 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:37:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.127.187.7 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=11078 PROTO=TCP SPT=56153 DPT=1028 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:38:00 server83 scripts.sh: Sun Nov 9 08:38:00 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 08:38:01 server83 systemd: Started Session 309176 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309177 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309179 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309180 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309178 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309181 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309182 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309183 of user root. Nov 9 08:38:01 server83 systemd: Started Session 309184 of user root. Nov 9 08:38:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:38:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=17005 PROTO=TCP SPT=58280 DPT=2328 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.165.191.27 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=51521 PROTO=TCP SPT=14166 DPT=6666 WINDOW=30178 RES=0x00 SYN URGP=0 Nov 9 08:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30749 PROTO=TCP SPT=48261 DPT=4336 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:38:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14131 PROTO=TCP SPT=55665 DPT=16616 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:38:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21159 SEQ=1 Nov 9 08:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40716 SEQ=1 Nov 9 08:38:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12485 SEQ=1 Nov 9 08:38:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29144 DF PROTO=TCP SPT=38196 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49725 DF PROTO=TCP SPT=47646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12716 DF PROTO=TCP SPT=50878 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:38:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12717 DF PROTO=TCP SPT=50878 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:38:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12718 DF PROTO=TCP SPT=50878 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42934 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63681 SEQ=1 Nov 9 08:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 08:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 08:38:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52028 SEQ=1 Nov 9 08:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42935 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11399 SEQ=1 Nov 9 08:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33991 SEQ=1 Nov 9 08:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15701 SEQ=1 Nov 9 08:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22856 SEQ=1 Nov 9 08:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12719 DF PROTO=TCP SPT=50878 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42936 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3564 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:38:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22848 PROTO=TCP SPT=46370 DPT=2698 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:38:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42937 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12720 DF PROTO=TCP SPT=50878 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:38:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22847 SEQ=1 Nov 9 08:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42938 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18902 PROTO=TCP SPT=49086 DPT=4392 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6944 SEQ=1 Nov 9 08:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17616 SEQ=1 Nov 9 08:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34595 SEQ=1 Nov 9 08:38:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49726 DF PROTO=TCP SPT=47646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.197 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=10697 PROTO=TCP SPT=54895 DPT=34467 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:38:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:38:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19972 SEQ=1 Nov 9 08:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=694 SEQ=1 Nov 9 08:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57161 SEQ=1 Nov 9 08:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57161 SEQ=1 Nov 9 08:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3042 SEQ=1 Nov 9 08:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42939 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:38:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:38:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=12869 PROTO=TCP SPT=46370 DPT=1336 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:38:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.207.179 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=6455 DF PROTO=TCP SPT=48312 DPT=6317 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:38:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.224.92.128 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52593 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:39:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39575 PROTO=TCP SPT=60583 DPT=5536 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:39:01 server83 systemd: Started Session 309186 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309187 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309190 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309191 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309192 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309185 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309189 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309188 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309193 of user root. Nov 9 08:39:01 server83 systemd: Started Session 309194 of user root. Nov 9 08:39:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46731 SEQ=1 Nov 9 08:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=46340 PROTO=TCP SPT=17947 DPT=5040 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:39:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46646 SEQ=1 Nov 9 08:39:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46000 SEQ=1 Nov 9 08:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36156 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15176 SEQ=1 Nov 9 08:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45638 SEQ=1 Nov 9 08:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45638 SEQ=1 Nov 9 08:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36157 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36158 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36159 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.251.67.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15889 PROTO=TCP SPT=51856 DPT=42222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8171 SEQ=1 Nov 9 08:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14943 SEQ=1 Nov 9 08:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56894 SEQ=1 Nov 9 08:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27794 SEQ=1 Nov 9 08:39:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36160 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42940 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:24 server83 pam_imunify_daemon.bin: time="2025-11-09T08:39:24+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 08:39:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:39:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31748 SEQ=1 Nov 9 08:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44613 SEQ=1 Nov 9 08:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49019 SEQ=1 Nov 9 08:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44613 SEQ=1 Nov 9 08:39:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59824 SEQ=1 Nov 9 08:39:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53095 SEQ=1 Nov 9 08:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36161 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39180 SEQ=1 Nov 9 08:39:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5391 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5392 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5393 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5394 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5744 PROTO=TCP SPT=46370 DPT=1292 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:39:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.113 DST=51.210.113.204 LEN=257 TOS=0x00 PREC=0x00 TTL=48 ID=43632 DF PROTO=UDP SPT=62132 DPT=5060 LEN=237 Nov 9 08:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59628 SEQ=1 Nov 9 08:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29389 SEQ=1 Nov 9 08:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4829 SEQ=1 Nov 9 08:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13054 SEQ=1 Nov 9 08:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21863 SEQ=1 Nov 9 08:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9315 SEQ=1 Nov 9 08:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5395 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:39:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39732 PROTO=TCP SPT=56949 DPT=8513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:40:01 server83 systemd: Started Session 309195 of user root. Nov 9 08:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:40:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 08:40:01 server83 systemd: Started Session 309198 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309199 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309196 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309197 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309201 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309200 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309203 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309202 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309205 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309206 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309210 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309211 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309209 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309212 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309207 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309208 of user root. Nov 9 08:40:01 server83 systemd: Started Session 309204 of user root. Nov 9 08:40:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=35241 PROTO=TCP SPT=59312 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48607 SEQ=1 Nov 9 08:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47049 SEQ=1 Nov 9 08:40:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47049 SEQ=1 Nov 9 08:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48607 SEQ=1 Nov 9 08:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57561 SEQ=1 Nov 9 08:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57561 SEQ=1 Nov 9 08:40:08 server83 systemd: Started Session c2855 of user root. Nov 9 08:40:08 server83 scripts.sh: Load Average: 2.97 , 2.83 Nov 9 08:40:08 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:40:08 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:40:08 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:40:08 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:40:08 server83 scripts.sh: MySQL Status: active Nov 9 08:40:08 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:40:08 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:40:08 server83 scripts.sh: SSHD Status: active Nov 9 08:40:08 server83 scripts.sh: FTP Status: active Nov 9 08:40:08 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:40:08 server83 scripts.sh: Imunify Status: Active Nov 9 08:40:08 server83 scripts.sh: cPanel Status: active Nov 9 08:40:08 server83 scripts.sh: Memory Status: 11/31 GB - 37.31% Nov 9 08:40:08 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:40:08 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:40:08 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:40:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36162 DF PROTO=TCP SPT=57186 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5396 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.103 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=29009 DF PROTO=TCP SPT=9572 DPT=8291 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20586 SEQ=1 Nov 9 08:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64196 SEQ=1 Nov 9 08:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7841 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7842 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2993 SEQ=1 Nov 9 08:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7843 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54571 SEQ=1 Nov 9 08:40:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7844 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7845 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6329 SEQ=1 Nov 9 08:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24370 SEQ=1 Nov 9 08:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=27255 DF PROTO=ICMP TYPE=8 CODE=0 ID=32639 SEQ=4148 Nov 9 08:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42995 SEQ=1 Nov 9 08:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34960 SEQ=1 Nov 9 08:40:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3572 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:40:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:40:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.105 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49841 DPT=26027 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:40:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5397 DF PROTO=TCP SPT=42718 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:40:46 server83 imunify360-php-daemon[734]: connections: {total = 20041, closed_as_old = 0, dropped = 3},#012messages: {total_received = 35917, blamer_received = 35905, blamer_filtered = 825, aggregated = 669, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 163, send = 0, send_failed = 168, stored = 5, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 16068, fevents_total = 9788,#012#011#011#011#011 fevents_filtered = {total = 26129, wrong_id = 132086, wrong_function_name = 8571315, match_file_false = 5990567, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 2506, fevents_stored_updated = 425, fevents_send_success = 0, fevents_send_failure = 50 } Nov 9 08:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 19417792 B, totalAlloc = 794149153192 B, sys = 68965640 B, rss = 183250944 B Nov 9 08:40:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=129.82.138.31 DST=51.210.113.204 LEN=32 TOS=0x00 PREC=0x00 TTL=43 ID=39449 DF PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=3393 Nov 9 08:40:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2099 SEQ=1 Nov 9 08:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52822 SEQ=1 Nov 9 08:40:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42267 SEQ=1 Nov 9 08:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7846 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:40:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14755 SEQ=1 Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4493] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4498] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4499] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4502] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4511] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4514] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:40:59 server83 NetworkManager[922]: <info> [1762657859.4525] dhcp4 (eth1): dhclient started with pid 25272 Nov 9 08:40:59 server83 dhclient[25272]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x2a8e7959) Nov 9 08:41:01 server83 systemd: Started Session 309213 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309214 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309215 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309216 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309217 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309218 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309219 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309221 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309220 of user root. Nov 9 08:41:01 server83 systemd: Started Session 309222 of user root. Nov 9 08:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:41:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39630 PROTO=TCP SPT=49956 DPT=29883 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:41:04 server83 dhclient[25272]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2a8e7959) Nov 9 08:41:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40229 SEQ=1 Nov 9 08:41:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1238 SEQ=1 Nov 9 08:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29336 SEQ=1 Nov 9 08:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22975 SEQ=1 Nov 9 08:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15020 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28323 SEQ=1 Nov 9 08:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15021 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:11 server83 dhclient[25272]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x2a8e7959) Nov 9 08:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7855 PROTO=TCP SPT=47279 DPT=42305 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15022 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15023 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17997 PROTO=TCP SPT=55823 DPT=4668 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3751 SEQ=1 Nov 9 08:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35448 SEQ=1 Nov 9 08:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3751 SEQ=1 Nov 9 08:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63647 SEQ=1 Nov 9 08:41:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.242.196 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42065 DPT=30476 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21671 SEQ=1 Nov 9 08:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62163 SEQ=1 Nov 9 08:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62163 SEQ=1 Nov 9 08:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15024 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7847 DF PROTO=TCP SPT=56288 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39912 PROTO=TCP SPT=34461 DPT=4102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43162 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:41:27 server83 dhclient[25272]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x2a8e7959) Nov 9 08:41:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48700 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:41:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.121.84.30 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45334 PROTO=TCP SPT=51582 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:41:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.83 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49587 DPT=16838 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:41:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20942 SEQ=1 Nov 9 08:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20942 SEQ=1 Nov 9 08:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33115 SEQ=1 Nov 9 08:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30677 SEQ=1 Nov 9 08:41:37 server83 dhclient[25272]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x2a8e7959) Nov 9 08:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56078 SEQ=1 Nov 9 08:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27877 SEQ=1 Nov 9 08:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15025 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.243.90.163 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=40491 DF PROTO=TCP SPT=54992 DPT=8081 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60412 DF PROTO=TCP SPT=42940 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60413 DF PROTO=TCP SPT=42940 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:41:44 server83 NetworkManager[922]: <warn> [1762657904.4504] dhcp4 (eth1): request timed out Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25272 Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:41:44 server83 NetworkManager[922]: <warn> [1762657904.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4705] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4708] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4709] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4712] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4722] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4724] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:41:44 server83 NetworkManager[922]: <info> [1762657904.4735] dhcp4 (eth1): dhclient started with pid 28481 Nov 9 08:41:44 server83 dhclient[28481]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x67b056de) Nov 9 08:41:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.243.90.163 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=40492 DF PROTO=TCP SPT=54992 DPT=8081 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 08:41:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60414 DF PROTO=TCP SPT=42940 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:41:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41421 SEQ=1 Nov 9 08:41:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12313 SEQ=1 Nov 9 08:41:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60415 DF PROTO=TCP SPT=42940 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50463 SEQ=1 Nov 9 08:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24858 SEQ=1 Nov 9 08:41:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.243.90.163 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=40493 DF PROTO=TCP SPT=54992 DPT=8081 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:41:52 server83 dhclient[28481]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x67b056de) Nov 9 08:41:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:41:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:41:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47843 PROTO=TCP SPT=45727 DPT=34705 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36540 SEQ=1 Nov 9 08:41:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.248 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=7884 DF PROTO=TCP SPT=39036 DPT=21296 WINDOW=32120 RES=0x00 SYN URGP=0 Nov 9 08:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60416 DF PROTO=TCP SPT=42940 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:42:01 server83 systemd: Started Session 309223 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309224 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309226 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309225 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309227 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309228 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309229 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309231 of user root. Nov 9 08:42:01 server83 systemd: Started Session 309230 of user root. Nov 9 08:42:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7724 PROTO=TCP SPT=56949 DPT=8508 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:03 server83 dhclient[28481]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x67b056de) Nov 9 08:42:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.250.80.95 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=40213 DF PROTO=TCP SPT=41237 DPT=12219 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 08:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33275 SEQ=1 Nov 9 08:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56080 SEQ=1 Nov 9 08:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38177 SEQ=1 Nov 9 08:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31499 SEQ=1 Nov 9 08:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7529 SEQ=1 Nov 9 08:42:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.123 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49273 DPT=46195 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15026 DF PROTO=TCP SPT=53442 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4256 PROTO=TCP SPT=46370 DPT=1869 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60417 DF PROTO=TCP SPT=42940 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:14 server83 dhclient[28481]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x67b056de) Nov 9 08:42:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.85.84.75 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4520 PROTO=TCP SPT=51203 DPT=8082 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10395 PROTO=TCP SPT=57873 DPT=3767 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39530 PROTO=TCP SPT=46370 DPT=3060 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.3.53.5 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=240 ID=54321 PROTO=TCP SPT=54941 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42514 SEQ=1 Nov 9 08:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14116 SEQ=1 Nov 9 08:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39686 SEQ=1 Nov 9 08:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.216.67.37 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=16099 DF PROTO=TCP SPT=17123 DPT=9197 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 08:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56525 SEQ=1 Nov 9 08:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42047 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42048 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11789 SEQ=1 Nov 9 08:42:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42049 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:26 server83 dhclient[28481]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x67b056de) Nov 9 08:42:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3571 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:42:29 server83 NetworkManager[922]: <warn> [1762657949.4403] dhcp4 (eth1): request timed out Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4403] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4563] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28481 Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4563] dhcp4 (eth1): state changed timeout -> done Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4566] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:42:29 server83 NetworkManager[922]: <warn> [1762657949.4571] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4573] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4608] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4612] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4613] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4618] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4628] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4632] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:42:29 server83 NetworkManager[922]: <info> [1762657949.4646] dhcp4 (eth1): dhclient started with pid 29484 Nov 9 08:42:29 server83 dhclient[29484]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x33b3ffba) Nov 9 08:42:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42050 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:33 server83 dhclient[29484]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x33b3ffba) Nov 9 08:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14836 SEQ=1 Nov 9 08:42:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14155 PROTO=TCP SPT=44220 DPT=8770 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:42:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=40420 PROTO=TCP SPT=35083 DPT=30476 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:42:37 server83 dhclient[29484]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x33b3ffba) Nov 9 08:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42051 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.232.39.229 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=25483 PROTO=TCP SPT=61006 DPT=13000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55326 SEQ=1 Nov 9 08:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55995 SEQ=1 Nov 9 08:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17906 SEQ=1 Nov 9 08:42:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2775 PROTO=TCP SPT=57873 DPT=29103 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.59.212.230 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=4619 PROTO=TCP SPT=50536 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.26.105.144 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=43 ID=0 DF PROTO=TCP SPT=53553 DPT=6010 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=48574 PROTO=TCP SPT=9167 DPT=43396 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:42:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20740 PROTO=TCP SPT=46013 DPT=4821 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:42:44 server83 dhclient[29484]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x33b3ffba) Nov 9 08:42:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12722 DF PROTO=TCP SPT=55523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:42:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41601 SEQ=1 Nov 9 08:42:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12723 DF PROTO=TCP SPT=55523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:42:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32236 SEQ=1 Nov 9 08:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17079 SEQ=1 Nov 9 08:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51666 SEQ=1 Nov 9 08:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17291 SEQ=1 Nov 9 08:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56268 SEQ=1 Nov 9 08:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12724 DF PROTO=TCP SPT=55523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:42:51 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.91 DST=51.210.113.204 LEN=51 TOS=0x00 PREC=0x00 TTL=45 ID=53652 DF PROTO=UDP SPT=33310 DPT=623 LEN=31 Nov 9 08:42:54 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:42:54 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:42:54 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42052 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:42:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=121.91.169.103 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=35 ID=15501 DF PROTO=ICMP TYPE=8 CODE=0 ID=53263 SEQ=38520 Nov 9 08:42:55 server83 dhclient[29484]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x33b3ffba) Nov 9 08:42:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=32433 PROTO=TCP SPT=53857 DPT=44345 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63772 PROTO=TCP SPT=58603 DPT=5555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:42:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12725 DF PROTO=TCP SPT=55523 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:43:01 server83 systemd: Started Session 309234 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309232 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309237 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309235 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309233 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309238 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309236 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309239 of user root. Nov 9 08:43:01 server83 systemd: Started Session 309240 of user root. Nov 9 08:43:03 server83 dhclient[29484]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x33b3ffba) Nov 9 08:43:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.19 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=38570 PROTO=TCP SPT=26200 DPT=2352 WINDOW=64482 RES=0x00 SYN URGP=0 Nov 9 08:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25402 SEQ=1 Nov 9 08:43:07 server83 pam_imunify_daemon.bin: time="2025-11-09T08:43:07+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 08:43:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:43:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.130 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55517 DPT=9849 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34538 SEQ=1 Nov 9 08:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10281 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.65 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=31068 DF PROTO=TCP SPT=13895 DPT=5006 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10282 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:14 server83 NetworkManager[922]: <warn> [1762657994.4385] dhcp4 (eth1): request timed out Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4385] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4546] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29484 Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4546] dhcp4 (eth1): state changed timeout -> done Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4549] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:43:14 server83 NetworkManager[922]: <warn> [1762657994.4554] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4557] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4591] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4596] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4598] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4602] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4613] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4616] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:43:14 server83 NetworkManager[922]: <info> [1762657994.4628] dhcp4 (eth1): dhclient started with pid 31056 Nov 9 08:43:14 server83 dhclient[31056]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x290c1449) Nov 9 08:43:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10283 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:16 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 08:43:16 server83 systemd: Stopped Status Update Service. Nov 9 08:43:16 server83 systemd: Started Status Update Service. Nov 9 08:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10284 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:19 server83 dhclient[31056]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x290c1449) Nov 9 08:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45882 SEQ=1 Nov 9 08:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44852 SEQ=1 Nov 9 08:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39577 SEQ=1 Nov 9 08:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44852 SEQ=1 Nov 9 08:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2364 SEQ=1 Nov 9 08:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5938 SEQ=1 Nov 9 08:43:25 server83 dhclient[31056]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x290c1449) Nov 9 08:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10285 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42053 DF PROTO=TCP SPT=44416 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46539 PROTO=TCP SPT=45727 DPT=32935 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.109 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=52388 DPT=8015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:43:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.91 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54447 DPT=1250 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:43:33 server83 dhclient[31056]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x290c1449) Nov 9 08:43:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3570 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50914 DPT=4441 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59913 SEQ=1 Nov 9 08:43:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.15.34.47 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=1 DF PROTO=TCP SPT=61000 DPT=25568 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 08:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17384 SEQ=1 Nov 9 08:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48511 SEQ=1 Nov 9 08:43:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=1953 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34130 SEQ=1 Nov 9 08:43:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29795 SEQ=1 Nov 9 08:43:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40674 SEQ=1 Nov 9 08:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6159 PROTO=TCP SPT=55473 DPT=7931 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=1953 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10286 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55999 DF PROTO=TCP SPT=47360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37879 SEQ=1 Nov 9 08:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56000 DF PROTO=TCP SPT=47360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=1953 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=549 PROTO=TCP SPT=53857 DPT=44379 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56001 DF PROTO=TCP SPT=47360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2314 SEQ=1 Nov 9 08:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56350 SEQ=1 Nov 9 08:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7766 SEQ=1 Nov 9 08:43:49 server83 dhclient[31056]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x290c1449) Nov 9 08:43:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.24.211.239 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=1953 PROTO=TCP SPT=47323 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.143.152.247 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=44196 DPT=22999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:43:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:43:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:43:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:43:59 server83 NetworkManager[922]: <warn> [1762658039.4393] dhcp4 (eth1): request timed out Nov 9 08:43:59 server83 NetworkManager[922]: <info> [1762658039.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:43:59 server83 NetworkManager[922]: <info> [1762658039.4553] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31056 Nov 9 08:43:59 server83 NetworkManager[922]: <info> [1762658039.4554] dhcp4 (eth1): state changed timeout -> done Nov 9 08:43:59 server83 NetworkManager[922]: <info> [1762658039.4556] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:43:59 server83 NetworkManager[922]: <warn> [1762658039.4560] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:43:59 server83 NetworkManager[922]: <info> [1762658039.4562] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:44:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:44:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:44:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5862 SEQ=1 Nov 9 08:44:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6708 SEQ=1 Nov 9 08:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.136 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=37960 PROTO=TCP SPT=3436 DPT=5984 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56003 DF PROTO=TCP SPT=47360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5862 SEQ=1 Nov 9 08:44:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15888 SEQ=1 Nov 9 08:44:01 server83 systemd: Started Session 309241 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309242 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309243 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309245 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309244 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309246 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309248 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309249 of user root. Nov 9 08:44:01 server83 systemd: Started Session 309247 of user root. Nov 9 08:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:44:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7688 SEQ=1 Nov 9 08:44:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3569 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3904 SEQ=1 Nov 9 08:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24135 SEQ=1 Nov 9 08:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10287 DF PROTO=TCP SPT=50610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56004 DF PROTO=TCP SPT=47360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.75 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57885 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1148 SEQ=1 Nov 9 08:44:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4055 SEQ=1 Nov 9 08:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26472 SEQ=1 Nov 9 08:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61301 SEQ=1 Nov 9 08:44:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12726 DF PROTO=TCP SPT=57770 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43826 SEQ=1 Nov 9 08:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25585 SEQ=1 Nov 9 08:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31798 SEQ=1 Nov 9 08:44:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12727 DF PROTO=TCP SPT=57770 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12728 DF PROTO=TCP SPT=57770 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55048 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55049 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:44:28 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55050 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12729 DF PROTO=TCP SPT=57770 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.247 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=22720 DF PROTO=TCP SPT=47344 DPT=3690 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:44:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=23241 PROTO=TCP SPT=56956 DPT=8410 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26049 SEQ=1 Nov 9 08:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55051 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9495 SEQ=1 Nov 9 08:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48969 SEQ=1 Nov 9 08:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12252 SEQ=1 Nov 9 08:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.74.50.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48672 DPT=2091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:44:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12730 DF PROTO=TCP SPT=57770 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20897 SEQ=1 Nov 9 08:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54190 SEQ=1 Nov 9 08:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.45 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=51777 PROTO=TCP SPT=55895 DPT=2306 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55052 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.117 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=23513 PROTO=TCP SPT=41871 DPT=900 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:44:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15940 SEQ=1 Nov 9 08:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39059 SEQ=1 Nov 9 08:44:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21559 SEQ=1 Nov 9 08:44:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56005 DF PROTO=TCP SPT=47360 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9137 SEQ=1 Nov 9 08:44:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4694 SEQ=1 Nov 9 08:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29960 SEQ=1 Nov 9 08:44:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50130 DPT=2091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55053 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:44:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=179.63.15.107 DST=145.239.177.179 LEN=105 TOS=0x00 PREC=0x00 TTL=47 ID=27249 DF PROTO=UDP SPT=18894 DPT=6881 LEN=85 Nov 9 08:45:01 server83 systemd: Started Session 309252 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309251 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309250 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309253 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309255 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309254 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309257 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309256 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309259 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309260 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309258 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309262 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309263 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309261 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309266 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309267 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309264 of user root. Nov 9 08:45:01 server83 systemd: Started Session 309265 of user root. Nov 9 08:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 08:45:01 server83 systemd: Started Session 309268 of user sanatanhinduvahi. Nov 9 08:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56857 SEQ=1 Nov 9 08:45:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 08:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5355 SEQ=1 Nov 9 08:45:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12731 DF PROTO=TCP SPT=58687 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54634 SEQ=1 Nov 9 08:45:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12732 DF PROTO=TCP SPT=58687 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12733 DF PROTO=TCP SPT=58687 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=5.188.206.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25109 PROTO=TCP SPT=40590 DPT=49000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56857 SEQ=1 Nov 9 08:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42013 SEQ=1 Nov 9 08:45:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3562 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:45:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12734 DF PROTO=TCP SPT=58687 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52632 SEQ=1 Nov 9 08:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.135 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45591 PROTO=TCP SPT=27173 DPT=179 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:45:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37088 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5177 PROTO=TCP SPT=49451 DPT=4340 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37089 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12735 DF PROTO=TCP SPT=58687 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37090 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42037 SEQ=1 Nov 9 08:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42846 SEQ=1 Nov 9 08:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37091 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9500 SEQ=1 Nov 9 08:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=36209 DF PROTO=ICMP TYPE=8 CODE=0 ID=52479 SEQ=44162 Nov 9 08:45:23 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 08:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20640 SEQ=1 Nov 9 08:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=774 SEQ=1 Nov 9 08:45:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=36.50.56.131 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19507 PROTO=TCP SPT=58101 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:45:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43063 PROTO=TCP SPT=34791 DPT=7432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55054 DF PROTO=TCP SPT=39548 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37092 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.231 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33210 DF PROTO=TCP SPT=47308 DPT=3375 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10977 SEQ=1 Nov 9 08:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20943 SEQ=1 Nov 9 08:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64273 SEQ=1 Nov 9 08:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12010 SEQ=1 Nov 9 08:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23878 SEQ=1 Nov 9 08:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18781 SEQ=1 Nov 9 08:45:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.43 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=42280 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:45:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54673 PROTO=TCP SPT=60211 DPT=6511 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37093 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:45:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38375 DPT=1801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21666 SEQ=1 Nov 9 08:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20422 DF PROTO=TCP SPT=39670 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20423 DF PROTO=TCP SPT=39670 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31466 SEQ=1 Nov 9 08:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31466 SEQ=1 Nov 9 08:45:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26944 SEQ=1 Nov 9 08:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20424 DF PROTO=TCP SPT=39670 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22385 SEQ=1 Nov 9 08:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22385 SEQ=1 Nov 9 08:45:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59495 PROTO=TCP SPT=61717 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:45:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12736 DF PROTO=TCP SPT=59938 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5029 SEQ=1 Nov 9 08:45:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59496 PROTO=TCP SPT=61717 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:45:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12737 DF PROTO=TCP SPT=59938 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12738 DF PROTO=TCP SPT=59938 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:46:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21055 PROTO=TCP SPT=62172 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:46:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12739 DF PROTO=TCP SPT=59938 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:46:01 server83 systemd: Started Session 309269 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309270 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309271 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309274 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309272 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309273 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309275 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309277 of user root. Nov 9 08:46:01 server83 systemd: Started Session 309276 of user root. Nov 9 08:46:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.70 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=41846 PROTO=TCP SPT=62545 DPT=29385 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20426 DF PROTO=TCP SPT=39670 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22191 SEQ=1 Nov 9 08:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50727 SEQ=1 Nov 9 08:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57383 SEQ=1 Nov 9 08:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=37387 DF PROTO=ICMP TYPE=8 CODE=0 ID=5850 SEQ=51853 Nov 9 08:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9044 SEQ=1 Nov 9 08:46:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12740 DF PROTO=TCP SPT=59938 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32275 SEQ=1 Nov 9 08:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39634 SEQ=1 Nov 9 08:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32275 SEQ=1 Nov 9 08:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29173 SEQ=1 Nov 9 08:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40836 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:46:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30554 SEQ=1 Nov 9 08:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37094 DF PROTO=TCP SPT=43722 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20427 DF PROTO=TCP SPT=39670 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.121 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=656 DF PROTO=TCP SPT=14161 DPT=2341 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19821 PROTO=TCP SPT=46370 DPT=2488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:46:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45443 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57210 PROTO=TCP SPT=46370 DPT=3238 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45444 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.211 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57260 DPT=32768 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23501 SEQ=1 Nov 9 08:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65474 SEQ=1 Nov 9 08:46:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58586 SEQ=1 Nov 9 08:46:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45445 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50810 SEQ=1 Nov 9 08:46:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45446 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=47672 PROTO=TCP SPT=47254 DPT=8283 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57711 SEQ=1 Nov 9 08:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38293 SEQ=1 Nov 9 08:46:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20833 PROTO=TCP SPT=41482 DPT=4374 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45447 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:46:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45420 SEQ=1 Nov 9 08:46:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7469 SEQ=1 Nov 9 08:46:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9692 SEQ=1 Nov 9 08:46:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26160 SEQ=1 Nov 9 08:46:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.194.43 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=8951 PROTO=TCP SPT=44199 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:46:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3561 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20428 DF PROTO=TCP SPT=39670 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45448 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:47:01 server83 systemd: Started Session 309278 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309280 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309281 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309279 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309282 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309283 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309284 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309285 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309286 of user root. Nov 9 08:47:01 server83 systemd: Started Session 309287 of user root. Nov 9 08:47:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.221.136.246 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=51951 DF PROTO=TCP SPT=52975 DPT=5523 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 08:47:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=923 PROTO=TCP SPT=43739 DPT=2723 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:47:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27990 PROTO=TCP SPT=38865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27991 PROTO=TCP SPT=38865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22295 PROTO=TCP SPT=62853 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27992 PROTO=TCP SPT=38865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22296 PROTO=TCP SPT=62853 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27993 PROTO=TCP SPT=38865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22297 PROTO=TCP SPT=62853 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20151 SEQ=1 Nov 9 08:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48789 SEQ=1 Nov 9 08:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42336 SEQ=1 Nov 9 08:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20151 SEQ=1 Nov 9 08:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9584 SEQ=1 Nov 9 08:47:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=22299 PROTO=TCP SPT=62853 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24061 SEQ=1 Nov 9 08:47:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=36.50.56.131 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44686 PROTO=TCP SPT=58101 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=6100 DF PROTO=ICMP TYPE=8 CODE=0 ID=43534 SEQ=12514 Nov 9 08:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37441 SEQ=1 Nov 9 08:47:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.24 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57095 DPT=9469 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:47:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:47:30 server83 scripts.sh: Sun Nov 9 08:47:30 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 08:47:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45449 DF PROTO=TCP SPT=48482 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 08:47:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63499 SEQ=1 Nov 9 08:47:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48752 SEQ=1 Nov 9 08:47:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1778 SEQ=1 Nov 9 08:47:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33745 SEQ=1 Nov 9 08:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30527 SEQ=1 Nov 9 08:47:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54396 PROTO=TCP SPT=55665 DPT=40670 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:47:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.207 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56472 DPT=7678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:47:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.248 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52863 DPT=7168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:47:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22518 PROTO=TCP SPT=47970 DPT=4904 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:47:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58840 SEQ=1 Nov 9 08:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18716 SEQ=1 Nov 9 08:47:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=40593 PROTO=TCP SPT=33976 DPT=5683 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10279 SEQ=1 Nov 9 08:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18716 SEQ=1 Nov 9 08:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.128.69.194 DST=51.210.113.204 LEN=48 TOS=0x08 PREC=0x60 TTL=238 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=28112 SEQ=57426 Nov 9 08:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44650 SEQ=1 Nov 9 08:47:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:47:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:47:55 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:48:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54318 PROTO=TCP SPT=45727 DPT=32287 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3560 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:48:01 server83 systemd: Started Session 309289 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309288 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309290 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309291 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309292 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309293 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309294 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309295 of user root. Nov 9 08:48:01 server83 systemd: Started Session 309296 of user root. Nov 9 08:48:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.135.161 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5001 DF PROTO=TCP SPT=38129 DPT=33656 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:48:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=142.93.35.137 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=65031 PROTO=TCP SPT=61013 DPT=8088 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54681 SEQ=1 Nov 9 08:48:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20393 SEQ=1 Nov 9 08:48:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54681 SEQ=1 Nov 9 08:48:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60634 SEQ=1 Nov 9 08:48:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10292 SEQ=1 Nov 9 08:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17059 SEQ=1 Nov 9 08:48:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44134 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:48:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19983 PROTO=TCP SPT=45858 DPT=5364 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:48:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:48:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3516 SEQ=1 Nov 9 08:48:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.32 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=61391 DF PROTO=TCP SPT=63122 DPT=29842 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14875 SEQ=1 Nov 9 08:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 08:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 08:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61411 SEQ=1 Nov 9 08:48:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=52485 PROTO=TCP SPT=56114 DPT=7809 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61411 SEQ=1 Nov 9 08:48:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5759 PROTO=TCP SPT=49956 DPT=29709 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:29 server83 aibolit_wrapper[7114]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583098836946.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583098838462.txt --log=/tmp/malware_cleaner_log_17626583098839926.txt --progress=/tmp/malware_cleaner_progress_17626583098839546.json --csv_result=/tmp/revisium_csvfile_17626583098839704.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:48:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56726 PROTO=TCP SPT=35065 DPT=4842 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:48:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3559 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3567 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8879 SEQ=1 Nov 9 08:48:34 server83 aibolit_wrapper[7513]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583142335088.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583142336642.txt --log=/tmp/malware_cleaner_log_17626583142338274.txt --progress=/tmp/malware_cleaner_progress_17626583142337832.json --csv_result=/tmp/revisium_csvfile_17626583142338024.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28989 SEQ=1 Nov 9 08:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57243 SEQ=1 Nov 9 08:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25474 SEQ=1 Nov 9 08:48:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22411 SEQ=1 Nov 9 08:48:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.38 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49883 DPT=9856 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:48:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.95 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49887 DPT=9444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:48:40 server83 imunify-auditd-log-reader[9638]: failed to send files events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:48:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=137.184.85.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42765 DPT=6666 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rjust: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.include: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rfind: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.class: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.uconvert: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.sys: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.internal: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.lock: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.ibase_pconnection: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.ob_iconv_handle: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.request: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.post: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.multi: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.accept: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.partition: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.accepted: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.system: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.content: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.db2_convert: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.config: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.reset: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.mb_convert: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.cache: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.created: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.requests: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rindex: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.classes: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.locked: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.center: ProactiveModel.Host should not be empty Nov 9 08:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:48:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:48:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=53365 PROTO=TCP SPT=56256 DPT=8003 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:47 server83 aibolit_wrapper[9037]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583275457712.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583275458970.txt --log=/tmp/malware_cleaner_log_17626583275460516.txt --progress=/tmp/malware_cleaner_progress_17626583275460040.json --csv_result=/tmp/revisium_csvfile_17626583275460238.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37385 SEQ=1 Nov 9 08:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3705 SEQ=1 Nov 9 08:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45320 SEQ=1 Nov 9 08:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20734 SEQ=1 Nov 9 08:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19850 SEQ=1 Nov 9 08:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20734 SEQ=1 Nov 9 08:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60024 SEQ=1 Nov 9 08:48:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3558 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:48:57 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.69 DST=145.239.177.179 LEN=33 TOS=0x00 PREC=0x00 TTL=46 ID=63156 DF PROTO=UDP SPT=24288 DPT=3283 LEN=13 Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4499] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4504] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4505] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4509] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4520] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4523] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:48:59 server83 NetworkManager[922]: <info> [1762658339.4535] dhcp4 (eth1): dhclient started with pid 9846 Nov 9 08:48:59 server83 dhclient[9846]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x47d98f00) Nov 9 08:49:00 server83 aibolit_wrapper[9892]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583407116418.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626583407118338.txt --progress=/tmp/malware_cleaner_progress_17626583407118048.json --csv_result=/tmp/revisium_csvfile_17626583407118190.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44322 SEQ=1 Nov 9 08:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:49:01 server83 systemd: Started Session 309297 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309298 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309300 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309299 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309302 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309303 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309301 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309305 of user root. Nov 9 08:49:01 server83 systemd: Started Session 309304 of user root. Nov 9 08:49:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44322 SEQ=1 Nov 9 08:49:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41896 SEQ=1 Nov 9 08:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.67.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34008 DPT=8079 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:49:05 server83 aibolit_wrapper[10109]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583459594416.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626583459597478.txt --progress=/tmp/malware_cleaner_progress_17626583459596774.json --csv_result=/tmp/revisium_csvfile_17626583459597074.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:06 server83 dhclient[9846]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x47d98f00) Nov 9 08:49:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=45322 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41896 SEQ=1 Nov 9 08:49:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=2503 PROTO=TCP SPT=58342 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.183 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51347 DPT=45131 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:49:11 server83 aibolit_wrapper[10320]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583512802770.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583512804134.txt --log=/tmp/malware_cleaner_log_17626583512805868.txt --progress=/tmp/malware_cleaner_progress_17626583512805492.json --csv_result=/tmp/revisium_csvfile_17626583512805686.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=47462 PROTO=TCP SPT=58342 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52935 DPT=92 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=48102 PROTO=TCP SPT=58342 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.135.161 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5143 DF PROTO=TCP SPT=43255 DPT=10140 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:49:17 server83 dhclient[9846]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x47d98f00) Nov 9 08:49:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9204 SEQ=1 Nov 9 08:49:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19534 SEQ=1 Nov 9 08:49:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:22 server83 aibolit_wrapper[10578]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583622789090.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626583622792420.txt --progress=/tmp/malware_cleaner_progress_17626583622791838.json --csv_result=/tmp/revisium_csvfile_17626583622792122.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31762 SEQ=1 Nov 9 08:49:23 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 08:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38027 SEQ=1 Nov 9 08:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38027 SEQ=1 Nov 9 08:49:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.179 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52827 DPT=26027 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:49:27 server83 aibolit_wrapper[10775]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583677166772.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583677168340.txt --log=/tmp/malware_cleaner_log_17626583677169954.txt --progress=/tmp/malware_cleaner_progress_17626583677169544.json --csv_result=/tmp/revisium_csvfile_17626583677169738.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.77 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=49005 PROTO=TCP SPT=51342 DPT=9042 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30750 PROTO=TCP SPT=42671 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:31 server83 dhclient[9846]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x47d98f00) Nov 9 08:49:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30751 PROTO=TCP SPT=42671 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10777 PROTO=TCP SPT=40569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30752 PROTO=TCP SPT=42671 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2461 SEQ=1 Nov 9 08:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35963 SEQ=1 Nov 9 08:49:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10778 PROTO=TCP SPT=40569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30753 PROTO=TCP SPT=42671 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50138 PROTO=TCP SPT=57873 DPT=28565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10779 PROTO=TCP SPT=40569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30754 PROTO=TCP SPT=42671 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3564 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.87 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=45283 PROTO=TCP SPT=58914 DPT=347 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:36 server83 aibolit_wrapper[11016]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583768669794.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583768671276.txt --log=/tmp/malware_cleaner_log_17626583768673336.txt --progress=/tmp/malware_cleaner_progress_17626583768672740.json --csv_result=/tmp/revisium_csvfile_17626583768672960.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10781 PROTO=TCP SPT=40569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18021 SEQ=1 Nov 9 08:49:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6672 SEQ=1 Nov 9 08:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57419 SEQ=1 Nov 9 08:49:39 server83 systemd: Started Session c2856 of user root. Nov 9 08:49:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47581 PROTO=TCP SPT=46370 DPT=3059 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35694 SEQ=1 Nov 9 08:49:39 server83 scripts.sh: Load Average: 2.17 , 2.09 Nov 9 08:49:39 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:49:39 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:49:39 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:49:39 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:49:39 server83 scripts.sh: MySQL Status: active Nov 9 08:49:39 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:49:39 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:49:39 server83 scripts.sh: SSHD Status: active Nov 9 08:49:39 server83 scripts.sh: FTP Status: active Nov 9 08:49:39 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:49:39 server83 scripts.sh: Imunify Status: Active Nov 9 08:49:39 server83 scripts.sh: cPanel Status: active Nov 9 08:49:39 server83 scripts.sh: Memory Status: 12/31 GB - 38.66% Nov 9 08:49:39 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:49:39 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:49:39 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61716 SEQ=1 Nov 9 08:49:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:49:43 server83 dhclient[9846]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x47d98f00) Nov 9 08:49:44 server83 NetworkManager[922]: <warn> [1762658384.4423] dhcp4 (eth1): request timed out Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 9846 Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:49:44 server83 NetworkManager[922]: <warn> [1762658384.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4616] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4618] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4618] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4620] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4628] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4630] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:49:44 server83 NetworkManager[922]: <info> [1762658384.4639] dhcp4 (eth1): dhclient started with pid 11294 Nov 9 08:49:44 server83 dhclient[11294]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x56fdb9cb) Nov 9 08:49:46 server83 aibolit_wrapper[11349]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583863664720.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583863665938.txt --log=/tmp/malware_cleaner_log_17626583863667408.txt --progress=/tmp/malware_cleaner_progress_17626583863667056.json --csv_result=/tmp/revisium_csvfile_17626583863667232.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61597 PROTO=TCP SPT=36749 DPT=6431 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.db2_convert: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.uconvert: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.post: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.classes: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.content: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.locked: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rindex: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.accepted: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.sys: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.partition: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.mb_convert: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.cache: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.lock: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rjust: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.include: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rfind: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.created: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.internal: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.reset: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.system: ProactiveModel.Host should not be empty Nov 9 08:49:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:49:47 server83 dhclient[11294]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x56fdb9cb) Nov 9 08:49:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35343 SEQ=1 Nov 9 08:49:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8532 SEQ=1 Nov 9 08:49:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48965 SEQ=1 Nov 9 08:49:50 server83 aibolit_wrapper[11466]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583906463034.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583906463826.txt --log=/tmp/malware_cleaner_log_17626583906464642.txt --progress=/tmp/malware_cleaner_progress_17626583906464394.json --csv_result=/tmp/revisium_csvfile_17626583906464476.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8532 SEQ=1 Nov 9 08:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35343 SEQ=1 Nov 9 08:49:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48058 SEQ=1 Nov 9 08:49:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32053 PROTO=TCP SPT=49956 DPT=29519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:49:52 server83 dhclient[11294]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x56fdb9cb) Nov 9 08:49:54 server83 aibolit_wrapper[11583]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626583947993466.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626583947994750.txt --log=/tmp/malware_cleaner_log_17626583947996102.txt --progress=/tmp/malware_cleaner_progress_17626583947995758.json --csv_result=/tmp/revisium_csvfile_17626583947995918.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:50:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 08:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:50:01 server83 systemd: Started Session 309307 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309306 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309311 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309308 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309310 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309312 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309316 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309315 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309313 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309314 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309309 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309318 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309319 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309317 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309320 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309321 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309322 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309324 of user root. Nov 9 08:50:01 server83 systemd: Started Session 309323 of user root. Nov 9 08:50:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40510 DPT=25000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12741 DF PROTO=TCP SPT=64515 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:50:02 server83 aibolit_wrapper[12091]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584026824532.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584026825904.txt --log=/tmp/malware_cleaner_log_17626584026827290.txt --progress=/tmp/malware_cleaner_progress_17626584026826916.json --csv_result=/tmp/revisium_csvfile_17626584026827066.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29035 SEQ=1 Nov 9 08:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63347 SEQ=1 Nov 9 08:50:03 server83 dhclient[11294]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x56fdb9cb) Nov 9 08:50:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12742 DF PROTO=TCP SPT=64515 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12743 DF PROTO=TCP SPT=64515 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:50:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56013 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.190.163.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44709 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54403 PROTO=TCP SPT=56834 DPT=30873 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38807 SEQ=1 Nov 9 08:50:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12744 DF PROTO=TCP SPT=64515 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:50:13 server83 aibolit_wrapper[12461]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584133515548.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584133516586.txt --log=/tmp/malware_cleaner_log_17626584133517646.txt --progress=/tmp/malware_cleaner_progress_17626584133517356.json --csv_result=/tmp/revisium_csvfile_17626584133517488.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12745 DF PROTO=TCP SPT=64515 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:50:17 server83 aibolit_wrapper[12609]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584175414634.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584175415396.txt --log=/tmp/malware_cleaner_log_17626584175416104.txt --progress=/tmp/malware_cleaner_progress_17626584175415930.json --csv_result=/tmp/revisium_csvfile_17626584175416008.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37784 SEQ=1 Nov 9 08:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12250 SEQ=1 Nov 9 08:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11292 SEQ=1 Nov 9 08:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39096 SEQ=1 Nov 9 08:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1067 SEQ=1 Nov 9 08:50:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:50:22 server83 aibolit_wrapper[12714]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584226912446.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584226914110.txt --log=/tmp/malware_cleaner_log_17626584226915820.txt --progress=/tmp/malware_cleaner_progress_17626584226915380.json --csv_result=/tmp/revisium_csvfile_17626584226915602.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:23 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:50:24 server83 dhclient[11294]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x56fdb9cb) Nov 9 08:50:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37249 SEQ=1 Nov 9 08:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.65.212 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=4661 DF PROTO=TCP SPT=38906 DPT=5317 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 08:50:29 server83 NetworkManager[922]: <warn> [1762658429.4480] dhcp4 (eth1): request timed out Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4480] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4640] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11294 Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4640] dhcp4 (eth1): state changed timeout -> done Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4642] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:50:29 server83 NetworkManager[922]: <warn> [1762658429.4647] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4649] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4683] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4687] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4688] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4692] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4703] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4706] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:50:29 server83 NetworkManager[922]: <info> [1762658429.4719] dhcp4 (eth1): dhclient started with pid 12838 Nov 9 08:50:29 server83 dhclient[12838]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2e58a313) Nov 9 08:50:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34628 SEQ=1 Nov 9 08:50:34 server83 aibolit_wrapper[12968]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584343355442.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584343356836.txt --log=/tmp/malware_cleaner_log_17626584343358286.txt --progress=/tmp/malware_cleaner_progress_17626584343357896.json --csv_result=/tmp/revisium_csvfile_17626584343358056.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:36 server83 dhclient[12838]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x2e58a313) Nov 9 08:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.71.133.68 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40752 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34426 SEQ=1 Nov 9 08:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52038 SEQ=1 Nov 9 08:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9391 SEQ=1 Nov 9 08:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34426 SEQ=1 Nov 9 08:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=36410 PROTO=TCP SPT=49750 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11204 PROTO=TCP SPT=45727 DPT=34435 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:50:44 server83 aibolit_wrapper[13256]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584441053656.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584441055096.txt --log=/tmp/malware_cleaner_log_17626584441056814.txt --progress=/tmp/malware_cleaner_progress_17626584441056376.json --csv_result=/tmp/revisium_csvfile_17626584441056568.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:50:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.186 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55863 DPT=9391 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52054 DPT=10800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54142 SEQ=1 Nov 9 08:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24785 SEQ=1 Nov 9 08:50:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54142 SEQ=1 Nov 9 08:50:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50739 SEQ=1 Nov 9 08:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24785 SEQ=1 Nov 9 08:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31358 SEQ=1 Nov 9 08:50:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.64.104.5 DST=145.239.177.179 LEN=32 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=52653 DPT=5351 LEN=12 Nov 9 08:50:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30167 PROTO=TCP SPT=45727 DPT=33972 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:50:54 server83 aibolit_wrapper[13478]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584547701354.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584547702630.txt --log=/tmp/malware_cleaner_log_17626584547704120.txt --progress=/tmp/malware_cleaner_progress_17626584547703790.json --csv_result=/tmp/revisium_csvfile_17626584547703934.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:50:55 server83 dhclient[12838]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x2e58a313) Nov 9 08:50:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.127 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18710 DF PROTO=TCP SPT=23771 DPT=9613 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:50:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=28343 PROTO=TCP SPT=56033 DPT=7705 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40092 PROTO=TCP SPT=45727 DPT=30449 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:51:01 server83 systemd: Started Session 309325 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309327 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309328 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309329 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309326 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309330 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309333 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309332 of user root. Nov 9 08:51:01 server83 systemd: Started Session 309331 of user root. Nov 9 08:51:01 server83 aibolit_wrapper[13728]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584615028358.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584615029180.txt --log=/tmp/malware_cleaner_log_17626584615030210.txt --progress=/tmp/malware_cleaner_progress_17626584615029888.json --csv_result=/tmp/revisium_csvfile_17626584615030044.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.50.16.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54904 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:51:05 server83 aibolit_wrapper[13860]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584658226302.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584658227702.txt --log=/tmp/malware_cleaner_log_17626584658229454.txt --progress=/tmp/malware_cleaner_progress_17626584658229044.json --csv_result=/tmp/revisium_csvfile_17626584658229254.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49414 SEQ=1 Nov 9 08:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39913 SEQ=1 Nov 9 08:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22708 SEQ=1 Nov 9 08:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39913 SEQ=1 Nov 9 08:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58677 SEQ=1 Nov 9 08:51:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=9929 PROTO=TCP SPT=56850 DPT=28850 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:51:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35250 PROTO=TCP SPT=57873 DPT=11724 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33997 SEQ=1 Nov 9 08:51:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:51:10 server83 dhclient[12838]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x2e58a313) Nov 9 08:51:13 server83 aibolit_wrapper[14182]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584736230776.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584736232226.txt --log=/tmp/malware_cleaner_log_17626584736233860.txt --progress=/tmp/malware_cleaner_progress_17626584736233442.json --csv_result=/tmp/revisium_csvfile_17626584736233620.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:14 server83 NetworkManager[922]: <warn> [1762658474.4503] dhcp4 (eth1): request timed out Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4823] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12838 Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4825] dhcp4 (eth1): state changed timeout -> done Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4827] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:51:14 server83 NetworkManager[922]: <warn> [1762658474.4832] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4834] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4867] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4872] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4874] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4878] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4889] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4893] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:51:14 server83 NetworkManager[922]: <info> [1762658474.4911] dhcp4 (eth1): dhclient started with pid 14215 Nov 9 08:51:14 server83 dhclient[14215]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2de7b5eb) Nov 9 08:51:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12746 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:20 server83 aibolit_wrapper[14327]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584804798130.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584804799502.txt --log=/tmp/malware_cleaner_log_17626584804801280.txt --progress=/tmp/malware_cleaner_progress_17626584804800830.json --csv_result=/tmp/revisium_csvfile_17626584804801024.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17806 SEQ=1 Nov 9 08:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31020 SEQ=1 Nov 9 08:51:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12747 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13354 SEQ=1 Nov 9 08:51:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36431 PROTO=TCP SPT=45727 DPT=30771 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15780 SEQ=1 Nov 9 08:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56629 SEQ=1 Nov 9 08:51:22 server83 dhclient[14215]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x2de7b5eb) Nov 9 08:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58779 SEQ=1 Nov 9 08:51:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12748 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.240.130 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=17448 PROTO=TCP SPT=42030 DPT=8291 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:51:23 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:51:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.38 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50351 DPT=6441 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:51:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=32968 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:51:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12749 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:30 server83 aibolit_wrapper[14593]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584905370962.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584905372642.txt --log=/tmp/malware_cleaner_log_17626584905374444.txt --progress=/tmp/malware_cleaner_progress_17626584905373976.json --csv_result=/tmp/revisium_csvfile_17626584905374162.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:33 server83 dhclient[14215]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x2de7b5eb) Nov 9 08:51:34 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:51:34 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:51:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12750 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12524 SEQ=1 Nov 9 08:51:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48095 SEQ=1 Nov 9 08:51:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60944 SEQ=1 Nov 9 08:51:38 server83 aibolit_wrapper[14849]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626584986221672.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626584986223256.txt --log=/tmp/malware_cleaner_log_17626584986225192.txt --progress=/tmp/malware_cleaner_progress_17626584986224800.json --csv_result=/tmp/revisium_csvfile_17626584986224992.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44645 PROTO=TCP SPT=52437 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26261 SEQ=1 Nov 9 08:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30476 SEQ=1 Nov 9 08:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46896 SEQ=1 Nov 9 08:51:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21739 PROTO=TCP SPT=49956 DPT=25200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12751 DF PROTO=TCP SPT=50614 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12752 DF PROTO=TCP SPT=50614 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:51:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52942 DPT=25100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:51:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12753 DF PROTO=TCP SPT=50614 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=42462 PROTO=TCP SPT=55975 DPT=7610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:46 server83 aibolit_wrapper[15014]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626585065672524.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626585065673322.txt --log=/tmp/malware_cleaner_log_17626585065674062.txt --progress=/tmp/malware_cleaner_progress_17626585065673860.json --csv_result=/tmp/revisium_csvfile_17626585065673934.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:51:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12754 DF PROTO=TCP SPT=50614 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:48 server83 dhclient[14215]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x2de7b5eb) Nov 9 08:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32091 SEQ=1 Nov 9 08:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9631 SEQ=1 Nov 9 08:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34467 SEQ=1 Nov 9 08:51:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=134.209.21.222 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=45413 PROTO=TCP SPT=61004 DPT=8888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:51:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34467 SEQ=1 Nov 9 08:51:52 server83 aibolit_wrapper[15137]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626585123658258.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626585123659406.txt --log=/tmp/malware_cleaner_log_17626585123660548.txt --progress=/tmp/malware_cleaner_progress_17626585123660250.json --csv_result=/tmp/revisium_csvfile_17626585123660366.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:51:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44960 SEQ=1 Nov 9 08:51:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16346 SEQ=1 Nov 9 08:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44960 SEQ=1 Nov 9 08:51:54 server83 pam_imunify_daemon.bin: time="2025-11-09T08:51:54+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 08:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62586 PROTO=TCP SPT=49956 DPT=28103 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:51:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12755 DF PROTO=TCP SPT=50614 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:51:59 server83 NetworkManager[922]: <warn> [1762658519.4415] dhcp4 (eth1): request timed out Nov 9 08:51:59 server83 NetworkManager[922]: <info> [1762658519.4415] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:51:59 server83 NetworkManager[922]: <info> [1762658519.4575] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 14215 Nov 9 08:51:59 server83 NetworkManager[922]: <info> [1762658519.4575] dhcp4 (eth1): state changed timeout -> done Nov 9 08:51:59 server83 NetworkManager[922]: <info> [1762658519.4577] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:51:59 server83 NetworkManager[922]: <warn> [1762658519.4582] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:51:59 server83 NetworkManager[922]: <info> [1762658519.4585] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:52:00 server83 aibolit_wrapper[15427]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626585202103580.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626585202105062.txt --log=/tmp/malware_cleaner_log_17626585202106564.txt --progress=/tmp/malware_cleaner_progress_17626585202106178.json --csv_result=/tmp/revisium_csvfile_17626585202106340.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:52:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21058 PROTO=TCP SPT=57873 DPT=3729 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:52:01 server83 systemd: Started Session 309336 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309334 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309335 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309337 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309338 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309339 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309341 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309340 of user root. Nov 9 08:52:01 server83 systemd: Started Session 309342 of user root. Nov 9 08:52:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15911 SEQ=1 Nov 9 08:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.73.243 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=23635 PROTO=TCP SPT=36450 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59743 SEQ=1 Nov 9 08:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15911 SEQ=1 Nov 9 08:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28075 SEQ=1 Nov 9 08:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54652 SEQ=1 Nov 9 08:52:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.15.164.165 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=59534 PROTO=TCP SPT=42525 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:09 server83 aibolit_wrapper[15695]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626585291532330.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626585291534114.txt --log=/tmp/malware_cleaner_log_17626585291536212.txt --progress=/tmp/malware_cleaner_progress_17626585291535712.json --csv_result=/tmp/revisium_csvfile_17626585291535936.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32231 SEQ=1 Nov 9 08:52:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.37 DST=145.239.177.179 LEN=35 TOS=0x00 PREC=0x00 TTL=45 ID=49495 DF PROTO=UDP SPT=21214 DPT=5060 LEN=15 Nov 9 08:52:15 server83 aibolit_wrapper[15938]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626585359546288.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626585359547128.txt --log=/tmp/malware_cleaner_log_17626585359547970.txt --progress=/tmp/malware_cleaner_progress_17626585359547740.json --csv_result=/tmp/revisium_csvfile_17626585359547842.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45052 SEQ=1 Nov 9 08:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42274 SEQ=1 Nov 9 08:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34724 PROTO=TCP SPT=53540 DPT=7219 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10553 SEQ=1 Nov 9 08:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2586 SEQ=1 Nov 9 08:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42274 SEQ=1 Nov 9 08:52:22 server83 aibolit_wrapper[16102]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626585427861208.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626585427862330.txt --log=/tmp/malware_cleaner_log_17626585427863926.txt --progress=/tmp/malware_cleaner_progress_17626585427863554.json --csv_result=/tmp/revisium_csvfile_17626585427863720.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 08:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36739 SEQ=1 Nov 9 08:52:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41419 SEQ=1 Nov 9 08:52:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:52:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=15667 PROTO=TCP SPT=55975 DPT=7621 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:52:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.209 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53947 DPT=22002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47298 SEQ=1 Nov 9 08:52:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31350 SEQ=1 Nov 9 08:52:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62154 SEQ=1 Nov 9 08:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36673 SEQ=1 Nov 9 08:52:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.221 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=36013 DF PROTO=TCP SPT=38920 DPT=10020 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47298 SEQ=1 Nov 9 08:52:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56147 PROTO=TCP SPT=51717 DPT=4269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33224 SEQ=1 Nov 9 08:52:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.104.93 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=43554 DPT=8091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39568 PROTO=TCP SPT=56698 DPT=8208 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:52:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.159 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=14943 PROTO=TCP SPT=35440 DPT=502 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:52:46 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 08:52:46 server83 systemd: Stopped Status Update Service. Nov 9 08:52:46 server83 systemd: Started Status Update Service. Nov 9 08:52:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6330 SEQ=1 Nov 9 08:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65372 SEQ=1 Nov 9 08:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65372 SEQ=1 Nov 9 08:52:52 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 08:52:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:52:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16780 SEQ=1 Nov 9 08:52:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=52014 PROTO=TCP SPT=58642 DPT=33515 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:52:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55554 DPT=20256 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:52:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:52:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:52:59 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:52:59 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:52:59 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.50 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53253 DPT=1866 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:01 server83 systemd: Started Session 309343 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309345 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309346 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309348 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309347 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309349 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309350 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309351 of user root. Nov 9 08:53:01 server83 systemd: Started Session 309344 of user root. Nov 9 08:53:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3556 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3557 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.244 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52324 DPT=29443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.154.245.47 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=50345 DF PROTO=TCP SPT=50840 DPT=6000 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 08:53:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42188 SEQ=1 Nov 9 08:53:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18581 SEQ=1 Nov 9 08:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18581 SEQ=1 Nov 9 08:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17369 SEQ=1 Nov 9 08:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19977 SEQ=1 Nov 9 08:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16333 PROTO=TCP SPT=45727 DPT=32345 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58316 PROTO=TCP SPT=51638 DPT=4438 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=62950 PROTO=TCP SPT=56256 DPT=8019 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:53:15 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 08:53:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.99.13.19 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59079 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=36.50.56.131 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53753 PROTO=TCP SPT=58583 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=151.243.109.29 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=33110 DPT=123 LEN=200 Nov 9 08:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46362 SEQ=1 Nov 9 08:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50105 SEQ=1 Nov 9 08:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=38.110.42.253 DST=145.239.177.179 LEN=30 TOS=0x00 PREC=0x00 TTL=242 ID=64507 DF PROTO=ICMP TYPE=8 CODE=0 ID=32780 SEQ=259 Nov 9 08:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4398 SEQ=1 Nov 9 08:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50105 SEQ=1 Nov 9 08:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5761 SEQ=1 Nov 9 08:53:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=28057 PROTO=TCP SPT=49120 DPT=3399 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=55659 PROTO=TCP SPT=37383 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=55660 PROTO=TCP SPT=37383 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=7709 PROTO=TCP SPT=41544 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=55661 PROTO=TCP SPT=37383 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=7710 PROTO=TCP SPT=41544 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=7711 PROTO=TCP SPT=41544 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=7713 PROTO=TCP SPT=41544 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55111 SEQ=1 Nov 9 08:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=75 SEQ=1 Nov 9 08:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21187 SEQ=1 Nov 9 08:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18868 SEQ=1 Nov 9 08:53:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6176 SEQ=1 Nov 9 08:53:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3563 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39852 PROTO=TCP SPT=49956 DPT=26865 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:53:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=52043 DPT=9163 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=40506 PROTO=TCP SPT=56850 DPT=7547 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:53:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.144 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=55936 PROTO=TCP SPT=25299 DPT=222 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:53:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12756 DF PROTO=TCP SPT=53569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:53:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12757 DF PROTO=TCP SPT=53569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:53:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:53:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:53:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57007 DPT=1250 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12758 DF PROTO=TCP SPT=53569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:53:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.240.170 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=31603 PROTO=TCP SPT=56499 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:53:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46806 SEQ=1 Nov 9 08:53:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12759 DF PROTO=TCP SPT=53569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:53:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36763 SEQ=1 Nov 9 08:53:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59103 SEQ=1 Nov 9 08:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9638 SEQ=1 Nov 9 08:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45928 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:54:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12760 DF PROTO=TCP SPT=53569 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:54:01 server83 systemd: Started Session 309353 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309352 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309354 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309355 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309356 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309357 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309358 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309359 of user root. Nov 9 08:54:01 server83 systemd: Started Session 309360 of user root. Nov 9 08:54:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47262 SEQ=1 Nov 9 08:54:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58704 SEQ=1 Nov 9 08:54:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=49 DF PROTO=ICMP TYPE=8 CODE=0 ID=16028 SEQ=15047 Nov 9 08:54:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5105 SEQ=1 Nov 9 08:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21569 SEQ=1 Nov 9 08:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22302 SEQ=1 Nov 9 08:54:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10662 PROTO=TCP SPT=45483 DPT=5955 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:54:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16262 PROTO=TCP SPT=55665 DPT=23338 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:54:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30052 PROTO=TCP SPT=45727 DPT=31121 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:54:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:54:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.157 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=16653 PROTO=TCP SPT=13240 DPT=8338 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:54:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.149 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1500 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 08:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52295 SEQ=1 Nov 9 08:54:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.150.103.88 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=54618 DPT=6010 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19642 SEQ=1 Nov 9 08:54:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2465 SEQ=1 Nov 9 08:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=63789 DF PROTO=ICMP TYPE=8 CODE=0 ID=21055 SEQ=2512 Nov 9 08:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29201 SEQ=1 Nov 9 08:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=116.202.106.0 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=57998 DF PROTO=ICMP TYPE=8 CODE=0 ID=40706 SEQ=41918 Nov 9 08:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21967 SEQ=1 Nov 9 08:54:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.106 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=9116 DF PROTO=ICMP TYPE=8 CODE=0 ID=35424 SEQ=45902 Nov 9 08:54:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39433 PROTO=TCP SPT=57873 DPT=7554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:54:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63039 PROTO=TCP SPT=61000 DPT=29485 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8305 SEQ=1 Nov 9 08:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47831 SEQ=1 Nov 9 08:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58191 SEQ=1 Nov 9 08:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12363 SEQ=1 Nov 9 08:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20163 SEQ=1 Nov 9 08:54:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47974 PROTO=TCP SPT=49956 DPT=26476 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:54:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58191 SEQ=1 Nov 9 08:54:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33265 PROTO=TCP SPT=41089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:54:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33266 PROTO=TCP SPT=41089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30151 PROTO=TCP SPT=37324 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33267 PROTO=TCP SPT=41089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6797 PROTO=TCP SPT=54739 DPT=2562 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:54:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30152 PROTO=TCP SPT=37324 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30153 PROTO=TCP SPT=37324 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30155 PROTO=TCP SPT=37324 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:54:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27853 SEQ=1 Nov 9 08:54:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29728 SEQ=1 Nov 9 08:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16767 SEQ=1 Nov 9 08:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62021 SEQ=1 Nov 9 08:54:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24375 PROTO=TCP SPT=46647 DPT=5953 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32561 SEQ=1 Nov 9 08:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38891 SEQ=1 Nov 9 08:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38891 SEQ=1 Nov 9 08:54:54 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 08:54:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.120.244 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=45666 DPT=981 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:55:01 server83 systemd: Started Session 309361 of user root. Nov 9 08:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:55:01 server83 systemd: Started Session 309362 of user root. Nov 9 08:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:55:01 server83 systemd: Started Session 309363 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309365 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309364 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309366 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309367 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309368 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309369 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309371 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309370 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309372 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309373 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309374 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309375 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309376 of user root. Nov 9 08:55:01 server83 systemd: Started Session 309377 of user root. Nov 9 08:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62350 SEQ=1 Nov 9 08:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54974 SEQ=1 Nov 9 08:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17235 SEQ=1 Nov 9 08:55:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1884 PROTO=TCP SPT=57873 DPT=25032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17235 SEQ=1 Nov 9 08:55:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.195.97 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=2532 PROTO=TCP SPT=36705 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:55:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:55:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38825 SEQ=1 Nov 9 08:55:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:55:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14340 PROTO=TCP SPT=47877 DPT=4046 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:55:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:55:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54700 PROTO=TCP SPT=50610 DPT=5685 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:55:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8239 SEQ=1 Nov 9 08:55:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8239 SEQ=1 Nov 9 08:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10448 SEQ=1 Nov 9 08:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50308 SEQ=1 Nov 9 08:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44785 SEQ=1 Nov 9 08:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15298 SEQ=1 Nov 9 08:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39261 SEQ=1 Nov 9 08:55:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45608 PROTO=TCP SPT=43448 DPT=2741 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42348 SEQ=1 Nov 9 08:55:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46995 SEQ=1 Nov 9 08:55:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9554 SEQ=1 Nov 9 08:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29890 SEQ=1 Nov 9 08:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34983 SEQ=1 Nov 9 08:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50970 SEQ=1 Nov 9 08:55:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33523 PROTO=TCP SPT=49717 DPT=4751 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:55:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39409 PROTO=TCP SPT=45727 DPT=30995 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:55:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3159 SEQ=1 Nov 9 08:55:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22849 PROTO=TCP SPT=49956 DPT=25153 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:55:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11444 SEQ=1 Nov 9 08:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44017 SEQ=1 Nov 9 08:55:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.245.112.205 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x20 TTL=42 ID=46099 DF PROTO=TCP SPT=47698 DPT=8545 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22480 SEQ=1 Nov 9 08:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31119 SEQ=1 Nov 9 08:55:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.245.112.205 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x20 TTL=42 ID=46100 DF PROTO=TCP SPT=47698 DPT=8545 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31119 SEQ=1 Nov 9 08:55:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.197 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50456 DPT=9008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:55:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39716 PROTO=TCP SPT=57873 DPT=3729 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:56:01 server83 systemd: Started Session 309378 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309379 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309381 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309380 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309382 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309384 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309385 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309383 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309386 of user root. Nov 9 08:56:01 server83 systemd: Started Session 309387 of user root. Nov 9 08:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25552 SEQ=1 Nov 9 08:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4818 SEQ=1 Nov 9 08:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40508 SEQ=1 Nov 9 08:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53809 SEQ=1 Nov 9 08:56:04 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 08:56:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5906 PROTO=TCP SPT=47689 DPT=8003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53016 SEQ=1 Nov 9 08:56:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:56:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=124 ID=46141 PROTO=TCP SPT=45117 DPT=13246 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:56:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=124 ID=46141 PROTO=TCP SPT=45117 DPT=13246 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:56:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=124 ID=46141 PROTO=TCP SPT=45117 DPT=13246 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:56:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58278 PROTO=TCP SPT=45727 DPT=32790 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43371 SEQ=1 Nov 9 08:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=156 SEQ=1 Nov 9 08:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60443 SEQ=1 Nov 9 08:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48837 SEQ=1 Nov 9 08:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3562 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30011 PROTO=TCP SPT=49956 DPT=29717 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45474 SEQ=1 Nov 9 08:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48400 SEQ=1 Nov 9 08:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13823 SEQ=1 Nov 9 08:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=31771 PROTO=TCP SPT=58775 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=56060 PROTO=TCP SPT=58775 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=56576 PROTO=TCP SPT=58775 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54682 PROTO=TCP SPT=45727 DPT=31034 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26321 PROTO=TCP SPT=46370 DPT=1278 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14058 PROTO=TCP SPT=35926 DPT=4735 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6404 SEQ=1 Nov 9 08:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28248 SEQ=1 Nov 9 08:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14641 SEQ=1 Nov 9 08:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7999 SEQ=1 Nov 9 08:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43609 SEQ=1 Nov 9 08:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29104 SEQ=1 Nov 9 08:56:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:56:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:56:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:56:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:56:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 08:56:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2915 SEQ=1 Nov 9 08:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15835 SEQ=1 Nov 9 08:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47054 SEQ=1 Nov 9 08:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37803 SEQ=1 Nov 9 08:56:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.225 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=25737 DF PROTO=TCP SPT=54398 DPT=5040 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 08:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55547 SEQ=1 Nov 9 08:56:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=40462 PROTO=TCP SPT=56765 DPT=8323 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:56:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.114.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=65372 PROTO=TCP SPT=58509 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:56:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6450 PROTO=TCP SPT=57873 DPT=7554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4911] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4914] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4915] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4917] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4926] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4928] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:56:59 server83 NetworkManager[922]: <info> [1762658819.4936] dhcp4 (eth1): dhclient started with pid 22743 Nov 9 08:56:59 server83 dhclient[22743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x223a8363) Nov 9 08:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:57:01 server83 systemd: Started Session 309390 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309392 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309388 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309391 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309393 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309394 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309395 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309389 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309397 of user root. Nov 9 08:57:01 server83 systemd: Started Session 309396 of user root. Nov 9 08:57:01 server83 scripts.sh: Sun Nov 9 08:57:01 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 08:57:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61815 SEQ=1 Nov 9 08:57:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56545 SEQ=1 Nov 9 08:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32717 SEQ=1 Nov 9 08:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34904 SEQ=1 Nov 9 08:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47405 SEQ=1 Nov 9 08:57:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33101 PROTO=TCP SPT=46370 DPT=2633 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:57:04 server83 dhclient[22743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x223a8363) Nov 9 08:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23974 SEQ=1 Nov 9 08:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29329 SEQ=1 Nov 9 08:57:15 server83 dhclient[22743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x223a8363) Nov 9 08:57:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.75 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55136 DPT=9241 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18463 SEQ=1 Nov 9 08:57:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:57:21 server83 pam_imunify_daemon.bin: time="2025-11-09T08:57:21+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 08:57:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.161 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=109 ID=32148 DF PROTO=ICMP TYPE=8 CODE=0 ID=61443 SEQ=23751 Nov 9 08:57:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30975 SEQ=1 Nov 9 08:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18463 SEQ=1 Nov 9 08:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.188.182.154 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=46 ID=55253 DF PROTO=ICMP TYPE=8 CODE=0 ID=53494 SEQ=3268 Nov 9 08:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63365 SEQ=1 Nov 9 08:57:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34717 PROTO=TCP SPT=44362 DPT=6941 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:57:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.148.190.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=2854 PROTO=TCP SPT=45719 DPT=30689 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:57:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15665 PROTO=TCP SPT=47622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15666 PROTO=TCP SPT=47622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9980 SEQ=1 Nov 9 08:57:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33848 SEQ=1 Nov 9 08:57:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22264 PROTO=TCP SPT=34777 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15667 PROTO=TCP SPT=47622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51744 SEQ=1 Nov 9 08:57:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1993 SEQ=1 Nov 9 08:57:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22265 PROTO=TCP SPT=34777 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:34 server83 dhclient[22743]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x223a8363) Nov 9 08:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22266 PROTO=TCP SPT=34777 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15669 PROTO=TCP SPT=47622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22267 PROTO=TCP SPT=34777 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28574 PROTO=TCP SPT=55665 DPT=38268 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:57:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22268 PROTO=TCP SPT=34777 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 08:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6956 SEQ=1 Nov 9 08:57:44 server83 NetworkManager[922]: <warn> [1762658864.4378] dhcp4 (eth1): request timed out Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4379] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4538] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22743 Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4538] dhcp4 (eth1): state changed timeout -> done Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4541] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:57:44 server83 NetworkManager[922]: <warn> [1762658864.4546] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4549] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4583] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4588] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4589] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4593] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4604] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4607] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:57:44 server83 NetworkManager[922]: <info> [1762658864.4622] dhcp4 (eth1): dhclient started with pid 24014 Nov 9 08:57:44 server83 dhclient[24014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0xb08c780) Nov 9 08:57:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:57:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21115 SEQ=1 Nov 9 08:57:48 server83 dhclient[24014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0xb08c780) Nov 9 08:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30874 SEQ=1 Nov 9 08:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22193 SEQ=1 Nov 9 08:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28794 SEQ=1 Nov 9 08:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27845 SEQ=1 Nov 9 08:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27433 SEQ=1 Nov 9 08:57:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22193 SEQ=1 Nov 9 08:57:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=35699 PROTO=TCP SPT=52995 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:57:54 server83 dhclient[24014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0xb08c780) Nov 9 08:57:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:57:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:57:58 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 08:57:58 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 08:57:58 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 08:57:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.203.255.20 DST=145.239.177.179 LEN=43 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=UDP SPT=37719 DPT=11211 LEN=23 Nov 9 08:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3553 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:58:01 server83 systemd: Started Session 309398 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309400 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309402 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309401 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309399 of user root. Nov 9 08:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 08:58:01 server83 systemd: Started Session 309404 of user metalarts. Nov 9 08:58:01 server83 systemd: Started Session 309406 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309407 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309405 of user root. Nov 9 08:58:01 server83 systemd: Started Session 309403 of user root. Nov 9 08:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 08:58:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:58:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 08:58:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3561 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:58:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6807 SEQ=1 Nov 9 08:58:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20194 SEQ=1 Nov 9 08:58:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45962 SEQ=1 Nov 9 08:58:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57779 SEQ=1 Nov 9 08:58:08 server83 dhclient[24014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0xb08c780) Nov 9 08:58:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27633 PROTO=TCP SPT=57873 DPT=5985 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:58:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16273 PROTO=TCP SPT=50515 DPT=8237 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:58:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12362 SEQ=1 Nov 9 08:58:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62858 SEQ=1 Nov 9 08:58:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57902 SEQ=1 Nov 9 08:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 08:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 08:58:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18270 SEQ=1 Nov 9 08:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=63867 DF PROTO=ICMP TYPE=8 CODE=0 ID=42879 SEQ=27417 Nov 9 08:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33657 SEQ=1 Nov 9 08:58:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=30856 PROTO=TCP SPT=57385 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:58:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.235 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55026 DPT=48022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:58:26 server83 imunify-auditd-log-reader[9638]: error messages suppressed: 4 Nov 9 08:58:26 server83 imunify-auditd-log-reader[9638]: failed to send events: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 08:58:28 server83 dhclient[24014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0xb08c780) Nov 9 08:58:29 server83 NetworkManager[922]: <warn> [1762658909.4473] dhcp4 (eth1): request timed out Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4473] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4633] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24014 Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4633] dhcp4 (eth1): state changed timeout -> done Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4635] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:58:29 server83 NetworkManager[922]: <warn> [1762658909.4639] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4640] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4672] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4675] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4676] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4679] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4689] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4691] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:58:29 server83 NetworkManager[922]: <info> [1762658909.4703] dhcp4 (eth1): dhclient started with pid 25014 Nov 9 08:58:29 server83 dhclient[25014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x213b1532) Nov 9 08:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29481 SEQ=1 Nov 9 08:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13033 SEQ=1 Nov 9 08:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39218 SEQ=1 Nov 9 08:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5978 SEQ=1 Nov 9 08:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.182 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=13370 PROTO=TCP SPT=53927 DPT=8082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=203.55.131.5 DST=145.239.177.179 LEN=52 TOS=0x08 PREC=0x20 TTL=48 ID=54853 PROTO=TCP SPT=48911 DPT=6001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:58:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9262 SEQ=1 Nov 9 08:58:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51403 SEQ=1 Nov 9 08:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30055 PROTO=TCP SPT=56698 DPT=8216 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:58:35 server83 dhclient[25014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x213b1532) Nov 9 08:58:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36677 PROTO=TCP SPT=49956 DPT=29623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:58:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 08:58:44 server83 dhclient[25014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x213b1532) Nov 9 08:58:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:58:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.147 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=31539 PROTO=TCP SPT=25907 DPT=3390 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 08:58:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.202.117.125 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=55518 PROTO=TCP SPT=55950 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:58:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31465 PROTO=TCP SPT=42007 DPT=8596 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56279 SEQ=1 Nov 9 08:58:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60197 SEQ=1 Nov 9 08:58:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19265 SEQ=1 Nov 9 08:58:53 server83 dhclient[25014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x213b1532) Nov 9 08:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1810 SEQ=1 Nov 9 08:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19109 SEQ=1 Nov 9 08:58:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=36.255.98.104 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=29212 PROTO=TCP SPT=45683 DPT=9000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 08:59:01 server83 systemd: Started Session 309408 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309409 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309410 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309411 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309412 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309413 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309414 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309415 of user root. Nov 9 08:59:01 server83 systemd: Started Session 309416 of user root. Nov 9 08:59:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51005 SEQ=1 Nov 9 08:59:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22931 SEQ=1 Nov 9 08:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.202.113.3 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=33790 PROTO=TCP SPT=44663 DPT=2323 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62264 SEQ=1 Nov 9 08:59:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.115 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=45044 PROTO=TCP SPT=59676 DPT=8800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:06 server83 dhclient[25014]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x213b1532) Nov 9 08:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=60031 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35817 SEQ=1 Nov 9 08:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22303 SEQ=1 Nov 9 08:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39322 SEQ=1 Nov 9 08:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64225 SEQ=1 Nov 9 08:59:09 server83 systemd: Started Session c2857 of user root. Nov 9 08:59:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8536 PROTO=TCP SPT=38309 DPT=7389 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:10 server83 scripts.sh: Load Average: 2.17 , 2.47 Nov 9 08:59:10 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 08:59:10 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 08:59:10 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 08:59:10 server83 scripts.sh: HTTPD Status: inactive Nov 9 08:59:10 server83 scripts.sh: MySQL Status: active Nov 9 08:59:10 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 08:59:10 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 08:59:10 server83 scripts.sh: SSHD Status: active Nov 9 08:59:10 server83 scripts.sh: FTP Status: active Nov 9 08:59:10 server83 scripts.sh: LiteSpeed Status: Active Nov 9 08:59:10 server83 scripts.sh: Imunify Status: Active Nov 9 08:59:10 server83 scripts.sh: cPanel Status: active Nov 9 08:59:10 server83 scripts.sh: Memory Status: 11/31 GB - 37.30% Nov 9 08:59:10 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 08:59:10 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 08:59:10 server83 scripts.sh: Local Version: 4.4.5 Nov 9 08:59:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12761 DF PROTO=TCP SPT=59666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:59:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38697 PROTO=TCP SPT=55867 DPT=4925 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12762 DF PROTO=TCP SPT=59666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:59:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3560 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:59:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12763 DF PROTO=TCP SPT=59666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:59:14 server83 NetworkManager[922]: <warn> [1762658954.4422] dhcp4 (eth1): request timed out Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4422] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25014 Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:59:14 server83 NetworkManager[922]: <warn> [1762658954.4589] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:59:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.148.147.222 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37581 DPT=84 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4626] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4630] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4631] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4636] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4646] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4649] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 08:59:14 server83 NetworkManager[922]: <info> [1762658954.4661] dhcp4 (eth1): dhclient started with pid 26072 Nov 9 08:59:14 server83 dhclient[26072]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x37d737bb) Nov 9 08:59:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12764 DF PROTO=TCP SPT=59666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:59:18 server83 dhclient[26072]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x37d737bb) Nov 9 08:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64978 SEQ=1 Nov 9 08:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14469 SEQ=1 Nov 9 08:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57214 SEQ=1 Nov 9 08:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22228 SEQ=1 Nov 9 08:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22228 SEQ=1 Nov 9 08:59:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12765 DF PROTO=TCP SPT=59666 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 08:59:27 server83 dhclient[26072]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x37d737bb) Nov 9 08:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=14933 DF PROTO=ICMP TYPE=8 CODE=0 ID=49516 SEQ=10516 Nov 9 08:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23053 SEQ=1 Nov 9 08:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29068 SEQ=1 Nov 9 08:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20857 SEQ=1 Nov 9 08:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6169 SEQ=1 Nov 9 08:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15659 SEQ=1 Nov 9 08:59:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3559 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:59:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39371 PROTO=TCP SPT=34718 DPT=5920 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 08:59:47 server83 dhclient[26072]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x37d737bb) Nov 9 08:59:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40633 PROTO=TCP SPT=57873 DPT=5985 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 08:59:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.48 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=57271 DF PROTO=ICMP TYPE=8 CODE=0 ID=63589 SEQ=52794 Nov 9 08:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60206 SEQ=1 Nov 9 08:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48598 SEQ=1 Nov 9 08:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13139 SEQ=1 Nov 9 08:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54530 SEQ=1 Nov 9 08:59:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.233 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56562 DPT=47382 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 08:59:59 server83 NetworkManager[922]: <warn> [1762658999.4503] dhcp4 (eth1): request timed out Nov 9 08:59:59 server83 NetworkManager[922]: <info> [1762658999.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 08:59:59 server83 NetworkManager[922]: <info> [1762658999.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26072 Nov 9 08:59:59 server83 NetworkManager[922]: <info> [1762658999.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 08:59:59 server83 NetworkManager[922]: <info> [1762658999.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 08:59:59 server83 NetworkManager[922]: <warn> [1762658999.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 08:59:59 server83 NetworkManager[922]: <info> [1762658999.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 08:59:59 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.129.81.228 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=50 ID=10371 DF PROTO=ICMP TYPE=8 CODE=0 ID=50389 SEQ=48949 Nov 9 08:59:59 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.77.211.137 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=50 ID=29608 DF PROTO=ICMP TYPE=8 CODE=0 ID=8489 SEQ=29390 Nov 9 09:00:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64248 SEQ=1 Nov 9 09:00:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43970 PROTO=TCP SPT=35996 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4704 SEQ=1 Nov 9 09:00:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27193 SEQ=1 Nov 9 09:00:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43971 PROTO=TCP SPT=35996 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:01 server83 systemd: Started Session 309417 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309418 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309419 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309421 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309422 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309423 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309424 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309425 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309420 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309426 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309427 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309429 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309430 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309431 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309428 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309432 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309433 of user root. Nov 9 09:00:01 server83 systemd: Created slice User Slice of mailman. Nov 9 09:00:01 server83 systemd: Started Session 309434 of user mailman. Nov 9 09:00:01 server83 systemd: Started Session 309435 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309436 of user root. Nov 9 09:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 09:00:01 server83 systemd: Started Session 309437 of user sanatanhinduvahi. Nov 9 09:00:01 server83 systemd: Started Session 309438 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309439 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309440 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309442 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309443 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309444 of user root. Nov 9 09:00:01 server83 systemd: Started Session 309441 of user root. Nov 9 09:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:00:01 server83 systemd: Removed slice User Slice of mailman. Nov 9 09:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 09:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15420 PROTO=TCP SPT=39149 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43972 PROTO=TCP SPT=35996 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12035 SEQ=1 Nov 9 09:00:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15421 PROTO=TCP SPT=39149 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43973 PROTO=TCP SPT=35996 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:03 server83 imunify-auditd-log-reader[9638]: lost 15 message sequences Nov 9 09:00:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15422 PROTO=TCP SPT=39149 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15423 PROTO=TCP SPT=39149 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:05 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 09:00:05 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 09:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.58.208 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=9901 DF PROTO=ICMP TYPE=8 CODE=0 ID=33128 SEQ=3522 Nov 9 09:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64248 SEQ=1 Nov 9 09:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55021 PROTO=TCP SPT=49956 DPT=29600 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15424 PROTO=TCP SPT=39149 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3558 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:00:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27193 SEQ=1 Nov 9 09:00:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58291 SEQ=1 Nov 9 09:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22779 SEQ=1 Nov 9 09:00:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=7098 PROTO=TCP SPT=55975 DPT=7624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:00:07 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 09:00:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46300 SEQ=1 Nov 9 09:00:09 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 09:00:09 server83 imunify-auditd-log-reader[9638]: lost 19 message sequences Nov 9 09:00:09 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 09:00:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=13341 PROTO=TCP SPT=53789 DPT=18443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:00:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.17 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=41434 PROTO=TCP SPT=26200 DPT=3179 WINDOW=24439 RES=0x00 SYN URGP=0 Nov 9 09:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20066 SEQ=1 Nov 9 09:00:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53218 SEQ=1 Nov 9 09:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38070 SEQ=1 Nov 9 09:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1667 SEQ=1 Nov 9 09:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63112 DF PROTO=TCP SPT=36432 DPT=9200 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=47755 DF PROTO=TCP SPT=44650 DPT=9080 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24960 DF PROTO=TCP SPT=56982 DPT=18092 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38669 DF PROTO=TCP SPT=34602 DPT=27017 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49486 DF PROTO=TCP SPT=53432 DPT=20720 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5909 DF PROTO=TCP SPT=35266 DPT=4443 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5910 DF PROTO=TCP SPT=35266 DPT=4443 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55715 DF PROTO=TCP SPT=55018 DPT=8123 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29002 SEQ=1 Nov 9 09:00:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62232 SEQ=1 Nov 9 09:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27198 DF PROTO=TCP SPT=58532 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55716 DF PROTO=TCP SPT=55018 DPT=8123 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59663 DF PROTO=TCP SPT=41308 DPT=8009 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21473 DF PROTO=TCP SPT=47444 DPT=8500 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54411 DF PROTO=TCP SPT=58414 DPT=8081 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.18 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=50706 DPT=1434 LEN=9 Nov 9 09:00:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13265 DF PROTO=TCP SPT=33470 DPT=8280 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37254 SEQ=1 Nov 9 09:00:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18184 SEQ=1 Nov 9 09:00:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31532 DF PROTO=TCP SPT=52808 DPT=4443 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33452 SEQ=1 Nov 9 09:00:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48929 DF PROTO=TCP SPT=58534 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48930 DF PROTO=TCP SPT=58534 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13121 DF PROTO=TCP SPT=49938 DPT=8001 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40063 DF PROTO=TCP SPT=41190 DPT=5108 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:00:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:00:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.208.158.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40064 DF PROTO=TCP SPT=41190 DPT=5108 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42161 SEQ=1 Nov 9 09:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42161 SEQ=1 Nov 9 09:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53932 SEQ=1 Nov 9 09:00:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.234 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40058 PROTO=TCP SPT=62697 DPT=11644 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32406 SEQ=1 Nov 9 09:00:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52825 SEQ=1 Nov 9 09:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9361 SEQ=1 Nov 9 09:00:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.22.210.94 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=233 ID=37994 PROTO=TCP SPT=61008 DPT=11000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:00:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=11093 PROTO=TCP SPT=37430 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30127 PROTO=TCP SPT=59313 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:00:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30129 PROTO=TCP SPT=59313 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30131 PROTO=TCP SPT=59313 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:01:01 server83 systemd: Started Session 309446 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309445 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309447 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309448 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309449 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309452 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309450 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309451 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309453 of user root. Nov 9 09:01:01 server83 systemd: Started Session 309454 of user root. Nov 9 09:01:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14253 PROTO=TCP SPT=37711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28932 SEQ=1 Nov 9 09:01:02 server83 pam_imunify_daemon.bin: time="2025-11-09T09:01:02+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4841 SEQ=1 Nov 9 09:01:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14255 PROTO=TCP SPT=37711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14256 PROTO=TCP SPT=37711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61614 SEQ=1 Nov 9 09:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30683 SEQ=1 Nov 9 09:01:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12771 DF PROTO=TCP SPT=62305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10418 SEQ=1 Nov 9 09:01:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12772 DF PROTO=TCP SPT=62305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38950 DPT=26000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12773 DF PROTO=TCP SPT=62305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=104 ID=29654 DF PROTO=TCP SPT=59183 DPT=2222 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 09:01:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12774 DF PROTO=TCP SPT=62305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12775 DF PROTO=TCP SPT=62480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=104 ID=29655 DF PROTO=TCP SPT=59183 DPT=2222 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 09:01:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12776 DF PROTO=TCP SPT=62480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12777 DF PROTO=TCP SPT=62480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24772 SEQ=1 Nov 9 09:01:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50087 SEQ=1 Nov 9 09:01:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=104 ID=29656 DF PROTO=TCP SPT=59183 DPT=2222 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 09:01:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12778 DF PROTO=TCP SPT=62480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12779 DF PROTO=TCP SPT=62305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62109 PROTO=TCP SPT=54810 DPT=5825 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50087 SEQ=1 Nov 9 09:01:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.129 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=47377 PROTO=TCP SPT=27848 DPT=4821 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60972 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=38.54.50.50 DST=145.239.177.179 LEN=52 TOS=0x0A PREC=0x40 TTL=108 ID=49578 DF PROTO=TCP SPT=63409 DPT=9999 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 09:01:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12780 DF PROTO=TCP SPT=62480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:01:31 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.203.57.24 DST=51.210.113.204 LEN=28 TOS=0x00 PREC=0x00 TTL=241 ID=35610 PROTO=UDP SPT=45528 DPT=1194 LEN=8 Nov 9 09:01:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22692 SEQ=1 Nov 9 09:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16033 SEQ=1 Nov 9 09:01:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57599 DPT=26000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:01:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=42295 PROTO=TCP SPT=56834 DPT=36489 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20045 SEQ=1 Nov 9 09:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36938 SEQ=1 Nov 9 09:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18845 SEQ=1 Nov 9 09:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=39226 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24392 SEQ=1 Nov 9 09:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18263 SEQ=1 Nov 9 09:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.181 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56961 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60415 PROTO=TCP SPT=45727 DPT=33010 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:01:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44218 PROTO=TCP SPT=61623 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.234 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43138 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:01:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44219 PROTO=TCP SPT=61623 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29174 PROTO=TCP SPT=60361 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29175 PROTO=TCP SPT=60361 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:01:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29177 PROTO=TCP SPT=60361 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31601 SEQ=1 Nov 9 09:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51436 SEQ=1 Nov 9 09:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4271 SEQ=1 Nov 9 09:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4977 SEQ=1 Nov 9 09:01:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.249 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49613 DPT=29100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15815 PROTO=TCP SPT=45727 DPT=31557 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:02:01 server83 systemd: Started Session 309456 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309455 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309458 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309459 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309457 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309460 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309461 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309462 of user root. Nov 9 09:02:01 server83 systemd: Started Session 309463 of user root. Nov 9 09:02:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.125 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51504 DPT=46947 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.127 DST=51.210.113.204 LEN=32 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=23708 DPT=3283 LEN=12 Nov 9 09:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58691 SEQ=1 Nov 9 09:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36790 SEQ=1 Nov 9 09:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58691 SEQ=1 Nov 9 09:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37627 SEQ=1 Nov 9 09:02:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60390 SEQ=1 Nov 9 09:02:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57581 SEQ=1 Nov 9 09:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1612 PROTO=TCP SPT=43739 DPT=2450 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:02:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.136.82 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=59148 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.136.82 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=59132 DPT=3231 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.136.82 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=59148 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=209.38.136.82 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=59132 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.38.136.82 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=59132 DPT=9608 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:17 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:02:17 server83 systemd: Stopped Status Update Service. Nov 9 09:02:17 server83 systemd: Started Status Update Service. Nov 9 09:02:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.29.49.244 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=20933 PROTO=TCP SPT=57603 DPT=1028 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42218 PROTO=TCP SPT=60359 DPT=8062 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28857 SEQ=1 Nov 9 09:02:22 server83 pam_imunify_daemon.bin: time="2025-11-09T09:02:22+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:02:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=48284 DF PROTO=TCP SPT=27087 DPT=9770 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:02:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28857 SEQ=1 Nov 9 09:02:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4762 SEQ=1 Nov 9 09:02:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:02:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.91 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=18811 PROTO=TCP SPT=60581 DPT=3000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:02:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13969 SEQ=1 Nov 9 09:02:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4366 SEQ=1 Nov 9 09:02:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54979 SEQ=1 Nov 9 09:02:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30508 SEQ=1 Nov 9 09:02:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.252 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52488 DPT=4091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23063 PROTO=TCP SPT=45727 DPT=31028 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53784 SEQ=1 Nov 9 09:02:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48424 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:02:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:02:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12192 PROTO=TCP SPT=51370 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36821 SEQ=1 Nov 9 09:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62385 SEQ=1 Nov 9 09:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6052 SEQ=1 Nov 9 09:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64026 SEQ=1 Nov 9 09:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2950 SEQ=1 Nov 9 09:03:00 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:03:00 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:03:00 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:03:01 server83 systemd: Started Session 309464 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309466 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309465 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309468 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309469 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309470 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309471 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309472 of user root. Nov 9 09:03:01 server83 systemd: Started Session 309467 of user root. Nov 9 09:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10744 SEQ=1 Nov 9 09:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55755 SEQ=1 Nov 9 09:03:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.19 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=57958 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42214 SEQ=1 Nov 9 09:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47943 SEQ=1 Nov 9 09:03:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=31218 PROTO=TCP SPT=55665 DPT=5060 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4403 SEQ=1 Nov 9 09:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21092 SEQ=1 Nov 9 09:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47943 SEQ=1 Nov 9 09:03:12 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.91 DST=51.210.113.204 LEN=92 TOS=0x00 PREC=0x00 TTL=35 ID=50875 PROTO=UDP SPT=58974 DPT=17184 LEN=72 Nov 9 09:03:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=109.236.61.23 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=10922 DPT=161 LEN=46 Nov 9 09:03:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.148.190.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=42236 PROTO=TCP SPT=45719 DPT=30989 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40792 SEQ=1 Nov 9 09:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39830 SEQ=1 Nov 9 09:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40792 SEQ=1 Nov 9 09:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61203 SEQ=1 Nov 9 09:03:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.92.216 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=48111 DF PROTO=TCP SPT=49135 DPT=9793 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 09:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.92 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=46988 PROTO=TCP SPT=5605 DPT=4242 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55854 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26396 SEQ=1 Nov 9 09:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28218 SEQ=1 Nov 9 09:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60791 SEQ=1 Nov 9 09:03:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.55 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49686 DPT=40000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:03:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3550 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:03:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57127 DPT=8001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:03:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59534 SEQ=1 Nov 9 09:03:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29933 SEQ=1 Nov 9 09:03:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.134 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1526 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:03:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41288 SEQ=1 Nov 9 09:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46364 SEQ=1 Nov 9 09:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2296 SEQ=1 Nov 9 09:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30822 SEQ=1 Nov 9 09:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61237 SEQ=1 Nov 9 09:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.128.236.139 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=50097 DF PROTO=TCP SPT=52160 DPT=888 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 09:03:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:03:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:03:59 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:04:01 server83 systemd: Started Session 309474 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309473 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309475 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309476 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309477 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309478 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309479 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309480 of user root. Nov 9 09:04:01 server83 systemd: Started Session 309481 of user root. Nov 9 09:04:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38683 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:04:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58638 SEQ=1 Nov 9 09:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25976 SEQ=1 Nov 9 09:04:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3549 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:03 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 09:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.253 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52626 DPT=10250 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:04:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7330 SEQ=1 Nov 9 09:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61534 PROTO=TCP SPT=49956 DPT=27910 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58638 SEQ=1 Nov 9 09:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.245.77.56 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37680 DF PROTO=TCP SPT=58360 DPT=7200 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.245.77.56 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53767 DF PROTO=TCP SPT=35212 DPT=2212 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:04:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.245.77.56 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63691 DF PROTO=TCP SPT=52222 DPT=2023 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:04:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.63 DST=145.239.177.179 LEN=74 TOS=0x00 PREC=0x00 TTL=45 ID=44297 DF PROTO=UDP SPT=30986 DPT=5353 LEN=54 Nov 9 09:04:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.245.77.56 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16252 DF PROTO=TCP SPT=40644 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.41 DST=145.239.177.179 LEN=63 TOS=0x00 PREC=0x00 TTL=112 ID=53703 DF PROTO=ICMP TYPE=8 CODE=0 ID=16753 SEQ=64520 Nov 9 09:04:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.245.77.56 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53769 DF PROTO=TCP SPT=35212 DPT=2212 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:04:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3556 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3557 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=15982 PROTO=TCP SPT=45198 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:04:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.212.41 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3688 DF PROTO=TCP SPT=44262 DPT=4800 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:04:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45615 SEQ=1 Nov 9 09:04:25 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:04:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.30 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=20626 PROTO=TCP SPT=56690 DPT=8015 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:04:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.68 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=1972 PROTO=TCP SPT=15685 DPT=22037 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:04:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3548 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23537 SEQ=1 Nov 9 09:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63163 SEQ=1 Nov 9 09:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9380 SEQ=1 Nov 9 09:04:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9324 SEQ=1 Nov 9 09:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23230 SEQ=1 Nov 9 09:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30504 PROTO=TCP SPT=46370 DPT=1916 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.152 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=48424 PROTO=TCP SPT=8517 DPT=4433 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:04:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.95 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=35551 PROTO=TCP SPT=11349 DPT=7443 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9324 SEQ=1 Nov 9 09:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9380 SEQ=1 Nov 9 09:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37812 SEQ=1 Nov 9 09:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56602 SEQ=1 Nov 9 09:04:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49784 PROTO=TCP SPT=60542 DPT=4256 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:04:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:04:49 server83 pam_imunify_daemon.bin: time="2025-11-09T09:04:49+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 09:04:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36990 PROTO=TCP SPT=51370 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:04:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.253 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52213 DF PROTO=TCP SPT=64542 DPT=8315 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4604] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4608] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4609] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4613] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4623] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4625] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:04:59 server83 NetworkManager[922]: <info> [1762659299.4637] dhcp4 (eth1): dhclient started with pid 32683 Nov 9 09:04:59 server83 dhclient[32683]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2b3acde6) Nov 9 09:05:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:05:01 server83 systemd: Started Session 309482 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309483 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309484 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309489 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309485 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309486 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309488 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309487 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309492 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309493 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309490 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309491 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309495 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309496 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309497 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309494 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309498 of user root. Nov 9 09:05:01 server83 systemd: Started Session 309499 of user root. Nov 9 09:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47468 SEQ=1 Nov 9 09:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=29071 DF PROTO=ICMP TYPE=8 CODE=0 ID=55552 SEQ=10604 Nov 9 09:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47468 SEQ=1 Nov 9 09:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46653 SEQ=1 Nov 9 09:05:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57689 SEQ=1 Nov 9 09:05:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.153 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51286 DPT=8820 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:05:07 server83 dhclient[32683]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x2b3acde6) Nov 9 09:05:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:05:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.148 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=51780 PROTO=TCP SPT=35985 DPT=9600 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:05:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21322 SEQ=1 Nov 9 09:05:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:05:15 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:05:17 server83 dhclient[32683]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2b3acde6) Nov 9 09:05:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=593 SEQ=1 Nov 9 09:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11367 SEQ=1 Nov 9 09:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58111 SEQ=1 Nov 9 09:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26166 SEQ=1 Nov 9 09:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=593 SEQ=1 Nov 9 09:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9860 SEQ=1 Nov 9 09:05:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.194.251.17 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4083 DF PROTO=TCP SPT=47300 DPT=16368 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:05:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.191 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=35643 PROTO=TCP SPT=53789 DPT=23443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:05:25 server83 dhclient[32683]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x2b3acde6) Nov 9 09:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12781 DF PROTO=TCP SPT=51002 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3465 PROTO=TCP SPT=56698 DPT=8217 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:05:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12782 DF PROTO=TCP SPT=51002 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:05:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.191.209.74 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21593 PROTO=TCP SPT=40469 DPT=36500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:05:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12783 DF PROTO=TCP SPT=51002 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12784 DF PROTO=TCP SPT=51114 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12785 DF PROTO=TCP SPT=51114 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.50.16.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=54574 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:05:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12786 DF PROTO=TCP SPT=51114 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31157 SEQ=1 Nov 9 09:05:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12787 DF PROTO=TCP SPT=51002 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19292 SEQ=1 Nov 9 09:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51699 SEQ=1 Nov 9 09:05:37 server83 dhclient[32683]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x2b3acde6) Nov 9 09:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53287 SEQ=1 Nov 9 09:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19292 SEQ=1 Nov 9 09:05:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12788 DF PROTO=TCP SPT=51114 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:44 server83 NetworkManager[922]: <warn> [1762659344.4513] dhcp4 (eth1): request timed out Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4674] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32683 Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4677] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:05:44 server83 NetworkManager[922]: <warn> [1762659344.4682] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4684] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4720] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4724] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4726] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4730] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4741] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4744] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:05:44 server83 NetworkManager[922]: <info> [1762659344.4758] dhcp4 (eth1): dhclient started with pid 5723 Nov 9 09:05:44 server83 dhclient[5723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x385dcc0d) Nov 9 09:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12789 DF PROTO=TCP SPT=51002 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12790 DF PROTO=TCP SPT=51114 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:05:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.132.41 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=51237 DPT=8899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:05:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.33 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53705 DPT=9296 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:05:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.65.98.214 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=42527 DPT=210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:05:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3006 SEQ=1 Nov 9 09:05:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54336 PROTO=TCP SPT=41554 DPT=7044 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:05:51 server83 dhclient[5723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x385dcc0d) Nov 9 09:05:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.173.211 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4791 DF PROTO=TCP SPT=37275 DPT=1346 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25789 SEQ=1 Nov 9 09:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=758 SEQ=1 Nov 9 09:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3006 SEQ=1 Nov 9 09:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43926 SEQ=1 Nov 9 09:05:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28431 PROTO=TCP SPT=49956 DPT=28554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:06:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:06:00 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 09:06:01 server83 systemd: Started Session 309500 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309501 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309502 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309504 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309503 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309505 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309506 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309507 of user root. Nov 9 09:06:01 server83 systemd: Started Session 309508 of user root. Nov 9 09:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=17085 DF PROTO=ICMP TYPE=8 CODE=0 ID=44145 SEQ=28541 Nov 9 09:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60802 SEQ=1 Nov 9 09:06:03 server83 dhclient[5723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x385dcc0d) Nov 9 09:06:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=120.233.128.103 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=31 ID=25841 PROTO=TCP SPT=56311 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=120.233.128.103 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=31 ID=25841 PROTO=TCP SPT=56311 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.20.144.241 DST=51.210.113.204 LEN=76 TOS=0x00 PREC=0x00 TTL=237 ID=25906 DF PROTO=ICMP TYPE=8 CODE=0 ID=48199 SEQ=1 Nov 9 09:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6674 SEQ=1 Nov 9 09:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60802 SEQ=1 Nov 9 09:06:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28794 SEQ=1 Nov 9 09:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12999 SEQ=1 Nov 9 09:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49405 SEQ=1 Nov 9 09:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7394 SEQ=1 Nov 9 09:06:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:06:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.84 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55403 DPT=47090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.68 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=45 ID=43821 DF PROTO=UDP SPT=15417 DPT=11211 LEN=22 Nov 9 09:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58625 SEQ=1 Nov 9 09:06:23 server83 dhclient[5723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x385dcc0d) Nov 9 09:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58625 SEQ=1 Nov 9 09:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36523 SEQ=1 Nov 9 09:06:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.174.244.189 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=41836 PROTO=TCP SPT=48851 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:29 server83 NetworkManager[922]: <warn> [1762659389.4514] dhcp4 (eth1): request timed out Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5723 Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4594] dhcp4 (eth1): state changed timeout -> done Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4596] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:06:29 server83 NetworkManager[922]: <warn> [1762659389.4602] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4605] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4635] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4638] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4638] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4641] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4650] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4652] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:06:29 server83 NetworkManager[922]: <info> [1762659389.4665] dhcp4 (eth1): dhclient started with pid 11117 Nov 9 09:06:29 server83 dhclient[11117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x17cb8324) Nov 9 09:06:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43621 PROTO=TCP SPT=60808 DPT=9111 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:32 server83 scripts.sh: Sun Nov 9 09:06:32 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 09:06:32 server83 dhclient[11117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x17cb8324) Nov 9 09:06:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53422 SEQ=1 Nov 9 09:06:36 server83 dhclient[11117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x17cb8324) Nov 9 09:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33592 SEQ=1 Nov 9 09:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15278 SEQ=1 Nov 9 09:06:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.177.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53739 DPT=8899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53422 SEQ=1 Nov 9 09:06:44 server83 dhclient[11117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x17cb8324) Nov 9 09:06:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2261 SEQ=1 Nov 9 09:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63090 SEQ=1 Nov 9 09:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64525 SEQ=1 Nov 9 09:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36298 SEQ=1 Nov 9 09:06:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43923 PROTO=TCP SPT=38283 DPT=5970 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.117.57.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56366 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:06:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43332 SEQ=1 Nov 9 09:06:50 server83 pam_imunify_daemon.bin: time="2025-11-09T09:06:50+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 09:06:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:06:52 server83 dhclient[11117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x17cb8324) Nov 9 09:06:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5328 PROTO=TCP SPT=49956 DPT=27267 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:06:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.139 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=116 ID=51632 PROTO=TCP SPT=19291 DPT=1883 WINDOW=12749 RES=0x00 SYN URGP=0 Nov 9 09:07:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38062 PROTO=TCP SPT=37393 DPT=9659 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:07:01 server83 systemd: Started Session 309509 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309510 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309512 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309511 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309513 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309514 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309517 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309516 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309515 of user root. Nov 9 09:07:01 server83 systemd: Started Session 309518 of user root. Nov 9 09:07:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12108 SEQ=1 Nov 9 09:07:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56096 SEQ=1 Nov 9 09:07:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32972 SEQ=1 Nov 9 09:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46517 SEQ=1 Nov 9 09:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62844 SEQ=1 Nov 9 09:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6976 SEQ=1 Nov 9 09:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43116 SEQ=1 Nov 9 09:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44565 SEQ=1 Nov 9 09:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39036 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6976 SEQ=1 Nov 9 09:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46793 SEQ=1 Nov 9 09:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39037 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.246.20.208 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=49 ID=47685 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=7 Nov 9 09:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56096 SEQ=1 Nov 9 09:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=55498 PROTO=TCP SPT=45720 DPT=5683 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.36 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49264 DPT=4020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:07:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39038 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35428 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:07:11 server83 dhclient[11117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x17cb8324) Nov 9 09:07:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39039 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.148.190.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=13646 PROTO=TCP SPT=45735 DPT=30589 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:07:14 server83 NetworkManager[922]: <warn> [1762659434.4433] dhcp4 (eth1): request timed out Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4433] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11117 Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4594] dhcp4 (eth1): state changed timeout -> done Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4596] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:07:14 server83 NetworkManager[922]: <warn> [1762659434.4602] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4604] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4638] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4642] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4644] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4648] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4658] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4661] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:07:14 server83 NetworkManager[922]: <info> [1762659434.4671] dhcp4 (eth1): dhclient started with pid 16925 Nov 9 09:07:14 server83 dhclient[16925]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x1f54f336) Nov 9 09:07:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:07:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12791 DF PROTO=TCP SPT=53777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12792 DF PROTO=TCP SPT=53777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:19 server83 dhclient[16925]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x1f54f336) Nov 9 09:07:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:07:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12793 DF PROTO=TCP SPT=53777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3428 SEQ=1 Nov 9 09:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39040 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60934 SEQ=1 Nov 9 09:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56908 SEQ=1 Nov 9 09:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52808 SEQ=1 Nov 9 09:07:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:07:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12794 DF PROTO=TCP SPT=53777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12795 DF PROTO=TCP SPT=54009 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12796 DF PROTO=TCP SPT=54009 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12797 DF PROTO=TCP SPT=54009 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:29 server83 dhclient[16925]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x1f54f336) Nov 9 09:07:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12798 DF PROTO=TCP SPT=53777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12799 DF PROTO=TCP SPT=54009 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35441 SEQ=1 Nov 9 09:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23046 SEQ=1 Nov 9 09:07:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39434 PROTO=TCP SPT=56698 DPT=8213 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23046 SEQ=1 Nov 9 09:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64439 SEQ=1 Nov 9 09:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30027 SEQ=1 Nov 9 09:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39041 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5140 SEQ=1 Nov 9 09:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32085 PROTO=TCP SPT=36297 DPT=7299 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54468 DPT=9769 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36577 SEQ=1 Nov 9 09:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64439 SEQ=1 Nov 9 09:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31403 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.204.162.132 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=58805 DF PROTO=TCP SPT=47530 DPT=2323 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 09:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31404 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31405 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31406 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:49 server83 dhclient[16925]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x1f54f336) Nov 9 09:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20474 SEQ=1 Nov 9 09:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53870 SEQ=1 Nov 9 09:07:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.33 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=116 ID=26575 PROTO=UDP SPT=30227 DPT=2152 LEN=20 Nov 9 09:07:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20474 SEQ=1 Nov 9 09:07:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32201 SEQ=1 Nov 9 09:07:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.40.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=48743 PROTO=TCP SPT=61315 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:07:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53870 SEQ=1 Nov 9 09:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.40.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=48744 PROTO=TCP SPT=61315 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31407 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:07:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=15444 PROTO=TCP SPT=51700 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:07:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.40.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=48745 PROTO=TCP SPT=61315 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:07:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:07:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:07:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=15445 PROTO=TCP SPT=51700 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:07:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=15446 PROTO=TCP SPT=51700 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:07:59 server83 NetworkManager[922]: <warn> [1762659479.4484] dhcp4 (eth1): request timed out Nov 9 09:07:59 server83 NetworkManager[922]: <info> [1762659479.4484] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:07:59 server83 NetworkManager[922]: <info> [1762659479.4563] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16925 Nov 9 09:07:59 server83 NetworkManager[922]: <info> [1762659479.4563] dhcp4 (eth1): state changed timeout -> done Nov 9 09:07:59 server83 NetworkManager[922]: <info> [1762659479.4566] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:07:59 server83 NetworkManager[922]: <warn> [1762659479.4570] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:07:59 server83 NetworkManager[922]: <info> [1762659479.4572] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:08:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=15448 PROTO=TCP SPT=51700 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:08:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:08:00 server83 imunify-auditd-log-reader[9638]: lost 55 message sequences Nov 9 09:08:01 server83 systemd: Started Session 309519 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309523 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309521 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309524 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309522 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309520 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309525 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309526 of user root. Nov 9 09:08:01 server83 systemd: Started Session 309527 of user root. Nov 9 09:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14627 SEQ=1 Nov 9 09:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45855 SEQ=1 Nov 9 09:08:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.214 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56783 DPT=8008 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9568 SEQ=1 Nov 9 09:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19215 SEQ=1 Nov 9 09:08:04 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:08:04 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:08:04 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:08:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.129 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=32689 PROTO=TCP SPT=24594 DPT=1521 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:08:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56598 PROTO=TCP SPT=54739 DPT=2436 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9642 SEQ=1 Nov 9 09:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=974 SEQ=1 Nov 9 09:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25416 SEQ=1 Nov 9 09:08:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39042 DF PROTO=TCP SPT=36556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31408 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53100 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18165 SEQ=1 Nov 9 09:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=702 SEQ=1 Nov 9 09:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14967 SEQ=1 Nov 9 09:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5355 SEQ=1 Nov 9 09:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35354 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 09:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 09:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35355 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18156 PROTO=TCP SPT=49614 DPT=4746 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26272 PROTO=TCP SPT=45727 DPT=34574 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51339 SEQ=1 Nov 9 09:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18165 SEQ=1 Nov 9 09:08:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14967 SEQ=1 Nov 9 09:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35356 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1013 PROTO=TCP SPT=49956 DPT=29442 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35357 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.176 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53467 DPT=37441 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35358 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3546 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39975 SEQ=1 Nov 9 09:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47994 SEQ=1 Nov 9 09:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57631 SEQ=1 Nov 9 09:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=47880 DF PROTO=ICMP TYPE=8 CODE=0 ID=30163 SEQ=55438 Nov 9 09:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61667 SEQ=1 Nov 9 09:08:40 server83 systemd: Started Session c2858 of user root. Nov 9 09:08:40 server83 scripts.sh: Load Average: 4.43 , 4.43 Nov 9 09:08:40 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 09:08:40 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 09:08:40 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 09:08:40 server83 scripts.sh: HTTPD Status: inactive Nov 9 09:08:40 server83 scripts.sh: MySQL Status: active Nov 9 09:08:40 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 09:08:40 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 09:08:40 server83 scripts.sh: SSHD Status: active Nov 9 09:08:40 server83 scripts.sh: FTP Status: active Nov 9 09:08:40 server83 scripts.sh: LiteSpeed Status: Active Nov 9 09:08:40 server83 scripts.sh: Imunify Status: Active Nov 9 09:08:40 server83 scripts.sh: cPanel Status: active Nov 9 09:08:40 server83 scripts.sh: Memory Status: 12/31 GB - 41.24% Nov 9 09:08:40 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 09:08:40 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 09:08:40 server83 scripts.sh: Local Version: 4.4.5 Nov 9 09:08:40 server83 scripts.sh: /usr/local/rshmonitor/scripts.sh: line 123: 08: value too great for base (error token is "08") Nov 9 09:08:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.91 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17115 PROTO=TCP SPT=40864 DPT=20256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31409 DF PROTO=TCP SPT=39378 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:08:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47640 SEQ=1 Nov 9 09:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5231 SEQ=1 Nov 9 09:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34959 SEQ=1 Nov 9 09:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26344 SEQ=1 Nov 9 09:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45126 SEQ=1 Nov 9 09:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6145 SEQ=1 Nov 9 09:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35359 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:08:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47924 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:08:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.196 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53230 DPT=21026 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:08:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:08:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.230 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58828 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:09:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50248 DPT=8151 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:09:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46016 SEQ=1 Nov 9 09:09:01 server83 systemd: Started Session 309528 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309529 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309530 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309531 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309532 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309533 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309536 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309534 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309535 of user root. Nov 9 09:09:01 server83 systemd: Started Session 309537 of user root. Nov 9 09:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25605 SEQ=1 Nov 9 09:09:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:09:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49249 SEQ=1 Nov 9 09:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44557 SEQ=1 Nov 9 09:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2543 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49249 SEQ=1 Nov 9 09:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.49 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51321 DPT=30083 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2544 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.148 DST=51.210.113.204 LEN=76 TOS=0x00 PREC=0x00 TTL=35 ID=19460 PROTO=UDP SPT=49922 DPT=123 LEN=56 Nov 9 09:09:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23357 SEQ=1 Nov 9 09:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.193.183 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=16663 PROTO=TCP SPT=37983 DPT=3050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2545 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3553 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2546 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64209 SEQ=1 Nov 9 09:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62281 SEQ=1 Nov 9 09:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7500 SEQ=1 Nov 9 09:09:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.74 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27618 PROTO=TCP SPT=40469 DPT=47500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2547 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31096 SEQ=1 Nov 9 09:09:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44723 SEQ=1 Nov 9 09:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35360 DF PROTO=TCP SPT=46754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29324 SEQ=1 Nov 9 09:09:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17340 SEQ=1 Nov 9 09:09:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3545 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=50626 DF PROTO=ICMP TYPE=8 CODE=0 ID=41799 SEQ=59292 Nov 9 09:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55292 SEQ=1 Nov 9 09:09:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3544 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:09:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.36 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=26090 PROTO=TCP SPT=26200 DPT=9803 WINDOW=46251 RES=0x00 SYN URGP=0 Nov 9 09:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2548 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60061 SEQ=1 Nov 9 09:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47638 SEQ=1 Nov 9 09:09:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:09:41 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:09:41 server83 systemd: Stopped Status Update Service. Nov 9 09:09:41 server83 systemd: Started Status Update Service. Nov 9 09:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6956 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.249.128.189 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=41664 PROTO=TCP SPT=52680 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6957 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6958 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:09:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61383 PROTO=TCP SPT=45727 DPT=34756 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6959 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9987 SEQ=1 Nov 9 09:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42173 SEQ=1 Nov 9 09:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13574 SEQ=1 Nov 9 09:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46995 SEQ=1 Nov 9 09:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17868 SEQ=1 Nov 9 09:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11305 SEQ=1 Nov 9 09:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6960 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50038 SEQ=1 Nov 9 09:10:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11252 SEQ=1 Nov 9 09:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:10:01 server83 systemd: Started Session 309538 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309539 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309543 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309544 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309545 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309540 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309541 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309546 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309542 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309547 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309548 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309550 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309551 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309549 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309552 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309553 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309554 of user root. Nov 9 09:10:01 server83 systemd: Started Session 309555 of user root. Nov 9 09:10:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50897 SEQ=1 Nov 9 09:10:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54477 SEQ=1 Nov 9 09:10:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:10:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6961 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2549 DF PROTO=TCP SPT=43312 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:10:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19008 SEQ=1 Nov 9 09:10:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17620 SEQ=1 Nov 9 09:10:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26231 SEQ=1 Nov 9 09:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19246 SEQ=1 Nov 9 09:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54067 SEQ=1 Nov 9 09:10:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:10:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=936 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=937 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.44 DST=145.239.177.179 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=64763 PROTO=TCP SPT=26200 DPT=24442 WINDOW=17303 RES=0x00 SYN URGP=0 Nov 9 09:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19008 SEQ=1 Nov 9 09:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=938 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=939 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51123 PROTO=TCP SPT=49956 DPT=27350 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54927 SEQ=1 Nov 9 09:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20621 SEQ=1 Nov 9 09:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52439 SEQ=1 Nov 9 09:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54232 SEQ=1 Nov 9 09:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1330 SEQ=1 Nov 9 09:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=940 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.49 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=25880 PROTO=TCP SPT=48533 DPT=9712 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:10:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6962 DF PROTO=TCP SPT=60710 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38390 PROTO=TCP SPT=47079 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38391 PROTO=TCP SPT=47079 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35973 PROTO=TCP SPT=46119 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13028 SEQ=1 Nov 9 09:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38392 PROTO=TCP SPT=47079 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=941 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59804 SEQ=1 Nov 9 09:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52599 SEQ=1 Nov 9 09:10:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35974 PROTO=TCP SPT=46119 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55434 SEQ=1 Nov 9 09:10:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35975 PROTO=TCP SPT=46119 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:10:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35977 PROTO=TCP SPT=46119 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:11:01 server83 systemd: Started Session 309556 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309558 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309559 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309560 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309561 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309557 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309562 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309563 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309564 of user root. Nov 9 09:11:01 server83 systemd: Started Session 309565 of user root. Nov 9 09:11:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.104.195 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=55627 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:11:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:11:05 server83 pam_imunify_daemon.bin: time="2025-11-09T09:11:05+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10181 SEQ=1 Nov 9 09:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43406 SEQ=1 Nov 9 09:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13375 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56152 SEQ=1 Nov 9 09:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1092 SEQ=1 Nov 9 09:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14658 SEQ=1 Nov 9 09:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13376 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13377 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34192 PROTO=TCP SPT=56949 DPT=8502 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:11:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26161 SEQ=1 Nov 9 09:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13378 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42615 SEQ=1 Nov 9 09:11:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26161 SEQ=1 Nov 9 09:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=40287 PROTO=TCP SPT=59444 DPT=47369 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:11:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.255 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=35 ID=30479 PROTO=UDP SPT=29224 DPT=13710 LEN=9 Nov 9 09:11:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25858 SEQ=1 Nov 9 09:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2413 SEQ=1 Nov 9 09:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25858 SEQ=1 Nov 9 09:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13379 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=942 DF PROTO=TCP SPT=59274 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63789 SEQ=1 Nov 9 09:11:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3140 PROTO=TCP SPT=45727 DPT=32711 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:11:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5853 SEQ=1 Nov 9 09:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.109 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53321 DPT=17778 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:11:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64373 SEQ=1 Nov 9 09:11:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19109 SEQ=1 Nov 9 09:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13380 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45779 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45780 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45422 PROTO=TCP SPT=56949 DPT=8509 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:11:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=141.94.245.19 DST=51.210.113.204 LEN=110 TOS=0x00 PREC=0x00 TTL=50 ID=63751 DF PROTO=UDP SPT=64216 DPT=11211 LEN=90 Nov 9 09:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45781 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:11:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:11:48 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51873 SEQ=1 Nov 9 09:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38381 SEQ=1 Nov 9 09:11:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51873 SEQ=1 Nov 9 09:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45782 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45275 SEQ=1 Nov 9 09:11:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4522 SEQ=1 Nov 9 09:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45783 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:11:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3552 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:11:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49819 PROTO=TCP SPT=57873 DPT=20919 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:12:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:12:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:12:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:12:01 server83 systemd: Started Session 309567 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309568 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309569 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309571 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309566 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309570 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309572 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309574 of user root. Nov 9 09:12:01 server83 systemd: Started Session 309573 of user root. Nov 9 09:12:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62223 PROTO=TCP SPT=47979 DPT=5059 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44380 SEQ=1 Nov 9 09:12:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26785 PROTO=TCP SPT=42462 DPT=9081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:12:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62098 SEQ=1 Nov 9 09:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34552 SEQ=1 Nov 9 09:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34552 SEQ=1 Nov 9 09:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12491 SEQ=1 Nov 9 09:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1175 SEQ=1 Nov 9 09:12:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13381 DF PROTO=TCP SPT=44086 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45784 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55250 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14451 SEQ=1 Nov 9 09:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51094 SEQ=1 Nov 9 09:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14451 SEQ=1 Nov 9 09:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43781 SEQ=1 Nov 9 09:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35026 SEQ=1 Nov 9 09:12:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.71 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=7445 PROTO=TCP SPT=41970 DPT=20033 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45915 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6491 SEQ=1 Nov 9 09:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45916 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45917 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45918 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11646 SEQ=1 Nov 9 09:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42582 SEQ=1 Nov 9 09:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42582 SEQ=1 Nov 9 09:12:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17619 SEQ=1 Nov 9 09:12:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36045 SEQ=1 Nov 9 09:12:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61617 PROTO=TCP SPT=57873 DPT=25032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:12:38 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.160 DST=145.239.177.179 LEN=71 TOS=0x00 PREC=0x00 TTL=48 ID=54356 PROTO=UDP SPT=50244 DPT=1604 LEN=51 Nov 9 09:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45919 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45785 DF PROTO=TCP SPT=39574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5321 SEQ=1 Nov 9 09:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31444 SEQ=1 Nov 9 09:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36901 SEQ=1 Nov 9 09:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.123 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=39495 DF PROTO=ICMP TYPE=8 CODE=0 ID=8717 SEQ=40374 Nov 9 09:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=831 SEQ=1 Nov 9 09:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59053 SEQ=1 Nov 9 09:12:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45920 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4694] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4698] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4699] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4703] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4713] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4717] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:12:59 server83 NetworkManager[922]: <info> [1762659779.4729] dhcp4 (eth1): dhclient started with pid 13564 Nov 9 09:12:59 server83 dhclient[13564]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3e5db590) Nov 9 09:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:13:01 server83 systemd: Started Session 309577 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309576 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309575 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309579 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309578 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309580 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309582 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309581 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309583 of user root. Nov 9 09:13:01 server83 systemd: Started Session 309584 of user root. Nov 9 09:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=34038 PROTO=TCP SPT=55665 DPT=42397 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:13:02 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:13:02 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:13:02 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:13:02 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 09:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.87 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55067 DPT=9983 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=60082 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24234 PROTO=TCP SPT=35837 DPT=6577 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30114 SEQ=1 Nov 9 09:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34275 SEQ=1 Nov 9 09:13:07 server83 dhclient[13564]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x3e5db590) Nov 9 09:13:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30114 SEQ=1 Nov 9 09:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4881 SEQ=1 Nov 9 09:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5753 SEQ=1 Nov 9 09:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30510 SEQ=1 Nov 9 09:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=106.254.58.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=10287 PROTO=TCP SPT=4351 DPT=2323 WINDOW=15831 RES=0x00 SYN URGP=0 Nov 9 09:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60301 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:13:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.45 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1526 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60302 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60303 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62753 SEQ=1 Nov 9 09:13:18 server83 dhclient[13564]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x3e5db590) Nov 9 09:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60304 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42227 SEQ=1 Nov 9 09:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49978 SEQ=1 Nov 9 09:13:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62289 SEQ=1 Nov 9 09:13:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:13:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:13:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62753 SEQ=1 Nov 9 09:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48781 SEQ=1 Nov 9 09:13:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=2029 DF PROTO=UDP SPT=27928 DPT=3389 LEN=24 Nov 9 09:13:25 server83 pam_imunify_daemon.bin: time="2025-11-09T09:13:25+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 09:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42781 PROTO=TCP SPT=49956 DPT=26201 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23096 PROTO=TCP SPT=45727 DPT=30007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52778 PROTO=TCP SPT=49956 DPT=26032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45921 DF PROTO=TCP SPT=41422 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60305 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:29 server83 dhclient[13564]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x3e5db590) Nov 9 09:13:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:13:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44525 PROTO=TCP SPT=54739 DPT=2611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55187 SEQ=1 Nov 9 09:13:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15542 SEQ=1 Nov 9 09:13:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25793 PROTO=TCP SPT=57543 DPT=7073 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:13:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3543 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52702 SEQ=1 Nov 9 09:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2068 SEQ=1 Nov 9 09:13:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29689 SEQ=1 Nov 9 09:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2160 SEQ=1 Nov 9 09:13:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=29118 PROTO=TCP SPT=56834 DPT=28850 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:13:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54816 PROTO=TCP SPT=34140 DPT=4847 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:13:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16442 PROTO=TCP SPT=47030 DPT=4013 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60306 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.84.83.221 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=17985 DF PROTO=TCP SPT=50013 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 09:13:44 server83 NetworkManager[922]: <warn> [1762659824.4383] dhcp4 (eth1): request timed out Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4543] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13564 Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4543] dhcp4 (eth1): state changed timeout -> done Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4546] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:13:44 server83 NetworkManager[922]: <warn> [1762659824.4551] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4553] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4585] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4589] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4590] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4593] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4603] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4605] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:13:44 server83 NetworkManager[922]: <info> [1762659824.4615] dhcp4 (eth1): dhclient started with pid 15450 Nov 9 09:13:44 server83 dhclient[15450]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x29a88ed8) Nov 9 09:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6095 DF PROTO=TCP SPT=39342 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.231 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=17943 PROTO=TCP SPT=35655 DPT=15139 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:13:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6097 DF PROTO=TCP SPT=39342 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:13:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56400 PROTO=TCP SPT=61000 DPT=29459 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59244 SEQ=1 Nov 9 09:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38158 SEQ=1 Nov 9 09:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46961 SEQ=1 Nov 9 09:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26037 SEQ=1 Nov 9 09:13:52 server83 dhclient[15450]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x29a88ed8) Nov 9 09:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.84.83.221 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=17987 DF PROTO=TCP SPT=50013 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 09:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59244 SEQ=1 Nov 9 09:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28006 SEQ=1 Nov 9 09:13:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12801 DF PROTO=TCP SPT=62374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:13:55 server83 scripts.sh: Sun Nov 9 09:13:55 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 09:13:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12802 DF PROTO=TCP SPT=62374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:13:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12803 DF PROTO=TCP SPT=62374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6099 DF PROTO=TCP SPT=39342 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:01 server83 systemd: Started Session 309585 of user root. Nov 9 09:14:01 server83 systemd: Started Session 309586 of user root. Nov 9 09:14:01 server83 systemd: Started Session 309589 of user root. Nov 9 09:14:02 server83 systemd: Started Session 309587 of user root. Nov 9 09:14:02 server83 systemd: Started Session 309588 of user root. Nov 9 09:14:02 server83 systemd: Started Session 309590 of user root. Nov 9 09:14:02 server83 systemd: Started Session 309592 of user root. Nov 9 09:14:02 server83 systemd: Started Session 309593 of user root. Nov 9 09:14:02 server83 systemd: Started Session 309591 of user root. Nov 9 09:14:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:14:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12804 DF PROTO=TCP SPT=62374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28204 SEQ=1 Nov 9 09:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63493 SEQ=1 Nov 9 09:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57 SEQ=1 Nov 9 09:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43023 SEQ=1 Nov 9 09:14:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.191 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55639 DPT=4043 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:14:06 server83 dhclient[15450]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x29a88ed8) Nov 9 09:14:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48455 PROTO=TCP SPT=57873 DPT=20919 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:14:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12805 DF PROTO=TCP SPT=62374 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.168.101.27 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=233 ID=43983 PROTO=TCP SPT=53455 DPT=8001 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60307 DF PROTO=TCP SPT=42012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2830 PROTO=TCP SPT=46370 DPT=2728 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6100 DF PROTO=TCP SPT=39342 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5174 SEQ=1 Nov 9 09:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58278 SEQ=1 Nov 9 09:14:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42458 PROTO=TCP SPT=42685 DPT=5690 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15855 SEQ=1 Nov 9 09:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14133 SEQ=1 Nov 9 09:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30900 SEQ=1 Nov 9 09:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28946 SEQ=1 Nov 9 09:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30900 SEQ=1 Nov 9 09:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37002 DF PROTO=TCP SPT=44468 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:27 server83 dhclient[15450]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x29a88ed8) Nov 9 09:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37003 DF PROTO=TCP SPT=44468 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:29 server83 NetworkManager[922]: <warn> [1762659869.4503] dhcp4 (eth1): request timed out Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37004 DF PROTO=TCP SPT=44468 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15450 Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:14:29 server83 NetworkManager[922]: <warn> [1762659869.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4718] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4729] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4732] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:14:29 server83 NetworkManager[922]: <info> [1762659869.4744] dhcp4 (eth1): dhclient started with pid 17199 Nov 9 09:14:29 server83 dhclient[17199]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x7a7dc9bb) Nov 9 09:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35169 SEQ=1 Nov 9 09:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35169 SEQ=1 Nov 9 09:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12430 SEQ=1 Nov 9 09:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37005 DF PROTO=TCP SPT=44468 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:33 server83 dhclient[17199]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7a7dc9bb) Nov 9 09:14:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24110 SEQ=1 Nov 9 09:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40970 SEQ=1 Nov 9 09:14:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12806 DF PROTO=TCP SPT=63490 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24110 SEQ=1 Nov 9 09:14:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12807 DF PROTO=TCP SPT=63490 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:40 server83 dhclient[17199]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7a7dc9bb) Nov 9 09:14:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12808 DF PROTO=TCP SPT=63490 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.168 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54944 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37006 DF PROTO=TCP SPT=44468 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58773 PROTO=TCP SPT=45727 DPT=31032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:14:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.134.19 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4034 DF PROTO=TCP SPT=38550 DPT=10482 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12809 DF PROTO=TCP SPT=63490 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:14:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9294 PROTO=TCP SPT=33733 DPT=6333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:14:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20319 SEQ=1 Nov 9 09:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4048 SEQ=1 Nov 9 09:14:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6101 DF PROTO=TCP SPT=39342 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:14:52 server83 dhclient[17199]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x7a7dc9bb) Nov 9 09:14:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3550 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:14:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12810 DF PROTO=TCP SPT=63490 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14588 SEQ=1 Nov 9 09:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10424 SEQ=1 Nov 9 09:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14588 SEQ=1 Nov 9 09:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14411 SEQ=1 Nov 9 09:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.138 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=12470 PROTO=TCP SPT=37692 DPT=4080 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54555 PROTO=TCP SPT=49956 DPT=29796 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:01 server83 dhclient[17199]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7a7dc9bb) Nov 9 09:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:15:01 server83 systemd: Started Session 309594 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309599 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309598 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309595 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309597 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309600 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309603 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309602 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309601 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309604 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309596 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309605 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309606 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309608 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309609 of user root. Nov 9 09:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 09:15:01 server83 systemd: Started Session 309610 of user sanatanhinduvahi. Nov 9 09:15:01 server83 systemd: Started Session 309607 of user root. Nov 9 09:15:01 server83 systemd: Started Session 309611 of user root. Nov 9 09:15:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 09:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11577 SEQ=1 Nov 9 09:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8431 SEQ=1 Nov 9 09:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51455 SEQ=1 Nov 9 09:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20191 SEQ=1 Nov 9 09:15:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:15:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=43127 PROTO=TCP SPT=59403 DPT=1595 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.23 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50870 DPT=46130 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:15:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.202 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50023 DPT=48703 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51455 SEQ=1 Nov 9 09:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20191 SEQ=1 Nov 9 09:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42427 SEQ=1 Nov 9 09:15:14 server83 NetworkManager[922]: <warn> [1762659914.4407] dhcp4 (eth1): request timed out Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4407] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4486] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17199 Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4486] dhcp4 (eth1): state changed timeout -> done Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4488] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:15:14 server83 NetworkManager[922]: <warn> [1762659914.4492] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4494] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4521] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4524] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4524] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4527] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4536] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4537] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:15:14 server83 NetworkManager[922]: <info> [1762659914.4549] dhcp4 (eth1): dhclient started with pid 18763 Nov 9 09:15:14 server83 dhclient[18763]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3d6dbdce) Nov 9 09:15:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3549 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55677 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55678 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=18414 PROTO=TCP SPT=56114 DPT=7806 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15463 SEQ=1 Nov 9 09:15:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55679 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15463 SEQ=1 Nov 9 09:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59370 SEQ=1 Nov 9 09:15:22 server83 dhclient[18763]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3d6dbdce) Nov 9 09:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22122 SEQ=1 Nov 9 09:15:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23038 SEQ=1 Nov 9 09:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55680 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.44.162.182 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=39476 DF PROTO=ICMP TYPE=8 CODE=0 ID=57140 SEQ=29800 Nov 9 09:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37008 DF PROTO=TCP SPT=44468 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=142.93.157.82 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37956 DPT=8884 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55681 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.212.41 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=7206 DF PROTO=TCP SPT=39676 DPT=1146 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:15:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=639 PROTO=TCP SPT=58603 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:32 server83 dhclient[18763]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x3d6dbdce) Nov 9 09:15:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.141.176 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=4150 DF PROTO=TCP SPT=45522 DPT=4373 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47926 SEQ=1 Nov 9 09:15:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57712 SEQ=1 Nov 9 09:15:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57712 SEQ=1 Nov 9 09:15:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:15:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23292 SEQ=1 Nov 9 09:15:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23292 SEQ=1 Nov 9 09:15:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.56.61.130 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=1500 PROTO=TCP SPT=55925 DPT=4389 WINDOW=64398 RES=0x00 SYN URGP=0 Nov 9 09:15:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3548 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6754 PROTO=TCP SPT=45727 DPT=33008 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12811 DF PROTO=TCP SPT=65161 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.112.95 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=17180 PROTO=TCP SPT=60000 DPT=36622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12812 DF PROTO=TCP SPT=65161 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11943 SEQ=1 Nov 9 09:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55682 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22980 SEQ=1 Nov 9 09:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.129.69.52 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=50 ID=49181 DF PROTO=ICMP TYPE=8 CODE=0 ID=36125 SEQ=8889 Nov 9 09:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.129.81.227 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=50 ID=3006 DF PROTO=ICMP TYPE=8 CODE=0 ID=2559 SEQ=14442 Nov 9 09:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.129.69.7 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=50 ID=5608 DF PROTO=ICMP TYPE=8 CODE=0 ID=20751 SEQ=7762 Nov 9 09:15:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12813 DF PROTO=TCP SPT=65161 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44509 SEQ=1 Nov 9 09:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10746 DF PROTO=TCP SPT=56758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10747 DF PROTO=TCP SPT=56758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13394 SEQ=1 Nov 9 09:15:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12814 DF PROTO=TCP SPT=65161 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:15:53 server83 dhclient[18763]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3d6dbdce) Nov 9 09:15:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23433 SEQ=1 Nov 9 09:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10749 DF PROTO=TCP SPT=56758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:15:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.193 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53019 DPT=44818 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:15:59 server83 NetworkManager[922]: <warn> [1762659959.4493] dhcp4 (eth1): request timed out Nov 9 09:15:59 server83 NetworkManager[922]: <info> [1762659959.4494] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:15:59 server83 NetworkManager[922]: <info> [1762659959.4654] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18763 Nov 9 09:15:59 server83 NetworkManager[922]: <info> [1762659959.4654] dhcp4 (eth1): state changed timeout -> done Nov 9 09:15:59 server83 NetworkManager[922]: <info> [1762659959.4656] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:15:59 server83 NetworkManager[922]: <warn> [1762659959.4661] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:15:59 server83 NetworkManager[922]: <info> [1762659959.4663] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:16:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12815 DF PROTO=TCP SPT=65161 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:16:01 server83 systemd: Started Session 309612 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309613 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309614 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309615 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309616 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309617 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309618 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309619 of user root. Nov 9 09:16:01 server83 systemd: Started Session 309620 of user root. Nov 9 09:16:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.37 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=25781 PROTO=TCP SPT=61903 DPT=45738 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:16:04 server83 systemd: Started Session c2859 of user root. Nov 9 09:16:04 server83 scripts.sh: Load Average: 3.18 , 3.63 Nov 9 09:16:04 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 09:16:04 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 09:16:04 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 09:16:04 server83 scripts.sh: HTTPD Status: inactive Nov 9 09:16:04 server83 scripts.sh: MySQL Status: active Nov 9 09:16:04 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 09:16:04 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 09:16:04 server83 scripts.sh: SSHD Status: active Nov 9 09:16:04 server83 scripts.sh: FTP Status: active Nov 9 09:16:04 server83 scripts.sh: LiteSpeed Status: Active Nov 9 09:16:04 server83 scripts.sh: Imunify Status: Active Nov 9 09:16:04 server83 scripts.sh: cPanel Status: active Nov 9 09:16:04 server83 scripts.sh: Memory Status: 12/31 GB - 40.10% Nov 9 09:16:04 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 09:16:04 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 09:16:04 server83 scripts.sh: Local Version: 4.4.5 Nov 9 09:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10750 DF PROTO=TCP SPT=56758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47436 SEQ=1 Nov 9 09:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23663 SEQ=1 Nov 9 09:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.216 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=112 ID=61000 DF PROTO=ICMP TYPE=8 CODE=0 ID=63815 SEQ=10593 Nov 9 09:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6864 SEQ=1 Nov 9 09:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21049 SEQ=1 Nov 9 09:16:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.118 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52960 DPT=46909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46967 SEQ=1 Nov 9 09:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59540 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:16:15 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:16:15 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:16:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.33 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43049 DPT=5007 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20018 PROTO=TCP SPT=55665 DPT=13390 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=55683 DF PROTO=TCP SPT=43936 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16929 SEQ=1 Nov 9 09:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10751 DF PROTO=TCP SPT=56758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=144 DF PROTO=ICMP TYPE=8 CODE=0 ID=39873 SEQ=3727 Nov 9 09:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6568 SEQ=1 Nov 9 09:16:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32527 SEQ=1 Nov 9 09:16:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9092 SEQ=1 Nov 9 09:16:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10522 PROTO=TCP SPT=43457 DPT=2753 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3542 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25360 PROTO=TCP SPT=50619 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6132 DF PROTO=TCP SPT=58542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25361 PROTO=TCP SPT=50619 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6133 DF PROTO=TCP SPT=58542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27124 PROTO=TCP SPT=57402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25362 PROTO=TCP SPT=50619 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27125 PROTO=TCP SPT=57402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27127 PROTO=TCP SPT=57402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:35 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=75.2.18.233 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23492 DF PROTO=TCP SPT=35400 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=4578 GID=4579 Nov 9 09:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.28 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=26716 PROTO=TCP SPT=55910 DPT=2105 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27128 PROTO=TCP SPT=57402 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:16:36 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=75.2.18.233 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23493 DF PROTO=TCP SPT=35400 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=4578 GID=4579 Nov 9 09:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29467 SEQ=1 Nov 9 09:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6135 DF PROTO=TCP SPT=58542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30497 SEQ=1 Nov 9 09:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30282 SEQ=1 Nov 9 09:16:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25881 SEQ=1 Nov 9 09:16:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15785 SEQ=1 Nov 9 09:16:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:16:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12816 DF PROTO=TCP SPT=50156 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:16:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12817 DF PROTO=TCP SPT=50156 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12818 DF PROTO=TCP SPT=50156 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6136 DF PROTO=TCP SPT=58542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:16:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.129.220 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=7637 DF PROTO=TCP SPT=47530 DPT=668 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:16:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41296 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46072 SEQ=1 Nov 9 09:16:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12819 DF PROTO=TCP SPT=50156 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30962 SEQ=1 Nov 9 09:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60263 SEQ=1 Nov 9 09:16:52 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.203.57.10 DST=145.239.177.179 LEN=88 TOS=0x00 PREC=0x00 TTL=241 ID=41666 PROTO=UDP SPT=55791 DPT=1701 LEN=68 Nov 9 09:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=4671 DF PROTO=ICMP TYPE=8 CODE=0 ID=57777 SEQ=23558 Nov 9 09:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58574 SEQ=1 Nov 9 09:16:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10752 DF PROTO=TCP SPT=56758 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45880 SEQ=1 Nov 9 09:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=838 PROTO=TCP SPT=45913 DPT=31127 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12820 DF PROTO=TCP SPT=50156 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:17:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=50096 DPT=40698 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:17:01 server83 systemd: Started Session 309623 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309625 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309624 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309621 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309626 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309622 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309628 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309627 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309630 of user root. Nov 9 09:17:01 server83 systemd: Started Session 309629 of user root. Nov 9 09:17:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38357 SEQ=1 Nov 9 09:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6137 DF PROTO=TCP SPT=58542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=1726 DF PROTO=ICMP TYPE=8 CODE=0 ID=846 SEQ=9108 Nov 9 09:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59291 SEQ=1 Nov 9 09:17:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=52197 DPT=40694 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:17:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31734 SEQ=1 Nov 9 09:17:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18881 SEQ=1 Nov 9 09:17:06 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.226.83.235 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=48 ID=10556 DF PROTO=UDP SPT=1900 DPT=8000 LEN=64 Nov 9 09:17:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36923 SEQ=1 Nov 9 09:17:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:17:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.99.78.165 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=7696 PROTO=TCP SPT=40339 DPT=28237 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:17:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:17:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63674 SEQ=1 Nov 9 09:17:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57096 PROTO=TCP SPT=50251 DPT=5858 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46692 SEQ=1 Nov 9 09:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13107 SEQ=1 Nov 9 09:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4956 SEQ=1 Nov 9 09:17:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5641 PROTO=TCP SPT=57873 DPT=33165 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4956 SEQ=1 Nov 9 09:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46692 SEQ=1 Nov 9 09:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63674 SEQ=1 Nov 9 09:17:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57627 PROTO=TCP SPT=35790 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57628 PROTO=TCP SPT=35790 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=12280 PROTO=TCP SPT=60900 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57629 PROTO=TCP SPT=35790 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6138 DF PROTO=TCP SPT=58542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=12281 PROTO=TCP SPT=60900 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57630 PROTO=TCP SPT=35790 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=12282 PROTO=TCP SPT=60900 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45396 SEQ=1 Nov 9 09:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39151 SEQ=1 Nov 9 09:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62938 SEQ=1 Nov 9 09:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17373 SEQ=1 Nov 9 09:17:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29835 SEQ=1 Nov 9 09:17:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=12284 PROTO=TCP SPT=60900 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:17:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38948 PROTO=TCP SPT=46370 DPT=2679 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:17:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=63801 SEQ=19846 Nov 9 09:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=990 SEQ=1 Nov 9 09:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=29983 SEQ=20033 Nov 9 09:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.207 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=11574 SEQ=20327 Nov 9 09:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.206 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=35713 SEQ=20181 Nov 9 09:17:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=59013 DPT=33434 LEN=48 Nov 9 09:17:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=57544 DPT=33434 LEN=48 Nov 9 09:17:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=3200 DPT=33434 LEN=48 Nov 9 09:17:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=39695 DPT=33434 LEN=48 Nov 9 09:17:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:17:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=61387 DPT=33434 LEN=48 Nov 9 09:17:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21831 SEQ=1 Nov 9 09:17:51 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=64512 DPT=33434 LEN=48 Nov 9 09:17:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=TCP SPT=11764 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4210 SEQ=1 Nov 9 09:17:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=64007 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:17:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=2243 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:17:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=18365 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:17:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=TCP SPT=15692 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4210 SEQ=1 Nov 9 09:17:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=65443 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:18:01 server83 systemd: Started Session 309632 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309633 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309634 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309635 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309631 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309636 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309637 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309638 of user root. Nov 9 09:18:01 server83 systemd: Started Session 309639 of user root. Nov 9 09:18:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3541 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:18:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34579 SEQ=1 Nov 9 09:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65531 SEQ=1 Nov 9 09:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47904 SEQ=1 Nov 9 09:18:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32583 SEQ=1 Nov 9 09:18:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.138 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52802 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:18:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:18:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:18:05 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:18:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2850 PROTO=TCP SPT=55681 DPT=13390 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:18:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44096 SEQ=1 Nov 9 09:18:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18345 SEQ=1 Nov 9 09:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5095 SEQ=1 Nov 9 09:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43493 SEQ=1 Nov 9 09:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34579 SEQ=1 Nov 9 09:18:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41326 PROTO=TCP SPT=45727 DPT=31124 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:18:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8129 PROTO=TCP SPT=49120 DPT=3399 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 09:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 09:18:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20363 SEQ=1 Nov 9 09:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55883 SEQ=1 Nov 9 09:18:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60167 SEQ=1 Nov 9 09:18:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2248 SEQ=1 Nov 9 09:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11362 SEQ=1 Nov 9 09:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51055 SEQ=1 Nov 9 09:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24277 SEQ=1 Nov 9 09:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11362 SEQ=1 Nov 9 09:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.74.42.143 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=34752 DF PROTO=TCP SPT=35776 DPT=12185 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 09:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5356 SEQ=1 Nov 9 09:18:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:18:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=28209 PROTO=TCP SPT=57873 DPT=33165 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:18:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.34 DST=145.239.177.179 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=1360 PROTO=TCP SPT=7900 DPT=9160 WINDOW=49847 RES=0x00 SYN URGP=0 Nov 9 09:18:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:18:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.86 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54644 DPT=27001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36874 SEQ=1 Nov 9 09:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30773 SEQ=1 Nov 9 09:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65171 SEQ=1 Nov 9 09:18:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43282 SEQ=1 Nov 9 09:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46368 SEQ=1 Nov 9 09:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65171 SEQ=1 Nov 9 09:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40833 SEQ=1 Nov 9 09:18:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.165.191.27 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=112 ID=6414 PROTO=TCP SPT=17340 DPT=9080 WINDOW=8740 RES=0x00 SYN URGP=0 Nov 9 09:18:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=41754 DPT=40862 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:01 server83 systemd: Started Session 309641 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309642 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309644 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309643 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309640 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309645 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309647 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309646 of user root. Nov 9 09:19:01 server83 systemd: Started Session 309648 of user root. Nov 9 09:19:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=33658 PROTO=TCP SPT=55917 DPT=7515 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:19:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:19:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.6 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53935 DPT=9433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26861 SEQ=1 Nov 9 09:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=111.119.245.63 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=26569 DF PROTO=ICMP TYPE=8 CODE=0 ID=28212 SEQ=33643 Nov 9 09:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45067 SEQ=1 Nov 9 09:19:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:19:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:19:06 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=69.87.207.135 DST=51.210.113.204 LEN=104 TOS=0x08 PREC=0x20 TTL=44 ID=40210 DF PROTO=UDP SPT=8000 DPT=6881 LEN=84 Nov 9 09:19:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60581 SEQ=1 Nov 9 09:19:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4670 SEQ=1 Nov 9 09:19:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60581 SEQ=1 Nov 9 09:19:12 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:19:12 server83 systemd: Stopped Status Update Service. Nov 9 09:19:12 server83 systemd: Started Status Update Service. Nov 9 09:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45694 SEQ=1 Nov 9 09:19:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57333 DPT=3975 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40242 PROTO=TCP SPT=43739 DPT=2683 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:19:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49147 SEQ=1 Nov 9 09:19:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49147 SEQ=1 Nov 9 09:19:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3540 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:19:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13158 SEQ=1 Nov 9 09:19:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49338 SEQ=1 Nov 9 09:19:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.55 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57039 DPT=32046 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49201 PROTO=TCP SPT=60177 DPT=4795 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.84.60 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=54447 PROTO=TCP SPT=59363 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=35439 DPT=40790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.223.104.85 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36311 DPT=8200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33573 PROTO=TCP SPT=46976 DPT=9157 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.210.57.16 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=32814 DPT=162 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44250 SEQ=1 Nov 9 09:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44250 SEQ=1 Nov 9 09:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36164 SEQ=1 Nov 9 09:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22156 SEQ=1 Nov 9 09:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50541 SEQ=1 Nov 9 09:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42474 SEQ=1 Nov 9 09:19:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20525 PROTO=TCP SPT=63219 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3539 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:19:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20526 PROTO=TCP SPT=63219 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20527 PROTO=TCP SPT=63219 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:19:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17540 PROTO=TCP SPT=51693 DPT=4366 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20528 PROTO=TCP SPT=63219 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20529 PROTO=TCP SPT=63219 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3546 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:19:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.124.87.12 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=53877 DPT=162 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:19:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37981 SEQ=1 Nov 9 09:19:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43859 SEQ=1 Nov 9 09:19:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45335 SEQ=1 Nov 9 09:19:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49073 SEQ=1 Nov 9 09:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14143 SEQ=1 Nov 9 09:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21796 SEQ=1 Nov 9 09:19:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=28685 PROTO=TCP SPT=57077 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=28686 PROTO=TCP SPT=57077 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:19:57 server83 imunify-auditd-log-reader[9638]: lost 15 message sequences Nov 9 09:19:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=30633 PROTO=TCP SPT=57002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=28687 PROTO=TCP SPT=57077 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:19:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=30635 PROTO=TCP SPT=57002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:20:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=30637 PROTO=TCP SPT=57002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:20:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:20:01 server83 systemd: Started Session 309649 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309650 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309651 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309652 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309655 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309654 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309656 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309657 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309653 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309658 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309659 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309661 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309660 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309662 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309663 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309664 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309665 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309666 of user root. Nov 9 09:20:01 server83 systemd: Started Session 309667 of user root. Nov 9 09:20:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10938 SEQ=1 Nov 9 09:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9791 SEQ=1 Nov 9 09:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43390 SEQ=1 Nov 9 09:20:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3538 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65119 SEQ=1 Nov 9 09:20:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64346 PROTO=TCP SPT=35584 DPT=6514 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37141 SEQ=1 Nov 9 09:20:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56917 SEQ=1 Nov 9 09:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8141 SEQ=1 Nov 9 09:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13871 SEQ=1 Nov 9 09:20:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=53474 DPT=2133 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37141 SEQ=1 Nov 9 09:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45258 SEQ=1 Nov 9 09:20:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:20:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29411 SEQ=1 Nov 9 09:20:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13009 SEQ=1 Nov 9 09:20:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.174.244.189 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=439 PROTO=TCP SPT=37227 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22626 SEQ=1 Nov 9 09:20:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.105.149 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=55293 PROTO=TCP SPT=60425 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17470 SEQ=1 Nov 9 09:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56278 SEQ=1 Nov 9 09:20:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3545 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:20:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3544 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:20:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:20:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14776 SEQ=1 Nov 9 09:20:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16387 SEQ=1 Nov 9 09:20:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57552 PROTO=TCP SPT=56437 DPT=5944 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:20:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.250.53.138 DST=51.210.113.204 LEN=72 TOS=0x08 PREC=0x40 TTL=41 ID=31097 DF PROTO=ICMP TYPE=8 CODE=0 ID=16523 SEQ=26774 Nov 9 09:20:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=10739 DF PROTO=ICMP TYPE=8 CODE=0 ID=13134 SEQ=21296 Nov 9 09:20:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=7575 DF PROTO=ICMP TYPE=8 CODE=0 ID=6430 SEQ=52295 Nov 9 09:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35932 SEQ=1 Nov 9 09:20:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35039 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23150 SEQ=1 Nov 9 09:20:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:20:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12821 DF PROTO=TCP SPT=54876 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:20:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12822 DF PROTO=TCP SPT=54876 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4493] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4497] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4498] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4500] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4509] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4511] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:20:59 server83 NetworkManager[922]: <info> [1762660259.4521] dhcp4 (eth1): dhclient started with pid 28756 Nov 9 09:20:59 server83 dhclient[28756]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3f7a3d28) Nov 9 09:20:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12823 DF PROTO=TCP SPT=54876 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:20:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.92.218 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59649 DPT=14440 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:21:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7933 PROTO=TCP SPT=56479 DPT=5703 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:21:01 server83 systemd: Started Session 309669 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309668 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309672 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309671 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309673 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309674 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309670 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309675 of user root. Nov 9 09:21:01 server83 systemd: Started Session 309676 of user root. Nov 9 09:21:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12824 DF PROTO=TCP SPT=55169 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=36433 DF PROTO=ICMP TYPE=8 CODE=0 ID=40870 SEQ=30746 Nov 9 09:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31875 SEQ=1 Nov 9 09:21:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12825 DF PROTO=TCP SPT=55169 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12826 DF PROTO=TCP SPT=54876 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34953 SEQ=1 Nov 9 09:21:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=49999 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:21:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12827 DF PROTO=TCP SPT=55169 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30984 SEQ=1 Nov 9 09:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32580 SEQ=1 Nov 9 09:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65014 SEQ=1 Nov 9 09:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48954 SEQ=1 Nov 9 09:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30984 SEQ=1 Nov 9 09:21:07 server83 dhclient[28756]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x3f7a3d28) Nov 9 09:21:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12828 DF PROTO=TCP SPT=55169 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12829 DF PROTO=TCP SPT=54876 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12830 DF PROTO=TCP SPT=55169 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:21:19 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6146 SEQ=1 Nov 9 09:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49662 SEQ=1 Nov 9 09:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6146 SEQ=1 Nov 9 09:21:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3665 SEQ=1 Nov 9 09:21:24 server83 dhclient[28756]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3f7a3d28) Nov 9 09:21:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:21:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.221.137.47 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=37040 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:21:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.14.122.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57470 DPT=92 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:21:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39531 SEQ=1 Nov 9 09:21:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39531 SEQ=1 Nov 9 09:21:38 server83 dhclient[28756]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3f7a3d28) Nov 9 09:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15379 SEQ=1 Nov 9 09:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29007 SEQ=1 Nov 9 09:21:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39338 PROTO=TCP SPT=58923 DPT=4191 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:21:44 server83 NetworkManager[922]: <warn> [1762660304.4378] dhcp4 (eth1): request timed out Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4378] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4699] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28756 Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4699] dhcp4 (eth1): state changed timeout -> done Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4702] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:21:44 server83 NetworkManager[922]: <warn> [1762660304.4706] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4708] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4742] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4746] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4747] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4751] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4762] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4765] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:21:44 server83 NetworkManager[922]: <info> [1762660304.4777] dhcp4 (eth1): dhclient started with pid 32694 Nov 9 09:21:44 server83 dhclient[32694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x460cc82e) Nov 9 09:21:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19624 SEQ=1 Nov 9 09:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43758 SEQ=1 Nov 9 09:21:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=8974 PROTO=TCP SPT=56834 DPT=698 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32903 SEQ=1 Nov 9 09:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.7 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=20431 PROTO=TCP SPT=56807 DPT=42674 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:21:52 server83 dhclient[32694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x460cc82e) Nov 9 09:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10517 SEQ=1 Nov 9 09:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51101 SEQ=1 Nov 9 09:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28270 SEQ=1 Nov 9 09:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:22:01 server83 systemd: Started Session 309677 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309679 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309680 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309681 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309678 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309682 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309684 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309685 of user root. Nov 9 09:22:01 server83 systemd: Started Session 309683 of user root. Nov 9 09:22:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20899 PROTO=TCP SPT=43448 DPT=2662 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:22:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41877 PROTO=TCP SPT=45727 DPT=34245 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:22:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7679 SEQ=1 Nov 9 09:22:06 server83 dhclient[32694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x460cc82e) Nov 9 09:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39720 SEQ=1 Nov 9 09:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12452 SEQ=1 Nov 9 09:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62233 SEQ=1 Nov 9 09:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44784 SEQ=1 Nov 9 09:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44784 SEQ=1 Nov 9 09:22:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16387 SEQ=1 Nov 9 09:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14985 SEQ=1 Nov 9 09:22:20 server83 dhclient[32694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x460cc82e) Nov 9 09:22:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=99.26.109.22 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=45 ID=23270 DF PROTO=UDP SPT=52301 DPT=19132 LEN=43 Nov 9 09:22:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38324 SEQ=1 Nov 9 09:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16387 SEQ=1 Nov 9 09:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28018 SEQ=1 Nov 9 09:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38324 SEQ=1 Nov 9 09:22:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=490 PROTO=TCP SPT=55665 DPT=36313 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:22:29 server83 NetworkManager[922]: <warn> [1762660349.4503] dhcp4 (eth1): request timed out Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32694 Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:22:29 server83 NetworkManager[922]: <warn> [1762660349.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4621] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4624] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4625] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4628] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4638] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4640] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:22:29 server83 NetworkManager[922]: <info> [1762660349.4651] dhcp4 (eth1): dhclient started with pid 1623 Nov 9 09:22:29 server83 dhclient[1623]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3c984491) Nov 9 09:22:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.215 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47308 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:22:37 server83 dhclient[1623]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3c984491) Nov 9 09:22:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.71.243.143 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=8399 PROTO=TCP SPT=53699 DPT=2222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61858 SEQ=1 Nov 9 09:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54156 SEQ=1 Nov 9 09:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45984 SEQ=1 Nov 9 09:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14967 SEQ=1 Nov 9 09:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19587 SEQ=1 Nov 9 09:22:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52544 DPT=47884 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:22:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.139 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=31 ID=41211 PROTO=UDP SPT=6577 DPT=37810 LEN=9 Nov 9 09:22:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.125 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=23235 DF PROTO=TCP SPT=49544 DPT=11002 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:22:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:22:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=16818 PROTO=TCP SPT=57385 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:22:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43180 PROTO=TCP SPT=49120 DPT=3397 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48763 SEQ=1 Nov 9 09:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5131 SEQ=1 Nov 9 09:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46607 SEQ=1 Nov 9 09:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39602 SEQ=1 Nov 9 09:22:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.184 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=52186 PROTO=TCP SPT=56793 DPT=34449 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:22:53 server83 dhclient[1623]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x3c984491) Nov 9 09:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48763 SEQ=1 Nov 9 09:22:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56188 DPT=8882 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:23:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6929 SEQ=1 Nov 9 09:23:01 server83 systemd: Started Session 309686 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309689 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309688 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309687 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309691 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309690 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309692 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309693 of user root. Nov 9 09:23:01 server83 systemd: Started Session 309694 of user root. Nov 9 09:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31211 SEQ=1 Nov 9 09:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50880 SEQ=1 Nov 9 09:23:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:23:05 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 09:23:06 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:23:06 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:23:06 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31211 SEQ=1 Nov 9 09:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20964 SEQ=1 Nov 9 09:23:10 server83 dhclient[1623]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x3c984491) Nov 9 09:23:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.38 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=45477 PROTO=TCP SPT=50770 DPT=11211 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:23:14 server83 NetworkManager[922]: <warn> [1762660394.4503] dhcp4 (eth1): request timed out Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1623 Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:23:14 server83 NetworkManager[922]: <warn> [1762660394.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4618] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4620] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4621] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4623] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4632] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4634] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:23:14 server83 NetworkManager[922]: <info> [1762660394.4646] dhcp4 (eth1): dhclient started with pid 2843 Nov 9 09:23:14 server83 dhclient[2843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x710aea9d) Nov 9 09:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=63318 PROTO=TCP SPT=56696 DPT=1521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:23:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63668 PROTO=TCP SPT=49956 DPT=25641 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:23:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=729 SEQ=1 Nov 9 09:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21473 SEQ=1 Nov 9 09:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21473 SEQ=1 Nov 9 09:23:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.110 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=48 ID=62018 PROTO=UDP SPT=35868 DPT=69 LEN=35 Nov 9 09:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27729 SEQ=1 Nov 9 09:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27412 SEQ=1 Nov 9 09:23:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1609 SEQ=1 Nov 9 09:23:21 server83 dhclient[2843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x710aea9d) Nov 9 09:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14901 SEQ=1 Nov 9 09:23:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12831 DF PROTO=TCP SPT=58604 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12832 DF PROTO=TCP SPT=58604 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.152 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=1543 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:23:26 server83 scripts.sh: Sun Nov 9 09:23:26 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 09:23:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12833 DF PROTO=TCP SPT=58604 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12834 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12835 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12178 PROTO=TCP SPT=40806 DPT=524 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:23:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46200 SEQ=1 Nov 9 09:23:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12836 DF PROTO=TCP SPT=58604 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18944 SEQ=1 Nov 9 09:23:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49799 SEQ=1 Nov 9 09:23:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12838 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12839 DF PROTO=TCP SPT=58604 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:42 server83 dhclient[2843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x710aea9d) Nov 9 09:23:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12840 DF PROTO=TCP SPT=58755 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:23:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.237.156.209 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56524 DPT=8045 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:23:49 server83 dhclient[2843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x710aea9d) Nov 9 09:23:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38461 PROTO=TCP SPT=57873 DPT=35162 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40967 SEQ=1 Nov 9 09:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21217 SEQ=1 Nov 9 09:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7098 SEQ=1 Nov 9 09:23:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40967 SEQ=1 Nov 9 09:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43096 SEQ=1 Nov 9 09:23:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43997 PROTO=TCP SPT=57873 DPT=11724 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:23:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.191.209.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4894 PROTO=TCP SPT=41356 DPT=15000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:23:59 server83 dhclient[2843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x710aea9d) Nov 9 09:23:59 server83 NetworkManager[922]: <warn> [1762660439.4410] dhcp4 (eth1): request timed out Nov 9 09:23:59 server83 NetworkManager[922]: <info> [1762660439.4410] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:23:59 server83 NetworkManager[922]: <info> [1762660439.4490] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2843 Nov 9 09:23:59 server83 NetworkManager[922]: <info> [1762660439.4490] dhcp4 (eth1): state changed timeout -> done Nov 9 09:23:59 server83 NetworkManager[922]: <info> [1762660439.4492] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:23:59 server83 NetworkManager[922]: <warn> [1762660439.4497] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:23:59 server83 NetworkManager[922]: <info> [1762660439.4499] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:24:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:24:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:24:01 server83 systemd: Started Session 309698 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309696 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309695 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309700 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309702 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309701 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309699 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309703 of user root. Nov 9 09:24:01 server83 systemd: Started Session 309697 of user root. Nov 9 09:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49256 SEQ=1 Nov 9 09:24:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.28 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55394 DPT=9459 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:24:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.136 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=29480 PROTO=TCP SPT=58509 DPT=7001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53736 SEQ=1 Nov 9 09:24:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5501 SEQ=1 Nov 9 09:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=909 SEQ=1 Nov 9 09:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19000 SEQ=1 Nov 9 09:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34615 SEQ=1 Nov 9 09:24:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=44933 PROTO=TCP SPT=44809 DPT=9900 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:24:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49256 SEQ=1 Nov 9 09:24:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3537 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=41446 PROTO=TCP SPT=56033 DPT=7709 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:24:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45753 SEQ=1 Nov 9 09:24:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:24:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7264 SEQ=1 Nov 9 09:24:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3536 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12108 SEQ=1 Nov 9 09:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14683 SEQ=1 Nov 9 09:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12108 SEQ=1 Nov 9 09:24:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14263 PROTO=TCP SPT=56850 DPT=38337 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:24:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.11 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=14717 DF PROTO=TCP SPT=55091 DPT=14895 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:24:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25964 PROTO=TCP SPT=51241 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.2 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50596 DPT=9715 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:24:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25965 PROTO=TCP SPT=51241 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39570 PROTO=TCP SPT=43375 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25966 PROTO=TCP SPT=51241 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9928 SEQ=1 Nov 9 09:24:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=61742 PROTO=TCP SPT=38225 DPT=5684 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:24:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25968 PROTO=TCP SPT=51241 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39573 PROTO=TCP SPT=43375 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59615 SEQ=1 Nov 9 09:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39574 PROTO=TCP SPT=43375 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:24:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59615 SEQ=1 Nov 9 09:24:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.189 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50612 DPT=48170 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:24:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.84.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35152 DPT=8045 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:24:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:24:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3543 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:24:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18206 SEQ=1 Nov 9 09:24:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18206 SEQ=1 Nov 9 09:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42380 SEQ=1 Nov 9 09:24:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.142 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=35614 PROTO=TCP SPT=12582 DPT=8545 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50997 SEQ=1 Nov 9 09:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24092 SEQ=1 Nov 9 09:24:51 server83 pam_imunify_daemon.bin: time="2025-11-09T09:24:51+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 09:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10912 SEQ=1 Nov 9 09:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.239.4.211 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=32073 PROTO=TCP SPT=59070 DPT=8045 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:24:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19486 SEQ=1 Nov 9 09:24:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=39540 PROTO=TCP SPT=59403 DPT=30400 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:25:01 server83 systemd: Started Session 309708 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309705 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309710 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309707 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309709 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309711 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309704 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309712 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309713 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309715 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309714 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309706 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309716 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309717 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309718 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309720 of user root. Nov 9 09:25:01 server83 systemd: Started Session 309719 of user root. Nov 9 09:25:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46528 SEQ=1 Nov 9 09:25:02 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.142.123 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=38095 DF PROTO=UDP SPT=19304 DPT=60713 LEN=16 Nov 9 09:25:02 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.235.176.50 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=UDP SPT=41327 DPT=123 LEN=200 Nov 9 09:25:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64778 SEQ=1 Nov 9 09:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3969 SEQ=1 Nov 9 09:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20230 SEQ=1 Nov 9 09:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40589 SEQ=1 Nov 9 09:25:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20367 SEQ=1 Nov 9 09:25:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.194.70.253 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5109 DF PROTO=TCP SPT=47481 DPT=3907 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:25:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:25:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3534 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:25:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3535 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:25:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17369 SEQ=1 Nov 9 09:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2489 SEQ=1 Nov 9 09:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29879 SEQ=1 Nov 9 09:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16299 SEQ=1 Nov 9 09:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61777 SEQ=1 Nov 9 09:25:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.174 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56645 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:25:34 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 09:25:34 server83 systemd: Started Session c2860 of user root. Nov 9 09:25:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.21 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53009 DPT=2455 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:25:35 server83 scripts.sh: Load Average: 2.45 , 3.00 Nov 9 09:25:35 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 09:25:35 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 09:25:35 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 09:25:35 server83 scripts.sh: HTTPD Status: inactive Nov 9 09:25:35 server83 scripts.sh: MySQL Status: active Nov 9 09:25:35 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 09:25:35 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 09:25:35 server83 scripts.sh: SSHD Status: active Nov 9 09:25:35 server83 scripts.sh: FTP Status: active Nov 9 09:25:35 server83 scripts.sh: LiteSpeed Status: Active Nov 9 09:25:35 server83 scripts.sh: Imunify Status: Active Nov 9 09:25:35 server83 scripts.sh: cPanel Status: active Nov 9 09:25:35 server83 scripts.sh: Memory Status: 12/31 GB - 40.59% Nov 9 09:25:35 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 09:25:35 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 09:25:35 server83 scripts.sh: Local Version: 4.4.5 Nov 9 09:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53182 SEQ=1 Nov 9 09:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6549 SEQ=1 Nov 9 09:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53182 SEQ=1 Nov 9 09:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6549 SEQ=1 Nov 9 09:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30712 SEQ=1 Nov 9 09:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60830 SEQ=1 Nov 9 09:25:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:25:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:25:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50547 PROTO=TCP SPT=50373 DPT=7045 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3930 SEQ=1 Nov 9 09:25:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62411 PROTO=TCP SPT=61000 DPT=29414 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=128.9.29.128 DST=145.239.177.179 LEN=32 TOS=0x00 PREC=0x00 TTL=48 ID=22446 DF PROTO=ICMP TYPE=8 CODE=0 ID=30745 SEQ=3393 Nov 9 09:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25081 SEQ=1 Nov 9 09:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7781 SEQ=1 Nov 9 09:25:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.100.36.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x20 TTL=50 ID=46742 DF PROTO=TCP SPT=43748 DPT=5960 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:25:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.142.123 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=44806 DF PROTO=UDP SPT=19304 DPT=64851 LEN=16 Nov 9 09:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49885 SEQ=1 Nov 9 09:25:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.143.152.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46863 DPT=22999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:26:01 server83 systemd: Started Session 309722 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309723 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309721 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309724 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309725 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309726 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309727 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309728 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309729 of user root. Nov 9 09:26:01 server83 systemd: Started Session 309730 of user root. Nov 9 09:26:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2770 PROTO=TCP SPT=38311 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2771 PROTO=TCP SPT=38311 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.23.251.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=20740 PROTO=TCP SPT=61010 DPT=8090 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.23 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50758 DPT=39300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53439 PROTO=TCP SPT=41397 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2772 PROTO=TCP SPT=38311 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31535 SEQ=1 Nov 9 09:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25705 SEQ=1 Nov 9 09:26:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53440 PROTO=TCP SPT=41397 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17859 SEQ=1 Nov 9 09:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7454 SEQ=1 Nov 9 09:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48693 SEQ=1 Nov 9 09:26:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53442 PROTO=TCP SPT=41397 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=473 SEQ=1 Nov 9 09:26:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51969 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:26:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13999 SEQ=1 Nov 9 09:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33551 SEQ=1 Nov 9 09:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.44.189.204 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=167 DF PROTO=ICMP TYPE=8 CODE=0 ID=25502 SEQ=29945 Nov 9 09:26:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52256 SEQ=1 Nov 9 09:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38000 SEQ=1 Nov 9 09:26:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5634 SEQ=1 Nov 9 09:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56996 SEQ=1 Nov 9 09:26:33 server83 aibolit_wrapper[8319]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626605937022644.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626605937023972.txt --log=/tmp/malware_cleaner_log_17626605937025148.txt --progress=/tmp/malware_cleaner_progress_17626605937024834.json --csv_result=/tmp/revisium_csvfile_17626605937024978.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:26:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.91 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54975 DPT=40005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:26:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43592 SEQ=1 Nov 9 09:26:38 server83 aibolit_wrapper[8441]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626605980862774.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626605980864032.txt --log=/tmp/malware_cleaner_log_17626605980865316.txt --progress=/tmp/malware_cleaner_progress_17626605980864990.json --csv_result=/tmp/revisium_csvfile_17626605980865136.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62764 SEQ=1 Nov 9 09:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.148.190.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=18498 PROTO=TCP SPT=45719 DPT=30589 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:26:42 server83 aibolit_wrapper[8559]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626606023505884.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626606023506700.txt --log=/tmp/malware_cleaner_log_17626606023507610.txt --progress=/tmp/malware_cleaner_progress_17626606023507392.json --csv_result=/tmp/revisium_csvfile_17626606023507502.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:26:48 server83 aibolit_wrapper[8735]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626606081499638.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626606081500740.txt --log=/tmp/malware_cleaner_log_17626606081502204.txt --progress=/tmp/malware_cleaner_progress_17626606081501772.json --csv_result=/tmp/revisium_csvfile_17626606081501970.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:26:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60624 PROTO=TCP SPT=42196 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60625 PROTO=TCP SPT=42196 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=50579 PROTO=TCP SPT=44229 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:26:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=16310 PROTO=TCP SPT=47905 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60626 PROTO=TCP SPT=42196 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33056 SEQ=1 Nov 9 09:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6993 SEQ=1 Nov 9 09:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6993 SEQ=1 Nov 9 09:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20926 SEQ=1 Nov 9 09:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30612 SEQ=1 Nov 9 09:26:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=50580 PROTO=TCP SPT=44229 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:52 server83 aibolit_wrapper[8884]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626606124967888.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626606124969328.txt --log=/tmp/malware_cleaner_log_17626606124971292.txt --progress=/tmp/malware_cleaner_progress_17626606124970854.json --csv_result=/tmp/revisium_csvfile_17626606124971084.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:26:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=16312 PROTO=TCP SPT=47905 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:26:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38839 SEQ=1 Nov 9 09:26:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=16314 PROTO=TCP SPT=47905 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:27:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52475 PROTO=TCP SPT=57873 DPT=3767 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:27:01 server83 systemd: Started Session 309731 of user root. Nov 9 09:27:01 server83 systemd: Started Session 309732 of user root. Nov 9 09:27:01 server83 systemd: Started Session 309734 of user root. Nov 9 09:27:01 server83 systemd: Started Session 309735 of user root. Nov 9 09:27:02 server83 systemd: Started Session 309736 of user root. Nov 9 09:27:02 server83 systemd: Started Session 309733 of user root. Nov 9 09:27:02 server83 systemd: Started Session 309739 of user root. Nov 9 09:27:02 server83 systemd: Started Session 309738 of user root. Nov 9 09:27:02 server83 systemd: Started Session 309737 of user root. Nov 9 09:27:02 server83 systemd: Started Session 309740 of user root. Nov 9 09:27:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37975 SEQ=1 Nov 9 09:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17306 SEQ=1 Nov 9 09:27:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43199 DPT=27000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32781 SEQ=1 Nov 9 09:27:08 server83 aibolit_wrapper[9346]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626606287040818.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626606287042050.txt --log=/tmp/malware_cleaner_log_17626606287043452.txt --progress=/tmp/malware_cleaner_progress_17626606287043056.json --csv_result=/tmp/revisium_csvfile_17626606287043256.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39571 SEQ=1 Nov 9 09:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64156 SEQ=1 Nov 9 09:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7475 SEQ=1 Nov 9 09:27:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:27:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:27:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54829 PROTO=TCP SPT=43479 DPT=1186 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:27:13 server83 aibolit_wrapper[9493]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626606339774804.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626606339776238.txt --log=/tmp/malware_cleaner_log_17626606339777680.txt --progress=/tmp/malware_cleaner_progress_17626606339777262.json --csv_result=/tmp/revisium_csvfile_17626606339777436.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:27:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=27476 PROTO=TCP SPT=56834 DPT=698 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:27:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58227 SEQ=1 Nov 9 09:27:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10360 SEQ=1 Nov 9 09:27:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.62 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56661 DPT=181 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:27:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5677 SEQ=1 Nov 9 09:27:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5677 SEQ=1 Nov 9 09:27:24 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 09:27:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54408 DPT=48927 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:27:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:27:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15094 SEQ=1 Nov 9 09:27:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=22988 PROTO=TCP SPT=59419 DPT=26860 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19219 SEQ=1 Nov 9 09:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14172 SEQ=1 Nov 9 09:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=137 SEQ=1 Nov 9 09:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10699 SEQ=1 Nov 9 09:27:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3542 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:27:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48840 DPT=10800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:27:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.173.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=7830 DF PROTO=TCP SPT=39395 DPT=104 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16495 PROTO=TCP SPT=43739 DPT=2776 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:27:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.requests: ProactiveModel.Host should not be empty Nov 9 09:27:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54262 SEQ=1 Nov 9 09:27:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32449 PROTO=TCP SPT=50180 DPT=4288 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43595 SEQ=1 Nov 9 09:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15752 SEQ=1 Nov 9 09:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49648 SEQ=1 Nov 9 09:27:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.32 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=1696 PROTO=TCP SPT=27703 DPT=29192 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34453 SEQ=1 Nov 9 09:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8319 SEQ=1 Nov 9 09:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7063 SEQ=1 Nov 9 09:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.254 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55023 DPT=1102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:27:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.155.84 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=49 ID=29234 DF PROTO=UDP SPT=19327 DPT=19327 LEN=16 Nov 9 09:27:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23044 PROTO=TCP SPT=45727 DPT=33026 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:27:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33825 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:01 server83 systemd: Started Session 309741 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309744 of user root. Nov 9 09:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 09:28:01 server83 systemd: Started Session 309743 of user metalarts. Nov 9 09:28:01 server83 systemd: Started Session 309745 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309742 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309746 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309747 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309748 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309749 of user root. Nov 9 09:28:01 server83 systemd: Started Session 309750 of user root. Nov 9 09:28:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 09:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46689 SEQ=1 Nov 9 09:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2797 SEQ=1 Nov 9 09:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63455 SEQ=1 Nov 9 09:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46689 SEQ=1 Nov 9 09:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50418 SEQ=1 Nov 9 09:28:10 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:28:10 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:28:10 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:28:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.149.19 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=49756 PROTO=TCP SPT=48308 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 09:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 09:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36959 SEQ=1 Nov 9 09:28:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47473 DPT=447 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64834 SEQ=1 Nov 9 09:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46918 SEQ=1 Nov 9 09:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17247 SEQ=1 Nov 9 09:28:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.250 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54266 DPT=8866 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23571 SEQ=1 Nov 9 09:28:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12154 SEQ=1 Nov 9 09:28:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50480 SEQ=1 Nov 9 09:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6799 SEQ=1 Nov 9 09:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6799 SEQ=1 Nov 9 09:28:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.117 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56227 DPT=12443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.41.182 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=7025 DF PROTO=TCP SPT=40180 DPT=2144 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:28:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60831 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.236.176.54 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=33367 DF PROTO=TCP SPT=40121 DPT=2052 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:28:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:28:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37155 PROTO=TCP SPT=49956 DPT=29714 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:28:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.236.176.54 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=33368 DF PROTO=TCP SPT=40121 DPT=2052 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.236.176.54 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=33369 DF PROTO=TCP SPT=40121 DPT=2052 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:28:42 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:28:42 server83 systemd: Stopped Status Update Service. Nov 9 09:28:42 server83 systemd: Started Status Update Service. Nov 9 09:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.171 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=36941 DPT=447 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.55.151.3 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13077 DF PROTO=TCP SPT=41261 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:28:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.55.151.3 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13078 DF PROTO=TCP SPT=41261 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62181 PROTO=TCP SPT=49956 DPT=27273 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:28:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.55.151.3 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13079 DF PROTO=TCP SPT=41261 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.55.151.3 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13080 DF PROTO=TCP SPT=41261 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=59.125.215.94 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=20721 PROTO=TCP SPT=40720 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:28:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.55.151.3 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13081 DF PROTO=TCP SPT=41261 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:28:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15667 SEQ=1 Nov 9 09:28:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15436 SEQ=1 Nov 9 09:28:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15436 SEQ=1 Nov 9 09:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13649 SEQ=1 Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4563] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4568] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4569] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4573] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4584] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4587] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:28:59 server83 NetworkManager[922]: <info> [1762660739.4599] dhcp4 (eth1): dhclient started with pid 12212 Nov 9 09:28:59 server83 dhclient[12212]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4cc0cc1d) Nov 9 09:29:01 server83 systemd: Started Session 309751 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309752 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309754 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309753 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309755 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309757 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309759 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309756 of user root. Nov 9 09:29:01 server83 systemd: Started Session 309758 of user root. Nov 9 09:29:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12841 DF PROTO=TCP SPT=64935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12842 DF PROTO=TCP SPT=64935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12843 DF PROTO=TCP SPT=64935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:06 server83 dhclient[12212]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4cc0cc1d) Nov 9 09:29:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40913 SEQ=1 Nov 9 09:29:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40913 SEQ=1 Nov 9 09:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31517 SEQ=1 Nov 9 09:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27482 SEQ=1 Nov 9 09:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25642 SEQ=1 Nov 9 09:29:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12844 DF PROTO=TCP SPT=64935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3533 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:29:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3541 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:29:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=46961 PROTO=TCP SPT=56256 DPT=8005 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:29:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47260 SEQ=1 Nov 9 09:29:17 server83 dhclient[12212]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x4cc0cc1d) Nov 9 09:29:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12845 DF PROTO=TCP SPT=64935 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33266 SEQ=1 Nov 9 09:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49349 SEQ=1 Nov 9 09:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5057 SEQ=1 Nov 9 09:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5057 SEQ=1 Nov 9 09:29:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55564 PROTO=TCP SPT=44715 DPT=8089 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:29:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36786 SEQ=1 Nov 9 09:29:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.189.223.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=50070 DF PROTO=TCP SPT=50355 DPT=2052 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 09:29:27 server83 dhclient[12212]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4cc0cc1d) Nov 9 09:29:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=47961 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:29:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36984 DPT=27000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52254 SEQ=1 Nov 9 09:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22091 SEQ=1 Nov 9 09:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20293 SEQ=1 Nov 9 09:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47286 SEQ=1 Nov 9 09:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52254 SEQ=1 Nov 9 09:29:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=45152 PROTO=TCP SPT=59444 DPT=307 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:29:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.156 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33068 PROTO=TCP SPT=60214 DPT=32546 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:29:42 server83 dhclient[12212]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x4cc0cc1d) Nov 9 09:29:44 server83 NetworkManager[922]: <warn> [1762660784.4403] dhcp4 (eth1): request timed out Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4403] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4563] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12212 Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4563] dhcp4 (eth1): state changed timeout -> done Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4566] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:29:44 server83 NetworkManager[922]: <warn> [1762660784.4571] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4574] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4608] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4613] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4614] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4617] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4627] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4630] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:29:44 server83 NetworkManager[922]: <info> [1762660784.4641] dhcp4 (eth1): dhclient started with pid 13258 Nov 9 09:29:44 server83 dhclient[13258]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1bb8773c) Nov 9 09:29:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12846 DF PROTO=TCP SPT=49566 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12847 DF PROTO=TCP SPT=49566 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:29:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12848 DF PROTO=TCP SPT=49566 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=906 SEQ=1 Nov 9 09:29:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10000 PROTO=TCP SPT=43448 DPT=2679 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59147 SEQ=1 Nov 9 09:29:52 server83 dhclient[13258]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1bb8773c) Nov 9 09:29:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12849 DF PROTO=TCP SPT=49566 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63332 SEQ=1 Nov 9 09:29:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57183 PROTO=TCP SPT=54745 DPT=4481 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:29:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63367 SEQ=1 Nov 9 09:29:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=29783 PROTO=TCP SPT=56753 DPT=8100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:30:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12850 DF PROTO=TCP SPT=49566 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:01 server83 systemd: Started Session 309762 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309763 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309761 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309760 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309764 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309765 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309767 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309766 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309770 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309771 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309769 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309768 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309774 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309773 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309772 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309775 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309776 of user root. Nov 9 09:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 09:30:01 server83 systemd: Started Session 309777 of user sanatanhinduvahi. Nov 9 09:30:01 server83 systemd: Started Session 309779 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309778 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309780 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309782 of user root. Nov 9 09:30:01 server83 systemd: Started Session 309781 of user root. Nov 9 09:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 09:30:04 server83 dhclient[13258]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1bb8773c) Nov 9 09:30:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3469 SEQ=1 Nov 9 09:30:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1425 SEQ=1 Nov 9 09:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14750 SEQ=1 Nov 9 09:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9043 SEQ=1 Nov 9 09:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=49.12.66.195 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=59213 DF PROTO=ICMP TYPE=8 CODE=0 ID=43476 SEQ=38315 Nov 9 09:30:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12851 DF PROTO=TCP SPT=50153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12852 DF PROTO=TCP SPT=50153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:07 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:07 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:30:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6351 SEQ=1 Nov 9 09:30:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12853 DF PROTO=TCP SPT=50153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12854 DF PROTO=TCP SPT=50237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12855 DF PROTO=TCP SPT=50237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:11 server83 dhclient[13258]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1bb8773c) Nov 9 09:30:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12856 DF PROTO=TCP SPT=50237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12857 DF PROTO=TCP SPT=50153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:30:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12858 DF PROTO=TCP SPT=50237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7374 SEQ=1 Nov 9 09:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53810 SEQ=1 Nov 9 09:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53810 SEQ=1 Nov 9 09:30:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43541 PROTO=TCP SPT=48767 DPT=6651 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:30:18 server83 dhclient[13258]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x1bb8773c) Nov 9 09:30:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21318 SEQ=1 Nov 9 09:30:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65142 SEQ=1 Nov 9 09:30:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29540 SEQ=1 Nov 9 09:30:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.161 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=44463 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:30:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2427 SEQ=1 Nov 9 09:30:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12859 DF PROTO=TCP SPT=50153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12860 DF PROTO=TCP SPT=50237 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:30:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.136.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=30 ID=0 DF PROTO=TCP SPT=48889 DPT=6012 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:30:29 server83 NetworkManager[922]: <warn> [1762660829.4486] dhcp4 (eth1): request timed out Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4486] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4646] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13258 Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4646] dhcp4 (eth1): state changed timeout -> done Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4649] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:30:29 server83 NetworkManager[922]: <warn> [1762660829.4655] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4657] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4691] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4696] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4697] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4702] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4713] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4716] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:30:29 server83 NetworkManager[922]: <info> [1762660829.4728] dhcp4 (eth1): dhclient started with pid 17116 Nov 9 09:30:29 server83 dhclient[17116]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5981f947) Nov 9 09:30:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.121 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53452 DPT=3006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:30:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3540 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25831 SEQ=1 Nov 9 09:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25831 SEQ=1 Nov 9 09:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.199.18.204 DST=145.239.177.179 LEN=34 TOS=0x00 PREC=0x00 TTL=46 ID=33874 PROTO=ICMP TYPE=8 CODE=0 ID=33874 SEQ=0 Nov 9 09:30:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7190 SEQ=1 Nov 9 09:30:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=50936 PROTO=TCP SPT=33173 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=50937 PROTO=TCP SPT=33173 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47708 SEQ=1 Nov 9 09:30:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46993 SEQ=1 Nov 9 09:30:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=53146 DF PROTO=ICMP TYPE=8 CODE=0 ID=33017 SEQ=51525 Nov 9 09:30:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2669 SEQ=1 Nov 9 09:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21104 PROTO=TCP SPT=37627 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=50938 PROTO=TCP SPT=33173 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:37 server83 dhclient[17116]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x5981f947) Nov 9 09:30:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21105 PROTO=TCP SPT=37627 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=50939 PROTO=TCP SPT=33173 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21106 PROTO=TCP SPT=37627 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21108 PROTO=TCP SPT=37627 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:30:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=30740 PROTO=TCP SPT=46201 DPT=5684 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:30:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12355 PROTO=TCP SPT=55665 DPT=23338 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:30:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:30:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3539 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:30:48 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.56 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=46 ID=60134 DF PROTO=UDP SPT=42074 DPT=4500 LEN=60 Nov 9 09:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25757 SEQ=1 Nov 9 09:30:49 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50447 SEQ=1 Nov 9 09:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63141 SEQ=1 Nov 9 09:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14991 SEQ=1 Nov 9 09:30:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51279 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:30:53 server83 dhclient[17116]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x5981f947) Nov 9 09:30:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.42.212.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50160 DF PROTO=TCP SPT=50365 DPT=9001 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 09:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48597 SEQ=1 Nov 9 09:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48597 SEQ=1 Nov 9 09:30:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:30:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16383 PROTO=TCP SPT=54274 DPT=8953 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:31:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.162.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=33 ID=0 DF PROTO=TCP SPT=35271 DPT=6012 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:31:01 server83 systemd: Started Session 309783 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309785 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309784 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309786 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309790 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309789 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309787 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309788 of user root. Nov 9 09:31:01 server83 systemd: Started Session 309791 of user root. Nov 9 09:31:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45745 PROTO=TCP SPT=40692 DPT=5234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:31:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51397 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:31:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53008 SEQ=1 Nov 9 09:31:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5267 SEQ=1 Nov 9 09:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12986 SEQ=1 Nov 9 09:31:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29499 SEQ=1 Nov 9 09:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.192 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55853 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52027 SEQ=1 Nov 9 09:31:14 server83 NetworkManager[922]: <warn> [1762660874.4502] dhcp4 (eth1): request timed out Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17116 Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:31:14 server83 NetworkManager[922]: <warn> [1762660874.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4782] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4785] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4785] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4788] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4797] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4799] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:31:14 server83 NetworkManager[922]: <info> [1762660874.4811] dhcp4 (eth1): dhclient started with pid 22758 Nov 9 09:31:14 server83 dhclient[22758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x41fe15f9) Nov 9 09:31:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3538 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:31:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63720 SEQ=1 Nov 9 09:31:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11146 SEQ=1 Nov 9 09:31:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37664 SEQ=1 Nov 9 09:31:20 server83 dhclient[22758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x41fe15f9) Nov 9 09:31:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20864 PROTO=TCP SPT=46370 DPT=2769 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12210 SEQ=1 Nov 9 09:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9779 SEQ=1 Nov 9 09:31:27 server83 dhclient[22758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x41fe15f9) Nov 9 09:31:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36942 SEQ=1 Nov 9 09:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54856 SEQ=1 Nov 9 09:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44744 SEQ=1 Nov 9 09:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30354 SEQ=1 Nov 9 09:31:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53395 SEQ=1 Nov 9 09:31:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.92 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=60480 PROTO=TCP SPT=51827 DPT=5908 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:31:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.117.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=39615 PROTO=TCP SPT=48593 DPT=1080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:31:35 server83 dhclient[22758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x41fe15f9) Nov 9 09:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4155 SEQ=1 Nov 9 09:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14702 SEQ=1 Nov 9 09:31:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13284 PROTO=TCP SPT=46370 DPT=2296 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:31:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:31:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22559 SEQ=1 Nov 9 09:31:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.123.252 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=46775 DPT=981 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5821 SEQ=1 Nov 9 09:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50359 SEQ=1 Nov 9 09:31:52 server83 dhclient[22758]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x41fe15f9) Nov 9 09:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49193 SEQ=1 Nov 9 09:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65386 SEQ=1 Nov 9 09:31:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49064 PROTO=TCP SPT=45727 DPT=30968 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:31:59 server83 NetworkManager[922]: <warn> [1762660919.4503] dhcp4 (eth1): request timed out Nov 9 09:31:59 server83 NetworkManager[922]: <info> [1762660919.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:31:59 server83 NetworkManager[922]: <info> [1762660919.4662] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22758 Nov 9 09:31:59 server83 NetworkManager[922]: <info> [1762660919.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 09:31:59 server83 NetworkManager[922]: <info> [1762660919.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:31:59 server83 NetworkManager[922]: <warn> [1762660919.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:31:59 server83 NetworkManager[922]: <info> [1762660919.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:32:01 server83 systemd: Started Session 309792 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309793 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309794 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309795 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309796 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309797 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309798 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309799 of user root. Nov 9 09:32:01 server83 systemd: Started Session 309800 of user root. Nov 9 09:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18620 SEQ=1 Nov 9 09:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18620 SEQ=1 Nov 9 09:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11449 SEQ=1 Nov 9 09:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20024 SEQ=1 Nov 9 09:32:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54139 SEQ=1 Nov 9 09:32:04 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.248 DST=145.239.177.179 LEN=56 TOS=0x00 PREC=0x00 TTL=34 ID=2904 PROTO=UDP SPT=46568 DPT=14147 LEN=36 Nov 9 09:32:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:32:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.113 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=5024 DF PROTO=TCP SPT=22519 DPT=8010 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:32:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3532 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:32:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39879 PROTO=TCP SPT=56256 DPT=8017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:32:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15423 SEQ=1 Nov 9 09:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24204 SEQ=1 Nov 9 09:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59440 SEQ=1 Nov 9 09:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57138 SEQ=1 Nov 9 09:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37276 SEQ=1 Nov 9 09:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59440 SEQ=1 Nov 9 09:32:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4377 PROTO=TCP SPT=56949 DPT=8500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:32:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33941 PROTO=TCP SPT=49956 DPT=25836 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12470 SEQ=1 Nov 9 09:32:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13269 PROTO=TCP SPT=57873 DPT=35162 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13497 SEQ=1 Nov 9 09:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61010 SEQ=1 Nov 9 09:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44525 SEQ=1 Nov 9 09:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53804 SEQ=1 Nov 9 09:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11420 SEQ=1 Nov 9 09:32:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.144 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=53296 PROTO=TCP SPT=35962 DPT=2049 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:32:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52452 DPT=8020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:32:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21179 SEQ=1 Nov 9 09:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1375 SEQ=1 Nov 9 09:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28077 SEQ=1 Nov 9 09:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55041 SEQ=1 Nov 9 09:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28917 SEQ=1 Nov 9 09:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28077 SEQ=1 Nov 9 09:32:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=137.184.190.176 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=5859 PROTO=TCP SPT=61012 DPT=8888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:32:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55041 SEQ=1 Nov 9 09:32:57 server83 scripts.sh: Sun Nov 9 09:32:57 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 09:32:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.17 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=11980 PROTO=TCP SPT=26200 DPT=9099 WINDOW=7722 RES=0x00 SYN URGP=0 Nov 9 09:33:01 server83 systemd: Started Session 309801 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309802 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309803 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309805 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309808 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309807 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309806 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309809 of user root. Nov 9 09:33:01 server83 systemd: Started Session 309804 of user root. Nov 9 09:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11116 SEQ=1 Nov 9 09:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33986 SEQ=1 Nov 9 09:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56578 SEQ=1 Nov 9 09:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5369 SEQ=1 Nov 9 09:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14679 SEQ=1 Nov 9 09:33:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:33:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:33:12 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:33:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=4188 PROTO=TCP SPT=56033 DPT=7717 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:33:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5336 SEQ=1 Nov 9 09:33:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2535 SEQ=1 Nov 9 09:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45018 SEQ=1 Nov 9 09:33:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=537 SEQ=1 Nov 9 09:33:19 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=174.143.210.57 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=47 ID=28308 DF PROTO=UDP SPT=60552 DPT=11211 LEN=39 Nov 9 09:33:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.84 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55236 DPT=3392 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45635 SEQ=1 Nov 9 09:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45018 SEQ=1 Nov 9 09:33:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.159 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45395 DPT=8001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:33:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.217.0.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=35341 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:33:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:33:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24513 SEQ=1 Nov 9 09:33:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1910 SEQ=1 Nov 9 09:33:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47535 PROTO=TCP SPT=56616 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8821 SEQ=1 Nov 9 09:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8699 SEQ=1 Nov 9 09:33:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47536 PROTO=TCP SPT=56616 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12013 PROTO=TCP SPT=59000 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47537 PROTO=TCP SPT=56616 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12014 PROTO=TCP SPT=59000 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=47538 PROTO=TCP SPT=56616 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53764 SEQ=1 Nov 9 09:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:33:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12015 PROTO=TCP SPT=59000 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12017 PROTO=TCP SPT=59000 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:33:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=49452 DF PROTO=TCP SPT=58335 DPT=22846 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:33:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62978 SEQ=1 Nov 9 09:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2530 SEQ=1 Nov 9 09:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16442 SEQ=1 Nov 9 09:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=62385 DF PROTO=ICMP TYPE=8 CODE=0 ID=29526 SEQ=49522 Nov 9 09:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54922 SEQ=1 Nov 9 09:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17723 SEQ=1 Nov 9 09:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61880 PROTO=TCP SPT=33808 DPT=5530 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:33:57 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=183.215.74.6 DST=51.210.113.204 LEN=28 TOS=0x00 PREC=0x00 TTL=226 ID=28164 PROTO=UDP SPT=31534 DPT=853 LEN=8 Nov 9 09:33:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.202.104.71 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=56434 PROTO=TCP SPT=57203 DPT=9042 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:33:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61218 PROTO=TCP SPT=47737 DPT=8899 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:34:01 server83 systemd: Started Session 309811 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309810 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309812 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309813 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309814 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309815 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309816 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309818 of user root. Nov 9 09:34:01 server83 systemd: Started Session 309817 of user root. Nov 9 09:34:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61665 SEQ=1 Nov 9 09:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51606 SEQ=1 Nov 9 09:34:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.169 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52817 DPT=47685 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51606 SEQ=1 Nov 9 09:34:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61529 SEQ=1 Nov 9 09:34:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48800 SEQ=1 Nov 9 09:34:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=725 SEQ=1 Nov 9 09:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2319 SEQ=1 Nov 9 09:34:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18029 PROTO=TCP SPT=37174 DPT=8924 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:34:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.8.180.119 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=22997 DF PROTO=ICMP TYPE=8 CODE=0 ID=5695 SEQ=11063 Nov 9 09:34:23 server83 pam_imunify_daemon.bin: time="2025-11-09T09:34:23+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33333 SEQ=1 Nov 9 09:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58419 SEQ=1 Nov 9 09:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4657 SEQ=1 Nov 9 09:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24326 SEQ=1 Nov 9 09:34:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.129.151 DST=51.210.113.204 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=6307 DF PROTO=TCP SPT=46609 DPT=1697 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:34:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=14770 PROTO=TCP SPT=59419 DPT=33068 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:34:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19407 PROTO=TCP SPT=45727 DPT=34220 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:34:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46916 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35431 SEQ=1 Nov 9 09:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34307 SEQ=1 Nov 9 09:34:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35431 SEQ=1 Nov 9 09:34:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12849 PROTO=TCP SPT=56869 DPT=5212 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:34:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37181 SEQ=1 Nov 9 09:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17185 SEQ=1 Nov 9 09:34:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43822 PROTO=TCP SPT=47539 DPT=4301 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59480 SEQ=1 Nov 9 09:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26266 SEQ=1 Nov 9 09:34:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29117 SEQ=1 Nov 9 09:34:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59203 PROTO=TCP SPT=43448 DPT=2571 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:34:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=65193 DF PROTO=ICMP TYPE=8 CODE=0 ID=63114 SEQ=63360 Nov 9 09:34:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42428 SEQ=1 Nov 9 09:34:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=106.75.128.244 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=20347 PROTO=TCP SPT=58914 DPT=9083 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11605 SEQ=1 Nov 9 09:34:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=43571 PROTO=TCP SPT=59419 DPT=32446 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:34:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42879 PROTO=TCP SPT=49956 DPT=28003 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:34:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:34:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11441 PROTO=TCP SPT=43448 DPT=2757 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:35:01 server83 systemd: Started Session 309821 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309820 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309823 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309826 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309819 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309827 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309822 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309828 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309825 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309824 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309829 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309830 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309831 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309832 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309834 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309835 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309833 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309836 of user root. Nov 9 09:35:01 server83 systemd: Started Session 309837 of user root. Nov 9 09:35:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3530 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.33 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63777 PROTO=TCP SPT=44695 DPT=37232 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:35:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46757 SEQ=1 Nov 9 09:35:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46868 SEQ=1 Nov 9 09:35:05 server83 systemd: Started Session c2861 of user root. Nov 9 09:35:05 server83 scripts.sh: Load Average: 5.19 , 3.94 Nov 9 09:35:05 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 09:35:05 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 09:35:05 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 09:35:05 server83 scripts.sh: HTTPD Status: inactive Nov 9 09:35:05 server83 scripts.sh: MySQL Status: active Nov 9 09:35:05 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 09:35:05 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 09:35:05 server83 scripts.sh: SSHD Status: active Nov 9 09:35:05 server83 scripts.sh: FTP Status: active Nov 9 09:35:05 server83 scripts.sh: LiteSpeed Status: Active Nov 9 09:35:05 server83 scripts.sh: Imunify Status: Active Nov 9 09:35:05 server83 scripts.sh: cPanel Status: active Nov 9 09:35:05 server83 scripts.sh: Memory Status: 12/31 GB - 39.29% Nov 9 09:35:05 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 09:35:05 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 09:35:05 server83 scripts.sh: Local Version: 4.4.5 Nov 9 09:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52596 SEQ=1 Nov 9 09:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52596 SEQ=1 Nov 9 09:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.31 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51494 DPT=2804 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:35:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=51200 PROTO=TCP SPT=56749 DPT=8320 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34247 SEQ=1 Nov 9 09:35:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.193 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=18617 PROTO=TCP SPT=53904 DPT=24439 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3529 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9675 SEQ=1 Nov 9 09:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22337 SEQ=1 Nov 9 09:35:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=49346 DF PROTO=ICMP TYPE=8 CODE=0 ID=6838 SEQ=9256 Nov 9 09:35:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1357 SEQ=1 Nov 9 09:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22337 SEQ=1 Nov 9 09:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31520 SEQ=1 Nov 9 09:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9163 SEQ=1 Nov 9 09:35:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3537 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9163 SEQ=1 Nov 9 09:35:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4318 PROTO=TCP SPT=59935 DPT=6170 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:35:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.156.128.169 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=46043 PROTO=TCP SPT=13058 DPT=9092 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64024 SEQ=1 Nov 9 09:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40997 SEQ=1 Nov 9 09:35:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3536 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40997 SEQ=1 Nov 9 09:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64024 SEQ=1 Nov 9 09:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41444 SEQ=1 Nov 9 09:35:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.224.215.23 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=49374 PROTO=TCP SPT=4128 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:35:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.224.215.23 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=49374 PROTO=TCP SPT=4128 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.13.100.252 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=15062 DF PROTO=ICMP TYPE=8 CODE=0 ID=57894 SEQ=33459 Nov 9 09:35:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46761 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:35:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:35:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3528 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:35:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.247.243 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51022 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:35:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33136 SEQ=1 Nov 9 09:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35993 SEQ=1 Nov 9 09:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2566 SEQ=1 Nov 9 09:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2847 SEQ=1 Nov 9 09:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42513 SEQ=1 Nov 9 09:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47825 SEQ=1 Nov 9 09:35:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.184.122.84 DST=51.210.113.204 LEN=110 TOS=0x00 PREC=0x00 TTL=48 ID=54486 DF PROTO=UDP SPT=5086 DPT=8083 LEN=90 Nov 9 09:36:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:36:00 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:36:01 server83 systemd: Started Session 309841 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309838 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309839 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309842 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309840 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309843 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309844 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309845 of user root. Nov 9 09:36:01 server83 systemd: Started Session 309846 of user root. Nov 9 09:36:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53293 SEQ=1 Nov 9 09:36:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38381 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53293 SEQ=1 Nov 9 09:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62865 SEQ=1 Nov 9 09:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46333 SEQ=1 Nov 9 09:36:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:36:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38369 PROTO=TCP SPT=57143 DPT=8600 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30265 SEQ=1 Nov 9 09:36:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46333 SEQ=1 Nov 9 09:36:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.126.211 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=49670 PROTO=TCP SPT=42054 DPT=9042 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:36:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.134 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=47686 PROTO=TCP SPT=22686 DPT=2608 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:36:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=29622 DF PROTO=TCP SPT=20965 DPT=8314 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:36:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.54.31.40 DST=145.239.177.179 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=54174 PROTO=TCP SPT=19330 DPT=2762 WINDOW=64518 RES=0x00 SYN URGP=0 Nov 9 09:36:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7459 PROTO=TCP SPT=45727 DPT=31363 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3534 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:36:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36611 SEQ=1 Nov 9 09:36:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3535 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:36:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30170 SEQ=1 Nov 9 09:36:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4272 SEQ=1 Nov 9 09:36:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4272 SEQ=1 Nov 9 09:36:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30170 SEQ=1 Nov 9 09:36:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36611 SEQ=1 Nov 9 09:36:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.106.10 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=44381 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11843 SEQ=1 Nov 9 09:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19332 SEQ=1 Nov 9 09:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32979 SEQ=1 Nov 9 09:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=53168 DF PROTO=ICMP TYPE=8 CODE=0 ID=29706 SEQ=42294 Nov 9 09:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17244 PROTO=TCP SPT=39731 DPT=8463 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:36:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13827 SEQ=1 Nov 9 09:36:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43329 SEQ=1 Nov 9 09:36:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22200 SEQ=1 Nov 9 09:36:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54235 PROTO=TCP SPT=56185 DPT=7921 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:36:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:36:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12861 DF PROTO=TCP SPT=58221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:36:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12862 DF PROTO=TCP SPT=58221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:36:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12863 DF PROTO=TCP SPT=58221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41773 SEQ=1 Nov 9 09:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20319 SEQ=1 Nov 9 09:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53032 SEQ=1 Nov 9 09:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12886 SEQ=1 Nov 9 09:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38894 SEQ=1 Nov 9 09:36:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12864 DF PROTO=TCP SPT=58221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:36:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51960 SEQ=1 Nov 9 09:36:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=4971 PROTO=TCP SPT=33832 DPT=2107 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4965] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4969] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4970] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4974] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4984] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4987] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:36:59 server83 NetworkManager[922]: <info> [1762661219.4999] dhcp4 (eth1): dhclient started with pid 1505 Nov 9 09:36:59 server83 dhclient[1505]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x150fa02f) Nov 9 09:37:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7403 SEQ=1 Nov 9 09:37:01 server83 systemd: Started Session 309847 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309848 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309852 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309851 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309849 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309853 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309850 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309854 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309855 of user root. Nov 9 09:37:01 server83 systemd: Started Session 309856 of user root. Nov 9 09:37:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19570 SEQ=1 Nov 9 09:37:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27074 SEQ=1 Nov 9 09:37:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12865 DF PROTO=TCP SPT=58221 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:37:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36712 SEQ=1 Nov 9 09:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33714 DF PROTO=TCP SPT=37692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33715 DF PROTO=TCP SPT=37692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:07 server83 dhclient[1505]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x150fa02f) Nov 9 09:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33716 DF PROTO=TCP SPT=37692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.141 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=58461 PROTO=TCP SPT=38024 DPT=26404 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:37:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33717 DF PROTO=TCP SPT=37692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31090 DF PROTO=TCP SPT=49016 DPT=2548 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 09:37:15 server83 dhclient[1505]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x150fa02f) Nov 9 09:37:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31091 DF PROTO=TCP SPT=49016 DPT=2548 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 09:37:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46104 PROTO=TCP SPT=54739 DPT=2739 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:37:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31092 DF PROTO=TCP SPT=49016 DPT=2548 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 09:37:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=17800 DF PROTO=TCP SPT=49050 DPT=2548 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 09:37:18 server83 pam_imunify_daemon.bin: time="2025-11-09T09:37:18+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:37:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=122.8.181.121 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=38 ID=65211 DF PROTO=ICMP TYPE=8 CODE=0 ID=29588 SEQ=1865 Nov 9 09:37:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=17801 DF PROTO=TCP SPT=49050 DPT=2548 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 09:37:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.210 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9580 DF PROTO=TCP SPT=49056 DPT=2548 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 09:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15697 SEQ=1 Nov 9 09:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=34494 DF PROTO=ICMP TYPE=8 CODE=0 ID=60737 SEQ=57027 Nov 9 09:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59654 SEQ=1 Nov 9 09:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15697 SEQ=1 Nov 9 09:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22262 SEQ=1 Nov 9 09:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11933 SEQ=1 Nov 9 09:37:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:37:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.207.179 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=7857 DF PROTO=TCP SPT=46348 DPT=3574 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:37:29 server83 dhclient[1505]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x150fa02f) Nov 9 09:37:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=220.167.232.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=49095 PROTO=TCP SPT=39688 DPT=1521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:37:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57573 SEQ=1 Nov 9 09:37:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56848 SEQ=1 Nov 9 09:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38244 SEQ=1 Nov 9 09:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25552 SEQ=1 Nov 9 09:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45805 SEQ=1 Nov 9 09:37:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22404 PROTO=TCP SPT=49956 DPT=25488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:37:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.213.86 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5065 DF PROTO=TCP SPT=43043 DPT=1052 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33719 DF PROTO=TCP SPT=37692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25552 SEQ=1 Nov 9 09:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16468 DF PROTO=TCP SPT=35072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4009 PROTO=TCP SPT=56420 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16469 DF PROTO=TCP SPT=35072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=4010 PROTO=TCP SPT=56420 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:37:42 server83 dhclient[1505]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x150fa02f) Nov 9 09:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32122 PROTO=TCP SPT=41154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16470 DF PROTO=TCP SPT=35072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:44 server83 NetworkManager[922]: <warn> [1762661264.4505] dhcp4 (eth1): request timed out Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4505] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4584] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1505 Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4584] dhcp4 (eth1): state changed timeout -> done Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:37:44 server83 NetworkManager[922]: <warn> [1762661264.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4594] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4627] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4627] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4630] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4638] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4640] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:37:44 server83 NetworkManager[922]: <info> [1762661264.4649] dhcp4 (eth1): dhclient started with pid 7556 Nov 9 09:37:44 server83 dhclient[7556]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x305f301f) Nov 9 09:37:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32124 PROTO=TCP SPT=41154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:37:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32126 PROTO=TCP SPT=41154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:37:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:37:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.51 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52341 DPT=84 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:37:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:37:48 server83 dhclient[7556]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x305f301f) Nov 9 09:37:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.112 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=15799 PROTO=TCP SPT=34839 DPT=8150 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16472 DF PROTO=TCP SPT=35072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:37:56 server83 dhclient[7556]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x305f301f) Nov 9 09:37:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58171 PROTO=TCP SPT=54739 DPT=5605 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:37:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.237 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53166 DPT=9352 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:38:02 server83 systemd: Started Session 309857 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309858 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309859 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309860 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309861 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309863 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309862 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309864 of user root. Nov 9 09:38:02 server83 systemd: Started Session 309865 of user root. Nov 9 09:38:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.41.118 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=28706 PROTO=TCP SPT=53038 DPT=2107 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:38:04 server83 dhclient[7556]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x305f301f) Nov 9 09:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=138.197.174.233 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=23087 PROTO=TCP SPT=61007 DPT=15000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:38:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60277 SEQ=1 Nov 9 09:38:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58480 SEQ=1 Nov 9 09:38:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57003 SEQ=1 Nov 9 09:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27157 SEQ=1 Nov 9 09:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44722 SEQ=1 Nov 9 09:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11184 SEQ=1 Nov 9 09:38:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33720 DF PROTO=TCP SPT=37692 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:38:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16473 DF PROTO=TCP SPT=35072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:13 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:38:13 server83 systemd: Stopped Status Update Service. Nov 9 09:38:13 server83 systemd: Started Status Update Service. Nov 9 09:38:13 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:38:13 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:38:13 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:38:14 server83 dhclient[7556]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x305f301f) Nov 9 09:38:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44969 PROTO=TCP SPT=57873 DPT=29103 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45533 SEQ=1 Nov 9 09:38:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30685 PROTO=TCP SPT=49956 DPT=27798 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56668 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.205 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55070 DPT=10040 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 09:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 09:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56669 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28865 SEQ=1 Nov 9 09:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.191.209.74 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13036 PROTO=TCP SPT=40469 DPT=45500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13482 SEQ=1 Nov 9 09:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56670 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46957 SEQ=1 Nov 9 09:38:23 server83 dhclient[7556]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x305f301f) Nov 9 09:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40840 SEQ=1 Nov 9 09:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5912 SEQ=1 Nov 9 09:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51368 SEQ=1 Nov 9 09:38:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10102 PROTO=TCP SPT=49956 DPT=29162 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56671 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:29 server83 NetworkManager[922]: <warn> [1762661309.4503] dhcp4 (eth1): request timed out Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4824] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7556 Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4824] dhcp4 (eth1): state changed timeout -> done Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4826] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:38:29 server83 NetworkManager[922]: <warn> [1762661309.4831] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4833] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4864] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4867] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4868] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4871] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4882] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4884] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:38:29 server83 NetworkManager[922]: <info> [1762661309.4899] dhcp4 (eth1): dhclient started with pid 12908 Nov 9 09:38:29 server83 dhclient[12908]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x4febf284) Nov 9 09:38:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25653 PROTO=TCP SPT=56949 DPT=8515 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:38:32 server83 dhclient[12908]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x4febf284) Nov 9 09:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.91.254.244 DST=145.239.177.179 LEN=63 TOS=0x00 PREC=0x00 TTL=50 ID=26725 DF PROTO=ICMP TYPE=8 CODE=0 ID=4330 SEQ=28942 Nov 9 09:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43047 SEQ=1 Nov 9 09:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56672 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:35 server83 dhclient[12908]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4febf284) Nov 9 09:38:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12866 DF PROTO=TCP SPT=60933 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12867 DF PROTO=TCP SPT=60933 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38970 SEQ=1 Nov 9 09:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10075 SEQ=1 Nov 9 09:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61490 SEQ=1 Nov 9 09:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61213 SEQ=1 Nov 9 09:38:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12868 DF PROTO=TCP SPT=60933 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12869 DF PROTO=TCP SPT=61045 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.112.95 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=20344 PROTO=TCP SPT=60000 DPT=36322 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:38:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12870 DF PROTO=TCP SPT=61045 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:42 server83 dhclient[12908]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4febf284) Nov 9 09:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12871 DF PROTO=TCP SPT=61045 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12872 DF PROTO=TCP SPT=60933 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:38:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:38:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:38:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12873 DF PROTO=TCP SPT=61045 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.37 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=45397 PROTO=TCP SPT=13475 DPT=42687 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56673 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:38:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12874 DF PROTO=TCP SPT=60933 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9300 SEQ=1 Nov 9 09:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55536 SEQ=1 Nov 9 09:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41511 SEQ=1 Nov 9 09:38:53 server83 dhclient[12908]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4febf284) Nov 9 09:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41511 SEQ=1 Nov 9 09:38:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12875 DF PROTO=TCP SPT=61045 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:38:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=150.107.38.251 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=25752 PROTO=TCP SPT=58074 DPT=5440 WINDOW=64398 RES=0x00 SYN URGP=0 Nov 9 09:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12876 DF PROTO=TCP SPT=61519 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:39:01 server83 systemd: Started Session 309866 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309867 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309870 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309869 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309871 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309873 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309868 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309875 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309872 of user root. Nov 9 09:39:01 server83 systemd: Started Session 309874 of user root. Nov 9 09:39:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.220 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49893 DPT=33000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12877 DF PROTO=TCP SPT=61519 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:39:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12878 DF PROTO=TCP SPT=61519 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:39:05 server83 dhclient[12908]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4febf284) Nov 9 09:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34224 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12879 DF PROTO=TCP SPT=61519 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34225 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44422 SEQ=1 Nov 9 09:39:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52403 SEQ=1 Nov 9 09:39:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65162 SEQ=1 Nov 9 09:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65162 SEQ=1 Nov 9 09:39:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34226 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44422 SEQ=1 Nov 9 09:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34227 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=3046 PROTO=TCP SPT=11065 DPT=36168 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.75 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51130 DPT=86 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:14 server83 NetworkManager[922]: <warn> [1762661354.4444] dhcp4 (eth1): request timed out Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4444] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4604] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12908 Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4604] dhcp4 (eth1): state changed timeout -> done Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4605] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:39:14 server83 NetworkManager[922]: <warn> [1762661354.4609] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4611] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4640] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4643] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4643] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4646] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4655] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4657] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:39:14 server83 NetworkManager[922]: <info> [1762661354.4668] dhcp4 (eth1): dhclient started with pid 17176 Nov 9 09:39:14 server83 dhclient[17176]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0xf782e15) Nov 9 09:39:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12880 DF PROTO=TCP SPT=61519 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:39:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52982 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15828 SEQ=1 Nov 9 09:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24764 SEQ=1 Nov 9 09:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18791 SEQ=1 Nov 9 09:39:21 server83 dhclient[17176]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0xf782e15) Nov 9 09:39:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34228 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=8391 DF PROTO=ICMP TYPE=8 CODE=0 ID=64127 SEQ=9136 Nov 9 09:39:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=56674 DF PROTO=TCP SPT=42832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38737 SEQ=1 Nov 9 09:39:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:39:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20869 PROTO=TCP SPT=45727 DPT=33961 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:39:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8061 PROTO=TCP SPT=49956 DPT=29983 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:39:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32862 SEQ=1 Nov 9 09:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22687 SEQ=1 Nov 9 09:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1499 SEQ=1 Nov 9 09:39:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.47 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50220 DPT=9410 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47589 SEQ=1 Nov 9 09:39:37 server83 dhclient[17176]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0xf782e15) Nov 9 09:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34229 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1499 SEQ=1 Nov 9 09:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6259 SEQ=1 Nov 9 09:39:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45937 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45938 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=60860 PROTO=TCP SPT=56972 DPT=8405 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45939 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.251 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=31616 DF PROTO=TCP SPT=50392 DPT=9591 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:39:45 server83 dhclient[17176]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xf782e15) Nov 9 09:39:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3527 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33896 SEQ=1 Nov 9 09:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45940 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2913 SEQ=1 Nov 9 09:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52779 SEQ=1 Nov 9 09:39:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63274 PROTO=TCP SPT=59589 DPT=5704 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.63 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56064 DPT=8004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23277 PROTO=TCP SPT=49939 DPT=7627 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45941 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:39:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:39:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:39:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:39:57 server83 dhclient[17176]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0xf782e15) Nov 9 09:39:59 server83 NetworkManager[922]: <warn> [1762661399.4503] dhcp4 (eth1): request timed out Nov 9 09:39:59 server83 NetworkManager[922]: <info> [1762661399.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:39:59 server83 NetworkManager[922]: <info> [1762661399.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17176 Nov 9 09:39:59 server83 NetworkManager[922]: <info> [1762661399.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 09:39:59 server83 NetworkManager[922]: <info> [1762661399.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:39:59 server83 NetworkManager[922]: <warn> [1762661399.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:39:59 server83 NetworkManager[922]: <info> [1762661399.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:40:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.71 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56839 DPT=87 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:40:01 server83 systemd: Started Session 309879 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309880 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309877 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309878 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309876 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309881 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309882 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309883 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309885 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309887 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309884 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309888 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309886 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309890 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309892 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309889 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309893 of user root. Nov 9 09:40:01 server83 systemd: Started Session 309891 of user root. Nov 9 09:40:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9541 PROTO=TCP SPT=57143 DPT=8623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3526 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24057 SEQ=1 Nov 9 09:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55032 SEQ=1 Nov 9 09:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6851 SEQ=1 Nov 9 09:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40965 SEQ=1 Nov 9 09:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55032 SEQ=1 Nov 9 09:40:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=45465 PROTO=TCP SPT=47951 DPT=2710 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34230 DF PROTO=TCP SPT=56874 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45942 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37861 DPT=28000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:40:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.92 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=33421 PROTO=TCP SPT=41242 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40359 SEQ=1 Nov 9 09:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4061 SEQ=1 Nov 9 09:40:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50094 SEQ=1 Nov 9 09:40:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4061 SEQ=1 Nov 9 09:40:20 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10094 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41418 SEQ=1 Nov 9 09:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3533 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10095 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:22 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.141 DST=51.210.113.204 LEN=32 TOS=0x00 PREC=0x00 TTL=35 ID=61549 PROTO=UDP SPT=17241 DPT=5351 LEN=12 Nov 9 09:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10096 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10097 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.225.32 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39621 DPT=3001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60233 SEQ=1 Nov 9 09:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43138 SEQ=1 Nov 9 09:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61583 SEQ=1 Nov 9 09:40:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13050 SEQ=1 Nov 9 09:40:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10098 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=36607 PROTO=TCP SPT=35669 DPT=3703 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:40:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25715 PROTO=TCP SPT=49956 DPT=25833 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35798 PROTO=TCP SPT=46370 DPT=2388 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28766 SEQ=1 Nov 9 09:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61583 SEQ=1 Nov 9 09:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40410 SEQ=1 Nov 9 09:40:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41424 DPT=28000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:40:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.130 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42410 DPT=3001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:40:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3524 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45943 DF PROTO=TCP SPT=46714 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24999 SEQ=1 Nov 9 09:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: too many requests Nov 9 09:40:46 server83 imunify360-php-daemon[734]: connections: {total = 20638, closed_as_old = 0, dropped = 2},#012messages: {total_received = 38304, blamer_received = 38034, blamer_filtered = 1483, aggregated = 1038, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 655, send = 0, send_failed = 713, stored = 58, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 4837, fevents_total = 8732,#012#011#011#011#011 fevents_filtered = {total = 29572, wrong_id = 132893, wrong_function_name = 8593554, match_file_false = 5997093, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 3960, fevents_stored_updated = 478, fevents_send_success = 0, fevents_send_failure = 765 } Nov 9 09:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 15217136 B, totalAlloc = 795967670256 B, sys = 68965640 B, rss = 188108800 B Nov 9 09:40:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:40:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46371 SEQ=1 Nov 9 09:40:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3525 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10099 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53017 SEQ=1 Nov 9 09:40:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.80.240 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=9187 DF PROTO=ICMP TYPE=8 CODE=0 ID=58728 SEQ=46313 Nov 9 09:40:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.52 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46581 DPT=89 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:41:01 server83 systemd: Started Session 309894 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309895 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309896 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309897 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309898 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309899 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309900 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309902 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309901 of user root. Nov 9 09:41:01 server83 systemd: Started Session 309903 of user root. Nov 9 09:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24046 PROTO=TCP SPT=49956 DPT=29717 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:41:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34854 SEQ=1 Nov 9 09:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26848 SEQ=1 Nov 9 09:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54533 SEQ=1 Nov 9 09:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26848 SEQ=1 Nov 9 09:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45562 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31212 SEQ=1 Nov 9 09:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45563 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43884 SEQ=1 Nov 9 09:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45564 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=24.199.119.224 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47234 DPT=11434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:41:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56121 PROTO=TCP SPT=45727 DPT=32751 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45565 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:17 server83 aibolit_wrapper[28832]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626614770847318.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626614770849746.txt --log=/tmp/malware_cleaner_log_17626614770852572.txt --progress=/tmp/malware_cleaner_progress_17626614770851716.json --csv_result=/tmp/revisium_csvfile_17626614770852024.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:41:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41638 SEQ=1 Nov 9 09:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52703 SEQ=1 Nov 9 09:41:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.149.201 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15778 PROTO=TCP SPT=52078 DPT=5006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13575 SEQ=1 Nov 9 09:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7864 SEQ=1 Nov 9 09:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10733 SEQ=1 Nov 9 09:41:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45566 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:24 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 09:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10100 DF PROTO=TCP SPT=49586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23473 PROTO=TCP SPT=39300 DPT=9341 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:41:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49717 DPT=48807 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:41:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27106 SEQ=1 Nov 9 09:41:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11116 SEQ=1 Nov 9 09:41:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32111 SEQ=1 Nov 9 09:41:35 server83 pam_imunify_daemon.bin: time="2025-11-09T09:41:35+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 09:41:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.130.191 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=5252 DF PROTO=TCP SPT=46283 DPT=3223 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:41:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41435 SEQ=1 Nov 9 09:41:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=33308 DF PROTO=ICMP TYPE=8 CODE=0 ID=22841 SEQ=49670 Nov 9 09:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45567 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57202 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57203 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57204 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.partition: ProactiveModel.Host should not be empty Nov 9 09:41:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:41:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14742 SEQ=1 Nov 9 09:41:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62366 SEQ=1 Nov 9 09:41:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7574 SEQ=1 Nov 9 09:41:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2935 SEQ=1 Nov 9 09:41:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17021 SEQ=1 Nov 9 09:41:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29157 SEQ=1 Nov 9 09:41:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57205 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:41:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57206 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:01 server83 systemd: Started Session 309904 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309905 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309907 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309909 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309908 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309906 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309911 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309912 of user root. Nov 9 09:42:01 server83 systemd: Started Session 309910 of user root. Nov 9 09:42:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14523 PROTO=TCP SPT=58072 DPT=4098 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:42:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62440 SEQ=1 Nov 9 09:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25805 SEQ=1 Nov 9 09:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19329 SEQ=1 Nov 9 09:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52337 SEQ=1 Nov 9 09:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25451 SEQ=1 Nov 9 09:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25805 SEQ=1 Nov 9 09:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45568 DF PROTO=TCP SPT=48700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57207 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.150.105.5 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=3207 DF PROTO=TCP SPT=37645 DPT=7316 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:42:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.58 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54501 DPT=9203 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:42:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38500 SEQ=1 Nov 9 09:42:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42701 SEQ=1 Nov 9 09:42:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9044 SEQ=1 Nov 9 09:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32883 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32884 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61051 SEQ=1 Nov 9 09:42:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32885 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=98.189.28.178 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=37 ID=29354 PROTO=UDP SPT=64679 DPT=59386 LEN=520 Nov 9 09:42:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.33 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x20 TTL=116 ID=50273 PROTO=UDP SPT=31743 DPT=129 LEN=9 Nov 9 09:42:28 server83 scripts.sh: Sun Nov 9 09:42:28 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 09:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32886 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18169 SEQ=1 Nov 9 09:42:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62171 PROTO=TCP SPT=46370 DPT=1882 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32887 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41784 SEQ=1 Nov 9 09:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57276 SEQ=1 Nov 9 09:42:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57208 DF PROTO=TCP SPT=55576 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2908 PROTO=TCP SPT=37781 DPT=8377 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:42:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56300 SEQ=1 Nov 9 09:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=37453 PROTO=TCP SPT=33566 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54768 SEQ=1 Nov 9 09:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60255 SEQ=1 Nov 9 09:42:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32888 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.122 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17563 PROTO=TCP SPT=52439 DPT=38520 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32123 PROTO=TCP SPT=49956 DPT=25579 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.110 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53719 DPT=5443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:43:01 server83 systemd: Started Session 309913 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309914 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309915 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309917 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309916 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309918 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309919 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309920 of user root. Nov 9 09:43:01 server83 systemd: Started Session 309921 of user root. Nov 9 09:43:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24980 PROTO=TCP SPT=57535 DPT=7561 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:43:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.154.245.47 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=50452 DF PROTO=TCP SPT=51382 DPT=9090 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 09:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41923 SEQ=1 Nov 9 09:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62809 SEQ=1 Nov 9 09:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42963 SEQ=1 Nov 9 09:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46783 SEQ=1 Nov 9 09:43:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39791 SEQ=1 Nov 9 09:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46783 SEQ=1 Nov 9 09:43:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60906 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9220 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9221 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9222 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:15 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:43:15 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:43:15 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9223 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21503 SEQ=1 Nov 9 09:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1347 SEQ=1 Nov 9 09:43:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3532 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32061 SEQ=1 Nov 9 09:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50740 SEQ=1 Nov 9 09:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50740 SEQ=1 Nov 9 09:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29975 SEQ=1 Nov 9 09:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.29 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49935 DPT=8084 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9224 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32889 DF PROTO=TCP SPT=44888 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40975 SEQ=1 Nov 9 09:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42424 SEQ=1 Nov 9 09:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25171 SEQ=1 Nov 9 09:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8172 SEQ=1 Nov 9 09:43:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12372 PROTO=TCP SPT=45727 DPT=34423 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:43:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40000 PROTO=TCP SPT=56698 DPT=8208 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:43:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10300 SEQ=1 Nov 9 09:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42424 SEQ=1 Nov 9 09:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10300 SEQ=1 Nov 9 09:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=526 SEQ=1 Nov 9 09:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.190 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=23166 PROTO=TCP SPT=63423 DPT=790 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9225 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50458 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50459 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50460 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24064 SEQ=1 Nov 9 09:43:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.186 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47188 DF PROTO=TCP SPT=37752 DPT=3030 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:43:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.79.51 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=46 ID=40659 DF PROTO=TCP SPT=41683 DPT=8144 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 09:43:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12881 DF PROTO=TCP SPT=50619 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:43:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12882 DF PROTO=TCP SPT=50619 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50461 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:43:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46280 SEQ=1 Nov 9 09:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12883 DF PROTO=TCP SPT=50619 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:43:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35441 PROTO=TCP SPT=41419 DPT=4849 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:43:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50044 PROTO=TCP SPT=40940 DPT=7254 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:43:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12884 DF PROTO=TCP SPT=50619 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50462 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:44:01 server83 systemd: Started Session 309923 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309922 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309924 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309925 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309926 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309927 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309928 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309929 of user root. Nov 9 09:44:01 server83 systemd: Started Session 309930 of user root. Nov 9 09:44:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52437 SEQ=1 Nov 9 09:44:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12885 DF PROTO=TCP SPT=50619 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:44:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9935 SEQ=1 Nov 9 09:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30602 SEQ=1 Nov 9 09:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47509 SEQ=1 Nov 9 09:44:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23502 PROTO=TCP SPT=59428 DPT=36404 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:44:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.248.130.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=42211 DPT=7915 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:44:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63468 SEQ=1 Nov 9 09:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9226 DF PROTO=TCP SPT=48960 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50463 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33028 SEQ=1 Nov 9 09:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51084 SEQ=1 Nov 9 09:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55242 SEQ=1 Nov 9 09:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.194.250.113 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5478 DF PROTO=TCP SPT=39463 DPT=30037 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4422 SEQ=1 Nov 9 09:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.83.150.53 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=5274 PROTO=TCP SPT=56112 DPT=631 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:44:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.217.194.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37959 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49455 SEQ=1 Nov 9 09:44:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1998 SEQ=1 Nov 9 09:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27705 DF PROTO=TCP SPT=57292 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27706 DF PROTO=TCP SPT=57292 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27707 DF PROTO=TCP SPT=57292 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=9944 PROTO=TCP SPT=36884 DPT=9401 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27708 DF PROTO=TCP SPT=57292 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52500 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29996 PROTO=TCP SPT=33085 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29997 PROTO=TCP SPT=33085 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:36 server83 systemd: Started Session c2862 of user root. Nov 9 09:44:36 server83 scripts.sh: Load Average: 1.77 , 2.84 Nov 9 09:44:36 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 09:44:36 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 09:44:36 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 09:44:36 server83 scripts.sh: HTTPD Status: inactive Nov 9 09:44:36 server83 scripts.sh: MySQL Status: active Nov 9 09:44:36 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 09:44:36 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 09:44:36 server83 scripts.sh: SSHD Status: active Nov 9 09:44:36 server83 scripts.sh: FTP Status: active Nov 9 09:44:36 server83 scripts.sh: LiteSpeed Status: Active Nov 9 09:44:36 server83 scripts.sh: Imunify Status: Active Nov 9 09:44:36 server83 scripts.sh: cPanel Status: active Nov 9 09:44:36 server83 scripts.sh: Memory Status: 12/31 GB - 38.80% Nov 9 09:44:36 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 09:44:36 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 09:44:36 server83 scripts.sh: Local Version: 4.4.5 Nov 9 09:44:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55319 PROTO=TCP SPT=38871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29998 PROTO=TCP SPT=33085 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57918 SEQ=1 Nov 9 09:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57918 SEQ=1 Nov 9 09:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39589 SEQ=1 Nov 9 09:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45309 SEQ=1 Nov 9 09:44:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55320 PROTO=TCP SPT=38871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29999 PROTO=TCP SPT=33085 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10043 SEQ=1 Nov 9 09:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55321 PROTO=TCP SPT=38871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55323 PROTO=TCP SPT=38871 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:44:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:44:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:44:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40216 SEQ=1 Nov 9 09:44:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.119.219.175 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=31512 DF PROTO=ICMP TYPE=8 CODE=0 ID=808 SEQ=4791 Nov 9 09:44:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:44:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=49.12.66.195 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=9862 DF PROTO=ICMP TYPE=8 CODE=0 ID=43476 SEQ=17079 Nov 9 09:44:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3523 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:44:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28805 SEQ=1 Nov 9 09:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37618 SEQ=1 Nov 9 09:44:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50464 DF PROTO=TCP SPT=59528 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37002 SEQ=1 Nov 9 09:44:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24441 SEQ=1 Nov 9 09:44:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.251 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=35 ID=49323 PROTO=UDP SPT=21068 DPT=30665 LEN=32 Nov 9 09:44:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8777 PROTO=TCP SPT=34696 DPT=9326 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27710 DF PROTO=TCP SPT=57292 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:44:58 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=49.13.10.198 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=45061 DF PROTO=ICMP TYPE=8 CODE=0 ID=13320 SEQ=60393 Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4604] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4610] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4611] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4616] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4626] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4629] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:44:59 server83 NetworkManager[922]: <info> [1762661699.4642] dhcp4 (eth1): dhclient started with pid 2431 Nov 9 09:44:59 server83 dhclient[2431]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x589cf50d) Nov 9 09:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4547 SEQ=1 Nov 9 09:45:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39349 SEQ=1 Nov 9 09:45:01 server83 systemd: Started Session 309931 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309932 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309933 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309934 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309935 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309936 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309938 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309937 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309939 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309940 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309943 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309941 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309942 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309945 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309944 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309946 of user root. Nov 9 09:45:01 server83 systemd: Started Session 309947 of user root. Nov 9 09:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 09:45:01 server83 systemd: Started Session 309948 of user sanatanhinduvahi. Nov 9 09:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37486 SEQ=1 Nov 9 09:45:02 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 09:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.245.61.191 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=11097 DF PROTO=ICMP TYPE=8 CODE=0 ID=31327 SEQ=12521 Nov 9 09:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29992 SEQ=1 Nov 9 09:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=49.13.61.43 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=61940 DF PROTO=ICMP TYPE=8 CODE=0 ID=54524 SEQ=12692 Nov 9 09:45:04 server83 dhclient[2431]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x589cf50d) Nov 9 09:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37486 SEQ=1 Nov 9 09:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=110.238.107.118 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=31052 DF PROTO=ICMP TYPE=8 CODE=0 ID=53068 SEQ=62703 Nov 9 09:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19823 SEQ=1 Nov 9 09:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14197 SEQ=1 Nov 9 09:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39349 SEQ=1 Nov 9 09:45:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12166 PROTO=TCP SPT=43735 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12167 PROTO=TCP SPT=43735 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31736 PROTO=TCP SPT=60844 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12168 PROTO=TCP SPT=43735 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.131 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=38579 PROTO=TCP SPT=15426 DPT=11000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:45:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31737 PROTO=TCP SPT=60844 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:14 server83 dhclient[2431]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x589cf50d) Nov 9 09:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31738 PROTO=TCP SPT=60844 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31740 PROTO=TCP SPT=60844 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29488 DF PROTO=TCP SPT=37824 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44296 SEQ=1 Nov 9 09:45:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8212 SEQ=1 Nov 9 09:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38389 SEQ=1 Nov 9 09:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8212 SEQ=1 Nov 9 09:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20998 SEQ=1 Nov 9 09:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29489 DF PROTO=TCP SPT=37824 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20998 SEQ=1 Nov 9 09:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8071 PROTO=TCP SPT=46370 DPT=2407 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:45:25 server83 dhclient[2431]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x589cf50d) Nov 9 09:45:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34649 PROTO=TCP SPT=50207 DPT=6506 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:45:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33315 PROTO=TCP SPT=55841 DPT=4981 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27711 DF PROTO=TCP SPT=57292 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29490 DF PROTO=TCP SPT=37824 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14067 SEQ=1 Nov 9 09:45:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56231 SEQ=1 Nov 9 09:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62765 SEQ=1 Nov 9 09:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12887 DF PROTO=TCP SPT=53048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37714 SEQ=1 Nov 9 09:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36415 SEQ=1 Nov 9 09:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36415 SEQ=1 Nov 9 09:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12888 DF PROTO=TCP SPT=53048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:45:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11860 PROTO=TCP SPT=56698 DPT=8222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:45:37 server83 dhclient[2431]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x589cf50d) Nov 9 09:45:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12889 DF PROTO=TCP SPT=53048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:45:44 server83 NetworkManager[922]: <warn> [1762661744.4498] dhcp4 (eth1): request timed out Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4498] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4577] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2431 Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4577] dhcp4 (eth1): state changed timeout -> done Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4579] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:45:44 server83 NetworkManager[922]: <warn> [1762661744.4582] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4583] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4610] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4613] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4614] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4616] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4625] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4627] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:45:44 server83 NetworkManager[922]: <info> [1762661744.4636] dhcp4 (eth1): dhclient started with pid 3768 Nov 9 09:45:44 server83 dhclient[3768]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1342f9e1) Nov 9 09:45:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12890 DF PROTO=TCP SPT=53048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29491 DF PROTO=TCP SPT=37824 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23995 SEQ=1 Nov 9 09:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4791 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4792 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55877 SEQ=1 Nov 9 09:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54992 SEQ=1 Nov 9 09:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4793 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:45:52 server83 dhclient[3768]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x1342f9e1) Nov 9 09:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23995 SEQ=1 Nov 9 09:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24856 SEQ=1 Nov 9 09:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=1 Nov 9 09:45:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4794 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17943 PROTO=TCP SPT=51322 DPT=9508 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:46:01 server83 systemd: Started Session 309949 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309950 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309951 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309954 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309953 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309952 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309955 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309957 of user root. Nov 9 09:46:01 server83 systemd: Started Session 309956 of user root. Nov 9 09:46:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42256 SEQ=1 Nov 9 09:46:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34990 SEQ=1 Nov 9 09:46:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42256 SEQ=1 Nov 9 09:46:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62688 SEQ=1 Nov 9 09:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4795 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:08 server83 dhclient[3768]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x1342f9e1) Nov 9 09:46:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3530 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:46:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54200 PROTO=TCP SPT=46370 DPT=2712 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:46:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:46:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:46:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.134 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54360 DPT=9512 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:46:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58882 SEQ=1 Nov 9 09:46:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20020 SEQ=1 Nov 9 09:46:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29492 DF PROTO=TCP SPT=37824 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59538 SEQ=1 Nov 9 09:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=53917 PROTO=TCP SPT=56972 DPT=8419 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4796 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=37224 PROTO=TCP SPT=43866 DPT=1145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=19442 PROTO=TCP SPT=59403 DPT=6362 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:46:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65238 SEQ=1 Nov 9 09:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20020 SEQ=1 Nov 9 09:46:23 server83 dhclient[3768]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1342f9e1) Nov 9 09:46:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3529 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:46:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9188 SEQ=1 Nov 9 09:46:29 server83 NetworkManager[922]: <warn> [1762661789.4393] dhcp4 (eth1): request timed out Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4472] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3768 Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4472] dhcp4 (eth1): state changed timeout -> done Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4474] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:46:29 server83 NetworkManager[922]: <warn> [1762661789.4480] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4482] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4515] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4519] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4520] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4525] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4535] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4538] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:46:29 server83 NetworkManager[922]: <info> [1762661789.4550] dhcp4 (eth1): dhclient started with pid 4817 Nov 9 09:46:29 server83 dhclient[4817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x530e3545) Nov 9 09:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3239 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3240 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43953 SEQ=1 Nov 9 09:46:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46604 SEQ=1 Nov 9 09:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61982 PROTO=TCP SPT=43828 DPT=5162 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:46:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3241 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3985 SEQ=1 Nov 9 09:46:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36106 SEQ=1 Nov 9 09:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3242 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:37 server83 dhclient[4817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x530e3545) Nov 9 09:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29725 SEQ=1 Nov 9 09:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51002 SEQ=1 Nov 9 09:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29322 SEQ=1 Nov 9 09:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3243 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.19 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=44993 PROTO=TCP SPT=51943 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:46:45 server83 dhclient[4817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x530e3545) Nov 9 09:46:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35002 SEQ=1 Nov 9 09:46:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3528 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:46:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49916 DPT=48586 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29726 SEQ=1 Nov 9 09:46:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25572 SEQ=1 Nov 9 09:46:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25572 SEQ=1 Nov 9 09:46:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49361 SEQ=1 Nov 9 09:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4797 DF PROTO=TCP SPT=33010 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12891 DF PROTO=TCP SPT=54917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12892 DF PROTO=TCP SPT=54917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:46:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.79 DST=145.239.177.179 LEN=35 TOS=0x00 PREC=0x00 TTL=51 ID=56190 DF PROTO=UDP SPT=21849 DPT=177 LEN=15 Nov 9 09:46:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62313 PROTO=TCP SPT=53120 DPT=2461 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:46:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12893 DF PROTO=TCP SPT=54917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:46:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:47:00 server83 dhclient[4817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x530e3545) Nov 9 09:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3244 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:47:01 server83 systemd: Started Session 309958 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309959 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309960 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309961 of user root. Nov 9 09:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12894 DF PROTO=TCP SPT=54917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:01 server83 systemd: Started Session 309962 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309965 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309966 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309967 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309964 of user root. Nov 9 09:47:01 server83 systemd: Started Session 309963 of user root. Nov 9 09:47:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50528 SEQ=1 Nov 9 09:47:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44062 SEQ=1 Nov 9 09:47:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42466 SEQ=1 Nov 9 09:47:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=48236 PROTO=TCP SPT=37933 DPT=9028 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:47:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29881 SEQ=1 Nov 9 09:47:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12895 DF PROTO=TCP SPT=54917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8440 SEQ=1 Nov 9 09:47:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41561 PROTO=TCP SPT=45727 DPT=30430 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:47:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28095 PROTO=TCP SPT=40898 DPT=21 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:47:14 server83 NetworkManager[922]: <warn> [1762661834.4435] dhcp4 (eth1): request timed out Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4435] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4595] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4817 Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4595] dhcp4 (eth1): state changed timeout -> done Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4598] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:47:14 server83 NetworkManager[922]: <warn> [1762661834.4605] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4608] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4644] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4649] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4651] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4655] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4667] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4670] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:47:14 server83 NetworkManager[922]: <info> [1762661834.4684] dhcp4 (eth1): dhclient started with pid 6130 Nov 9 09:47:14 server83 dhclient[6130]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x22bc96fe) Nov 9 09:47:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.109 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=9383 PROTO=TCP SPT=50261 DPT=3000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:47:16 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.12.150.99 DST=145.239.177.179 LEN=91 TOS=0x08 PREC=0x20 TTL=45 ID=19025 DF PROTO=UDP SPT=11211 DPT=8082 LEN=71 Nov 9 09:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61243 SEQ=1 Nov 9 09:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46465 SEQ=1 Nov 9 09:47:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36730 PROTO=TCP SPT=41811 DPT=2610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:47:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20394 PROTO=TCP SPT=49956 DPT=28090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57798 SEQ=1 Nov 9 09:47:21 server83 dhclient[6130]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x22bc96fe) Nov 9 09:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4858 SEQ=1 Nov 9 09:47:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35838 PROTO=TCP SPT=56698 DPT=8205 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53613 SEQ=1 Nov 9 09:47:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30629 SEQ=1 Nov 9 09:47:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12896 DF PROTO=TCP SPT=55590 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12897 DF PROTO=TCP SPT=55590 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.125.66 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=59759 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:47:29 server83 dhclient[6130]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x22bc96fe) Nov 9 09:47:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12898 DF PROTO=TCP SPT=55590 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56423 SEQ=1 Nov 9 09:47:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12899 DF PROTO=TCP SPT=55590 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6981 PROTO=TCP SPT=33611 DPT=4455 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:47:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3245 DF PROTO=TCP SPT=42436 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 09:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43608 SEQ=1 Nov 9 09:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18858 SEQ=1 Nov 9 09:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56423 SEQ=1 Nov 9 09:47:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14771 SEQ=1 Nov 9 09:47:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=389 SEQ=1 Nov 9 09:47:39 server83 dhclient[6130]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x22bc96fe) Nov 9 09:47:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12900 DF PROTO=TCP SPT=55590 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:47:44 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:47:44 server83 systemd: Stopped Status Update Service. Nov 9 09:47:44 server83 systemd: Started Status Update Service. Nov 9 09:47:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48099 SEQ=1 Nov 9 09:47:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:47:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.145 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=34097 PROTO=TCP SPT=56974 DPT=5088 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6068 SEQ=1 Nov 9 09:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14592 SEQ=1 Nov 9 09:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6068 SEQ=1 Nov 9 09:47:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3522 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:47:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.156 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=58956 PROTO=TCP SPT=43180 DPT=1000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:47:57 server83 dhclient[6130]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x22bc96fe) Nov 9 09:47:59 server83 NetworkManager[922]: <warn> [1762661879.4503] dhcp4 (eth1): request timed out Nov 9 09:47:59 server83 NetworkManager[922]: <info> [1762661879.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:47:59 server83 NetworkManager[922]: <info> [1762661879.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6130 Nov 9 09:47:59 server83 NetworkManager[922]: <info> [1762661879.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 09:47:59 server83 NetworkManager[922]: <info> [1762661879.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:47:59 server83 NetworkManager[922]: <warn> [1762661879.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:47:59 server83 NetworkManager[922]: <info> [1762661879.4594] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:48:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=134.122.118.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=26714 PROTO=TCP SPT=61013 DPT=13000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:48:01 server83 systemd: Started Session 309969 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309971 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309970 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309973 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309972 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309974 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309975 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309968 of user root. Nov 9 09:48:01 server83 systemd: Started Session 309976 of user root. Nov 9 09:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36199 SEQ=1 Nov 9 09:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=38515 DF PROTO=ICMP TYPE=8 CODE=0 ID=36825 SEQ=4748 Nov 9 09:48:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53310 SEQ=1 Nov 9 09:48:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51611 PROTO=TCP SPT=49956 DPT=29703 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:48:06 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.15.226.170 DST=145.239.177.179 LEN=444 TOS=0x00 PREC=0x00 TTL=47 ID=25919 DF PROTO=UDP SPT=5148 DPT=5060 LEN=424 Nov 9 09:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10957 SEQ=1 Nov 9 09:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62707 SEQ=1 Nov 9 09:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20550 SEQ=1 Nov 9 09:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53310 SEQ=1 Nov 9 09:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2808 SEQ=1 Nov 9 09:48:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=3472 PROTO=TCP SPT=45707 DPT=22622 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:48:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:48:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:48:14 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:48:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.162 DST=51.210.113.204 LEN=30 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=53683 DPT=5630 LEN=10 Nov 9 09:48:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.180.48.63 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53873 PROTO=TCP SPT=51370 DPT=22222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:48:16 server83 pam_imunify_daemon.bin: time="2025-11-09T09:48:16+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 09:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52729 SEQ=1 Nov 9 09:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24535 SEQ=1 Nov 9 09:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26213 SEQ=1 Nov 9 09:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 09:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 09:48:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50745 SEQ=1 Nov 9 09:48:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.227.254.152 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=22907 DF PROTO=TCP SPT=65182 DPT=21 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 Nov 9 09:48:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26213 SEQ=1 Nov 9 09:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44474 SEQ=1 Nov 9 09:48:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.227.254.152 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=22908 DF PROTO=TCP SPT=65182 DPT=21 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 Nov 9 09:48:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.170 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53039 DPT=3390 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:48:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60634 PROTO=TCP SPT=45727 DPT=34425 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:48:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.154 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=47911 DF PROTO=TCP SPT=26146 DPT=9635 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:48:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.233 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=29656 DF PROTO=TCP SPT=61931 DPT=4899 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:48:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.227.254.152 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=22909 DF PROTO=TCP SPT=65182 DPT=21 WINDOW=200 RES=0x00 SYN URGP=0 Nov 9 09:48:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.40 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56457 DPT=1234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41015 SEQ=1 Nov 9 09:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39538 SEQ=1 Nov 9 09:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39538 SEQ=1 Nov 9 09:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40103 SEQ=1 Nov 9 09:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21141 SEQ=1 Nov 9 09:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64535 SEQ=1 Nov 9 09:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27109 SEQ=1 Nov 9 09:48:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32750 SEQ=1 Nov 9 09:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:48:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8796 SEQ=1 Nov 9 09:48:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37081 SEQ=1 Nov 9 09:48:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.99.13.19 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=45231 DPT=7915 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29415 SEQ=1 Nov 9 09:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20742 SEQ=1 Nov 9 09:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37995 SEQ=1 Nov 9 09:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33426 SEQ=1 Nov 9 09:48:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51502 PROTO=TCP SPT=45727 DPT=30699 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:48:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.250.81.123 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=20196 DF PROTO=TCP SPT=21220 DPT=9034 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 09:49:01 server83 systemd: Started Session 309977 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309978 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309979 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309980 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309981 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309982 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309983 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309985 of user root. Nov 9 09:49:01 server83 systemd: Started Session 309984 of user root. Nov 9 09:49:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12072 SEQ=1 Nov 9 09:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12072 SEQ=1 Nov 9 09:49:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=10967 PROTO=TCP SPT=41942 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:49:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39364 SEQ=1 Nov 9 09:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21347 SEQ=1 Nov 9 09:49:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=51934 PROTO=TCP SPT=41942 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:49:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=9947 PROTO=TCP SPT=41942 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:49:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.20 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=47284 PROTO=TCP SPT=53522 DPT=47001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61954 SEQ=1 Nov 9 09:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61889 SEQ=1 Nov 9 09:49:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26568 SEQ=1 Nov 9 09:49:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59250 SEQ=1 Nov 9 09:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59250 SEQ=1 Nov 9 09:49:24 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 09:49:25 server83 aibolit_wrapper[9449]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626619652660716.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626619652662900.txt --log=/tmp/malware_cleaner_log_17626619652665288.txt --progress=/tmp/malware_cleaner_progress_17626619652664682.json --csv_result=/tmp/revisium_csvfile_17626619652664962.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:49:25 server83 pam_imunify_daemon.bin: time="2025-11-09T09:49:25+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:49:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36389 PROTO=TCP SPT=38115 DPT=7967 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:49:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.235.161.102 DST=145.239.177.179 LEN=53 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=47972 DPT=81 LEN=33 Nov 9 09:49:29 server83 aibolit_wrapper[9555]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626619695125804.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626619695126974.txt --log=/tmp/malware_cleaner_log_17626619695128388.txt --progress=/tmp/malware_cleaner_progress_17626619695127962.json --csv_result=/tmp/revisium_csvfile_17626619695128158.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21637 SEQ=1 Nov 9 09:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.13.103.144 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=17381 DF PROTO=ICMP TYPE=8 CODE=0 ID=19228 SEQ=58580 Nov 9 09:49:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.249 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=40219 DF PROTO=TCP SPT=29897 DPT=9788 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:49:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.241 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=2155 DF PROTO=TCP SPT=16912 DPT=5094 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:49:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9035 PROTO=TCP SPT=52679 DPT=9792 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:49:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20597 SEQ=1 Nov 9 09:49:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20597 SEQ=1 Nov 9 09:49:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55843 SEQ=1 Nov 9 09:49:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=34954 PROTO=TCP SPT=54693 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8715 SEQ=1 Nov 9 09:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37403 SEQ=1 Nov 9 09:49:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.109 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50970 DPT=45790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:49:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60450 PROTO=TCP SPT=57873 DPT=28565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:49:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:49:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:49:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17887 SEQ=1 Nov 9 09:49:51 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:49:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30028 PROTO=TCP SPT=60018 DPT=7178 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:50:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:50:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:50:01 server83 systemd: Started Session 309987 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309988 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309986 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309992 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309990 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309993 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309997 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309989 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309991 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309995 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309998 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309996 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309994 of user root. Nov 9 09:50:01 server83 systemd: Started Session 309999 of user root. Nov 9 09:50:01 server83 systemd: Started Session 310000 of user root. Nov 9 09:50:01 server83 systemd: Started Session 310001 of user root. Nov 9 09:50:01 server83 systemd: Started Session 310002 of user root. Nov 9 09:50:01 server83 systemd: Started Session 310003 of user root. Nov 9 09:50:01 server83 systemd: Started Session 310004 of user root. Nov 9 09:50:03 server83 aibolit_wrapper[10771]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620038212344.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626620038213586.txt --log=/tmp/malware_cleaner_log_17626620038214536.txt --progress=/tmp/malware_cleaner_progress_17626620038214282.json --csv_result=/tmp/revisium_csvfile_17626620038214386.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:50:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40726 SEQ=1 Nov 9 09:50:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47218 SEQ=1 Nov 9 09:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.124 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=32954 DPT=2031 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33986 SEQ=1 Nov 9 09:50:07 server83 aibolit_wrapper[10933]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620079790814.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626620079791594.txt --log=/tmp/malware_cleaner_log_17626620079792320.txt --progress=/tmp/malware_cleaner_progress_17626620079792126.json --csv_result=/tmp/revisium_csvfile_17626620079792216.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13736 SEQ=1 Nov 9 09:50:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2838 PROTO=TCP SPT=54968 DPT=6809 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37714 SEQ=1 Nov 9 09:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54607 SEQ=1 Nov 9 09:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=411 SEQ=1 Nov 9 09:50:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.228 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=5636 PROTO=TCP SPT=8836 DPT=45659 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:50:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4037 PROTO=TCP SPT=46370 DPT=1906 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:50:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.71 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=53509 PROTO=TCP SPT=41970 DPT=8872 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22127 SEQ=1 Nov 9 09:50:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=213.199.44.212 DST=145.239.177.179 LEN=445 TOS=0x00 PREC=0x00 TTL=48 ID=60033 DF PROTO=UDP SPT=5231 DPT=5060 LEN=425 Nov 9 09:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22127 SEQ=1 Nov 9 09:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56082 SEQ=1 Nov 9 09:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41221 SEQ=1 Nov 9 09:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15210 SEQ=1 Nov 9 09:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56082 SEQ=1 Nov 9 09:50:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29818 PROTO=TCP SPT=38241 DPT=6991 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:24 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:50:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7437 PROTO=TCP SPT=39631 DPT=4710 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49051 SEQ=1 Nov 9 09:50:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29504 SEQ=1 Nov 9 09:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30810 SEQ=1 Nov 9 09:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61561 SEQ=1 Nov 9 09:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53491 SEQ=1 Nov 9 09:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2048 SEQ=1 Nov 9 09:50:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:50:45 server83 aibolit_wrapper[11742]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620451550172.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626620451552392.txt --log=/tmp/malware_cleaner_log_17626620451554670.txt --progress=/tmp/malware_cleaner_progress_17626620451554088.json --csv_result=/tmp/revisium_csvfile_17626620451554350.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:50:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:50:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:50:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40462 PROTO=TCP SPT=42111 DPT=2570 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:50:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:50:48 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.5.42 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=UDP SPT=54471 DPT=81 LEN=32 Nov 9 09:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4435 SEQ=1 Nov 9 09:50:49 server83 aibolit_wrapper[11847]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620493223322.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626620493224798.txt --log=/tmp/malware_cleaner_log_17626620493226328.txt --progress=/tmp/malware_cleaner_progress_17626620493225914.json --csv_result=/tmp/revisium_csvfile_17626620493226072.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28871 SEQ=1 Nov 9 09:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34327 SEQ=1 Nov 9 09:50:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32885 SEQ=1 Nov 9 09:50:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.203.251.111 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=15857 PROTO=TCP SPT=48124 DPT=502 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:51 server83 pam_imunify_daemon.bin: time="2025-11-09T09:50:51+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 09:50:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.233.112.109 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=60793 PROTO=TCP SPT=35905 DPT=8192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.76.250.51 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=30957 PROTO=TCP SPT=60246 DPT=5222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:50:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57975 SEQ=1 Nov 9 09:50:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3527 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:51:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:51:01 server83 systemd: Started Session 310008 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310007 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310006 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310005 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310009 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310012 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310013 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310011 of user root. Nov 9 09:51:01 server83 systemd: Started Session 310010 of user root. Nov 9 09:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41010 SEQ=1 Nov 9 09:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41010 SEQ=1 Nov 9 09:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34253 SEQ=1 Nov 9 09:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58806 SEQ=1 Nov 9 09:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11113 SEQ=1 Nov 9 09:51:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34308 PROTO=TCP SPT=49956 DPT=25028 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62005 SEQ=1 Nov 9 09:51:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50111 PROTO=TCP SPT=59513 DPT=8119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:51:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.197 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26207 PROTO=TCP SPT=52080 DPT=5005 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3518 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.190.163.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46608 DPT=90 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:51:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47156 PROTO=TCP SPT=33288 DPT=8395 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:51:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3526 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48362 SEQ=1 Nov 9 09:51:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20283 PROTO=TCP SPT=42111 DPT=2416 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34606 SEQ=1 Nov 9 09:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48778 SEQ=1 Nov 9 09:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48362 SEQ=1 Nov 9 09:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34606 SEQ=1 Nov 9 09:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48778 SEQ=1 Nov 9 09:51:22 server83 aibolit_wrapper[12732]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620825691064.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626620825692814.txt --log=/tmp/malware_cleaner_log_17626620825694868.txt --progress=/tmp/malware_cleaner_progress_17626620825694386.json --csv_result=/tmp/revisium_csvfile_17626620825694614.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:51:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40143 SEQ=1 Nov 9 09:51:24 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:51:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.12 DST=145.239.177.179 LEN=46 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=50684 DPT=1194 LEN=26 Nov 9 09:51:27 server83 aibolit_wrapper[12805]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620879173736.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626620879174848.txt --log=/tmp/malware_cleaner_log_17626620879176188.txt --progress=/tmp/malware_cleaner_progress_17626620879175830.json --csv_result=/tmp/revisium_csvfile_17626620879175996.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29679 SEQ=1 Nov 9 09:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9127 SEQ=1 Nov 9 09:51:33 server83 aibolit_wrapper[12914]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626620936334644.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626620936337326.txt --progress=/tmp/malware_cleaner_progress_17626620936337002.json --csv_result=/tmp/revisium_csvfile_17626620936337154.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:51:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31862 SEQ=1 Nov 9 09:51:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29679 SEQ=1 Nov 9 09:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60717 SEQ=1 Nov 9 09:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35453 SEQ=1 Nov 9 09:51:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7828 PROTO=TCP SPT=45149 DPT=9504 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:51:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.91 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=61563 PROTO=TCP SPT=42051 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:51:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11161 PROTO=TCP SPT=45727 DPT=31228 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.accept: ProactiveModel.Host should not be empty Nov 9 09:51:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:51:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:51:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60813 SEQ=1 Nov 9 09:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15916 SEQ=1 Nov 9 09:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23119 SEQ=1 Nov 9 09:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8421 SEQ=1 Nov 9 09:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23119 SEQ=1 Nov 9 09:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50549 SEQ=1 Nov 9 09:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.121 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52619 DPT=902 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3524 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:51:55 server83 aibolit_wrapper[13333]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621151947038.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626621151948638.txt --log=/tmp/malware_cleaner_log_17626621151950024.txt --progress=/tmp/malware_cleaner_progress_17626621151949658.json --csv_result=/tmp/revisium_csvfile_17626621151949816.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:51:58 server83 scripts.sh: Sun Nov 9 09:51:58 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 09:51:59 server83 aibolit_wrapper[13522]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621193000490.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626621193001258.txt --log=/tmp/malware_cleaner_log_17626621193001966.txt --progress=/tmp/malware_cleaner_progress_17626621193001798.json --csv_result=/tmp/revisium_csvfile_17626621193001874.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:52:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17256 PROTO=TCP SPT=33939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:52:01 server83 systemd: Started Session 310015 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310014 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310017 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310018 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310020 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310019 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310016 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310021 of user root. Nov 9 09:52:01 server83 systemd: Started Session 310022 of user root. Nov 9 09:52:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3525 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:52:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17257 PROTO=TCP SPT=33939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14522 PROTO=TCP SPT=47410 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17258 PROTO=TCP SPT=33939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14523 PROTO=TCP SPT=47410 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17259 PROTO=TCP SPT=33939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14524 PROTO=TCP SPT=47410 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17260 PROTO=TCP SPT=33939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14525 PROTO=TCP SPT=47410 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14526 PROTO=TCP SPT=47410 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29739 SEQ=1 Nov 9 09:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54859 SEQ=1 Nov 9 09:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25847 SEQ=1 Nov 9 09:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54351 SEQ=1 Nov 9 09:52:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21673 PROTO=TCP SPT=46370 DPT=1464 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:52:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.229 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=49324 PROTO=TCP SPT=52539 DPT=179 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:52:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.147 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=44003 PROTO=TCP SPT=53323 DPT=44817 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:52:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8769 PROTO=TCP SPT=49956 DPT=25918 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.111 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=34412 DF PROTO=TCP SPT=33444 DPT=8889 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 09:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51249 PROTO=TCP SPT=49956 DPT=27999 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:52:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.87 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56072 DPT=9444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:52:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55872 SEQ=1 Nov 9 09:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49676 SEQ=1 Nov 9 09:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17005 SEQ=1 Nov 9 09:52:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60969 SEQ=1 Nov 9 09:52:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:52:27 server83 aibolit_wrapper[14298]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621477542340.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626621477543964.txt --log=/tmp/malware_cleaner_log_17626621477545238.txt --progress=/tmp/malware_cleaner_progress_17626621477544872.json --csv_result=/tmp/revisium_csvfile_17626621477545032.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49889 SEQ=1 Nov 9 09:52:33 server83 aibolit_wrapper[14417]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621532665096.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626621532668856.txt --progress=/tmp/malware_cleaner_progress_17626621532668290.json --csv_result=/tmp/revisium_csvfile_17626621532668590.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64745 SEQ=1 Nov 9 09:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18383 SEQ=1 Nov 9 09:52:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28027 SEQ=1 Nov 9 09:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47347 SEQ=1 Nov 9 09:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15670 SEQ=1 Nov 9 09:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58726 SEQ=1 Nov 9 09:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49889 SEQ=1 Nov 9 09:52:38 server83 aibolit_wrapper[14553]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621588155244.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626621588156910.txt --log=/tmp/malware_cleaner_log_17626621588158680.txt --progress=/tmp/malware_cleaner_progress_17626621588158250.json --csv_result=/tmp/revisium_csvfile_17626621588158438.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:52:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=5559 PROTO=TCP SPT=35689 DPT=1038 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:52:42 server83 pam_imunify_daemon.bin: time="2025-11-09T09:52:42+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 09:52:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.153.56.174 DST=51.210.113.204 LEN=52 TOS=0x08 PREC=0x20 TTL=44 ID=6258 PROTO=TCP SPT=45124 DPT=8476 WINDOW=64557 RES=0x00 SYN URGP=0 Nov 9 09:52:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.cache: ProactiveModel.Host should not be empty Nov 9 09:52:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:52:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:52:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:52:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13823 SEQ=1 Nov 9 09:52:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60506 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21330 SEQ=1 Nov 9 09:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23014 SEQ=1 Nov 9 09:52:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63027 SEQ=1 Nov 9 09:52:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63027 SEQ=1 Nov 9 09:52:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46360 PROTO=TCP SPT=41811 DPT=2418 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4798] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4804] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4805] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4808] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4819] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4821] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:52:59 server83 NetworkManager[922]: <info> [1762662179.4833] dhcp4 (eth1): dhclient started with pid 15007 Nov 9 09:52:59 server83 dhclient[15007]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6395f223) Nov 9 09:53:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23349 PROTO=TCP SPT=51029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23350 PROTO=TCP SPT=51029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:01 server83 aibolit_wrapper[15089]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621812873916.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626621812875646.txt --progress=/tmp/malware_cleaner_progress_17626621812875454.json --csv_result=/tmp/revisium_csvfile_17626621812875540.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:53:01 server83 systemd: Started Session 310023 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310024 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310025 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310026 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310028 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310029 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310030 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310031 of user root. Nov 9 09:53:01 server83 systemd: Started Session 310027 of user root. Nov 9 09:53:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16172 PROTO=TCP SPT=36487 DPT=1524 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:53:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53869 PROTO=TCP SPT=59278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23351 PROTO=TCP SPT=51029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63715 SEQ=1 Nov 9 09:53:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53870 PROTO=TCP SPT=59278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:03 server83 dhclient[15007]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6395f223) Nov 9 09:53:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63715 SEQ=1 Nov 9 09:53:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53871 PROTO=TCP SPT=59278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23353 PROTO=TCP SPT=51029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12902 DF PROTO=TCP SPT=62048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53872 PROTO=TCP SPT=59278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:05 server83 aibolit_wrapper[15278]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626621854690928.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626621854694324.txt --progress=/tmp/malware_cleaner_progress_17626621854693904.json --csv_result=/tmp/revisium_csvfile_17626621854694114.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:53:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53873 PROTO=TCP SPT=59278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:53:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12903 DF PROTO=TCP SPT=62048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15786 SEQ=1 Nov 9 09:53:07 server83 dhclient[15007]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x6395f223) Nov 9 09:53:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13380 SEQ=1 Nov 9 09:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12904 DF PROTO=TCP SPT=62048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.56.61.130 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=12706 PROTO=TCP SPT=60902 DPT=6080 WINDOW=65172 RES=0x00 SYN URGP=0 Nov 9 09:53:12 server83 dhclient[15007]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6395f223) Nov 9 09:53:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23702 PROTO=TCP SPT=43224 DPT=4174 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:53:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:53:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:53:16 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:53:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12905 DF PROTO=TCP SPT=62048 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=6623 DF PROTO=ICMP TYPE=8 CODE=0 ID=65402 SEQ=47362 Nov 9 09:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32520 SEQ=1 Nov 9 09:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19370 SEQ=1 Nov 9 09:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38410 SEQ=1 Nov 9 09:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64310 SEQ=1 Nov 9 09:53:21 server83 dhclient[15007]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x6395f223) Nov 9 09:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44954 SEQ=1 Nov 9 09:53:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.156.152.139 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59942 PROTO=TCP SPT=50748 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:53:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18346 PROTO=TCP SPT=49120 DPT=3392 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:53:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32889 SEQ=1 Nov 9 09:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32889 SEQ=1 Nov 9 09:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19127 SEQ=1 Nov 9 09:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11746 SEQ=1 Nov 9 09:53:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19980 SEQ=1 Nov 9 09:53:34 server83 dhclient[15007]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x6395f223) Nov 9 09:53:37 server83 aibolit_wrapper[16012]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622177236208.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626622177238722.txt --progress=/tmp/malware_cleaner_progress_17626622177238410.json --csv_result=/tmp/revisium_csvfile_17626622177238540.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:53:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32947 SEQ=1 Nov 9 09:53:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.133 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=61301 PROTO=TCP SPT=8885 DPT=42367 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:53:42 server83 aibolit_wrapper[16128]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622220078070.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626622220079700.txt --progress=/tmp/malware_cleaner_progress_17626622220079496.json --csv_result=/tmp/revisium_csvfile_17626622220079582.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:53:44 server83 NetworkManager[922]: <warn> [1762662224.4510] dhcp4 (eth1): request timed out Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4511] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4670] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15007 Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4671] dhcp4 (eth1): state changed timeout -> done Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4673] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:53:44 server83 NetworkManager[922]: <warn> [1762662224.4676] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4678] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4711] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4712] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4714] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4724] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4726] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:53:44 server83 NetworkManager[922]: <info> [1762662224.4735] dhcp4 (eth1): dhclient started with pid 16206 Nov 9 09:53:44 server83 dhclient[16206]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x4b9dba55) Nov 9 09:53:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 09:53:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.include: ProactiveModel.Host should not be empty Nov 9 09:53:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:53:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:53:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:53:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 09:53:47 server83 aibolit_wrapper[16285]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622276086436.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626622276088082.txt --progress=/tmp/malware_cleaner_progress_17626622276087856.json --csv_result=/tmp/revisium_csvfile_17626622276087978.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:53:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:53:50 server83 dhclient[16206]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4b9dba55) Nov 9 09:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13279 SEQ=1 Nov 9 09:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58681 SEQ=1 Nov 9 09:53:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9707 SEQ=1 Nov 9 09:53:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50353 SEQ=1 Nov 9 09:53:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44996 SEQ=1 Nov 9 09:53:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12906 DF PROTO=TCP SPT=63265 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:54 server83 aibolit_wrapper[16433]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622349205242.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626622349208634.txt --progress=/tmp/malware_cleaner_progress_17626622349208238.json --csv_result=/tmp/revisium_csvfile_17626622349208420.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12907 DF PROTO=TCP SPT=63265 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=33634 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:53:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12908 DF PROTO=TCP SPT=63265 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34876 PROTO=TCP SPT=41889 DPT=8526 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:54:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12909 DF PROTO=TCP SPT=63265 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:54:01 server83 aibolit_wrapper[16598]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622412941194.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626622412944092.txt --progress=/tmp/malware_cleaner_progress_17626622412943742.json --csv_result=/tmp/revisium_csvfile_17626622412943892.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:54:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.58 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=46055 DPT=801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:54:01 server83 dhclient[16206]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x4b9dba55) Nov 9 09:54:01 server83 systemd: Started Session 310032 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310033 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310034 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310036 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310037 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310035 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310038 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310040 of user root. Nov 9 09:54:01 server83 systemd: Started Session 310039 of user root. Nov 9 09:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23820 SEQ=1 Nov 9 09:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19023 SEQ=1 Nov 9 09:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19023 SEQ=1 Nov 9 09:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44121 SEQ=1 Nov 9 09:54:06 server83 aibolit_wrapper[16858]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622466915622.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626622466917004.txt --log=/tmp/malware_cleaner_log_17626622466918538.txt --progress=/tmp/malware_cleaner_progress_17626622466918116.json --csv_result=/tmp/revisium_csvfile_17626622466918300.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:54:07 server83 systemd: Started Session c2863 of user root. Nov 9 09:54:07 server83 scripts.sh: Load Average: 1.61 , 1.88 Nov 9 09:54:07 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 09:54:07 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 09:54:07 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 09:54:07 server83 scripts.sh: HTTPD Status: inactive Nov 9 09:54:07 server83 scripts.sh: MySQL Status: active Nov 9 09:54:07 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 09:54:07 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 09:54:07 server83 scripts.sh: SSHD Status: active Nov 9 09:54:07 server83 scripts.sh: FTP Status: active Nov 9 09:54:07 server83 scripts.sh: LiteSpeed Status: Active Nov 9 09:54:07 server83 scripts.sh: Imunify Status: Active Nov 9 09:54:07 server83 scripts.sh: cPanel Status: active Nov 9 09:54:07 server83 scripts.sh: Memory Status: 12/31 GB - 39.18% Nov 9 09:54:07 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 09:54:07 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 09:54:07 server83 scripts.sh: Local Version: 4.4.5 Nov 9 09:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52645 SEQ=1 Nov 9 09:54:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12910 DF PROTO=TCP SPT=63265 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:54:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27167 PROTO=TCP SPT=42055 DPT=37967 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:54:13 server83 aibolit_wrapper[17015]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622538036828.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626622538038588.txt --log=/tmp/malware_cleaner_log_17626622538040568.txt --progress=/tmp/malware_cleaner_progress_17626622538040050.json --csv_result=/tmp/revisium_csvfile_17626622538040266.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:54:19 server83 dhclient[16206]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4b9dba55) Nov 9 09:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9984 SEQ=1 Nov 9 09:54:22 server83 aibolit_wrapper[17193]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622620894684.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626622620896464.txt --log=/tmp/malware_cleaner_log_17626622620898432.txt --progress=/tmp/malware_cleaner_progress_17626622620897872.json --csv_result=/tmp/revisium_csvfile_17626622620898130.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28246 SEQ=1 Nov 9 09:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54169 SEQ=1 Nov 9 09:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18364 SEQ=1 Nov 9 09:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44093 SEQ=1 Nov 9 09:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46949 SEQ=1 Nov 9 09:54:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:54:26 server83 aibolit_wrapper[17298]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622662494316.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626622662495666.txt --log=/tmp/malware_cleaner_log_17626622662496902.txt --progress=/tmp/malware_cleaner_progress_17626622662496578.json --csv_result=/tmp/revisium_csvfile_17626622662496738.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:54:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9802 PROTO=TCP SPT=49956 DPT=28275 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:54:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62448 PROTO=TCP SPT=49120 DPT=3395 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:54:29 server83 NetworkManager[922]: <warn> [1762662269.4503] dhcp4 (eth1): request timed out Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16206 Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:54:29 server83 NetworkManager[922]: <warn> [1762662269.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4672] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4705] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4709] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4710] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4714] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4724] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4727] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:54:29 server83 NetworkManager[922]: <info> [1762662269.4737] dhcp4 (eth1): dhclient started with pid 17370 Nov 9 09:54:29 server83 dhclient[17370]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x44df108) Nov 9 09:54:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39355 SEQ=1 Nov 9 09:54:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12844 SEQ=1 Nov 9 09:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39355 SEQ=1 Nov 9 09:54:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.114.56 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=23456 PROTO=TCP SPT=48134 DPT=3671 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:54:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=53767 PROTO=TCP SPT=55209 DPT=2483 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:54:34 server83 dhclient[17370]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x44df108) Nov 9 09:54:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=15510 PROTO=TCP SPT=53857 DPT=44317 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35123 SEQ=1 Nov 9 09:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32438 SEQ=1 Nov 9 09:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12070 SEQ=1 Nov 9 09:54:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.139.123 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47866 DPT=808 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:54:40 server83 aibolit_wrapper[17701]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626622805033044.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626622805034154.txt --log=/tmp/malware_cleaner_log_17626622805035076.txt --progress=/tmp/malware_cleaner_progress_17626622805034806.json --csv_result=/tmp/revisium_csvfile_17626622805034928.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:54:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34602 PROTO=TCP SPT=50910 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16871 PROTO=TCP SPT=42281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34603 PROTO=TCP SPT=50910 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=16872 PROTO=TCP SPT=42281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35329 PROTO=TCP SPT=63991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43790 PROTO=TCP SPT=37902 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35331 PROTO=TCP SPT=63991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:54:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:54:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35333 PROTO=TCP SPT=63991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:54:47 server83 dhclient[17370]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x44df108) Nov 9 09:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48166 SEQ=1 Nov 9 09:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25175 SEQ=1 Nov 9 09:54:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25648 SEQ=1 Nov 9 09:54:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37616 SEQ=1 Nov 9 09:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37914 SEQ=1 Nov 9 09:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10628 SEQ=1 Nov 9 09:54:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.170.230 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=4007 DF PROTO=TCP SPT=44096 DPT=8294 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:54:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.5 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54829 DPT=8177 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:54:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:54:56 server83 dhclient[17370]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x44df108) Nov 9 09:54:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19368 PROTO=TCP SPT=42055 DPT=9284 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:01 server83 systemd: Started Session 310041 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310043 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310042 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310044 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310045 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310046 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310047 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310049 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310052 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310053 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310050 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310048 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310051 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310055 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310054 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310056 of user root. Nov 9 09:55:01 server83 systemd: Started Session 310057 of user root. Nov 9 09:55:04 server83 aibolit_wrapper[18349]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626623047181814.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626623047183198.txt --log=/tmp/malware_cleaner_log_17626623047184078.txt --progress=/tmp/malware_cleaner_progress_17626623047183866.json --csv_result=/tmp/revisium_csvfile_17626623047183962.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:55:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.38.8 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39053 DF PROTO=TCP SPT=58330 DPT=2222 WINDOW=64800 RES=0x00 SYN URGP=0 Nov 9 09:55:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.215.0.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8319 PROTO=TCP SPT=60024 DPT=120 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.38.8 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39054 DF PROTO=TCP SPT=58330 DPT=2222 WINDOW=64800 RES=0x00 SYN URGP=0 Nov 9 09:55:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7873 SEQ=1 Nov 9 09:55:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53991 SEQ=1 Nov 9 09:55:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.38.8 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39055 DF PROTO=TCP SPT=58330 DPT=2222 WINDOW=64800 RES=0x00 SYN URGP=0 Nov 9 09:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61478 SEQ=1 Nov 9 09:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=926 SEQ=1 Nov 9 09:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=926 SEQ=1 Nov 9 09:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55736 SEQ=1 Nov 9 09:55:10 server83 dhclient[17370]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x44df108) Nov 9 09:55:10 server83 aibolit_wrapper[18468]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626623103111208.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626623103111948.txt --log=/tmp/malware_cleaner_log_17626623103113090.txt --progress=/tmp/malware_cleaner_progress_17626623103112716.json --csv_result=/tmp/revisium_csvfile_17626623103112866.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:55:14 server83 NetworkManager[922]: <warn> [1762662314.4384] dhcp4 (eth1): request timed out Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4384] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4544] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17370 Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4544] dhcp4 (eth1): state changed timeout -> done Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4545] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:55:14 server83 NetworkManager[922]: <warn> [1762662314.4548] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4550] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4577] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4580] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4580] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4582] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4590] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4591] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 09:55:14 server83 NetworkManager[922]: <info> [1762662314.4602] dhcp4 (eth1): dhclient started with pid 18611 Nov 9 09:55:14 server83 dhclient[18611]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0xe2e5c10) Nov 9 09:55:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12911 DF PROTO=TCP SPT=65239 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12912 DF PROTO=TCP SPT=65239 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.120 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50125 DPT=444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:55:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.67.107 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=56221 DPT=8002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:55:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12913 DF PROTO=TCP SPT=65239 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3517 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62535 SEQ=1 Nov 9 09:55:22 server83 dhclient[18611]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xe2e5c10) Nov 9 09:55:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20980 PROTO=TCP SPT=49956 DPT=28044 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43949 SEQ=1 Nov 9 09:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43949 SEQ=1 Nov 9 09:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63232 SEQ=1 Nov 9 09:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33717 SEQ=1 Nov 9 09:55:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12914 DF PROTO=TCP SPT=65239 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:55:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.141.115 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=58916 DF PROTO=UDP SPT=19334 DPT=19334 LEN=16 Nov 9 09:55:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9172 PROTO=TCP SPT=36194 DPT=9710 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47157 SEQ=1 Nov 9 09:55:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39727 PROTO=TCP SPT=56753 DPT=8106 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46187 PROTO=TCP SPT=35096 DPT=5351 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34197 SEQ=1 Nov 9 09:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34835 SEQ=1 Nov 9 09:55:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12915 DF PROTO=TCP SPT=65239 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47157 SEQ=1 Nov 9 09:55:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14943 SEQ=1 Nov 9 09:55:34 server83 dhclient[18611]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0xe2e5c10) Nov 9 09:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17982 SEQ=1 Nov 9 09:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14943 SEQ=1 Nov 9 09:55:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12916 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63560 SEQ=1 Nov 9 09:55:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12917 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=53695 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12918 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3516 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.141.115 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=41 ID=61202 DF PROTO=UDP SPT=19334 DPT=19334 LEN=16 Nov 9 09:55:45 server83 dhclient[18611]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0xe2e5c10) Nov 9 09:55:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12919 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:55:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:55:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 09:55:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19747 PROTO=TCP SPT=45727 DPT=30311 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19031 SEQ=1 Nov 9 09:55:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=44234 DPT=8081 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6767 SEQ=1 Nov 9 09:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6767 SEQ=1 Nov 9 09:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37010 SEQ=1 Nov 9 09:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47958 SEQ=1 Nov 9 09:55:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:55:50 server83 aibolit_wrapper[19659]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626623509588716.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626623509590640.txt --log=/tmp/malware_cleaner_log_17626623509592550.txt --progress=/tmp/malware_cleaner_progress_17626623509591994.json --csv_result=/tmp/revisium_csvfile_17626623509592240.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:55:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=57880 DPT=8008 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:55:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61294 PROTO=TCP SPT=41314 DPT=5168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:55:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37176 SEQ=1 Nov 9 09:55:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12920 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:55:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62874 SEQ=1 Nov 9 09:55:55 server83 aibolit_wrapper[19800]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626623552239170.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626623552240458.txt --log=/tmp/malware_cleaner_log_17626623552242446.txt --progress=/tmp/malware_cleaner_progress_17626623552241940.json --csv_result=/tmp/revisium_csvfile_17626623552242164.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:55:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3523 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:55:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=7177 DPT=81 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:55:59 server83 dhclient[18611]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0xe2e5c10) Nov 9 09:55:59 server83 NetworkManager[922]: <warn> [1762662359.4493] dhcp4 (eth1): request timed out Nov 9 09:55:59 server83 NetworkManager[922]: <info> [1762662359.4493] dhcp4 (eth1): state changed unknown -> timeout Nov 9 09:55:59 server83 NetworkManager[922]: <info> [1762662359.4813] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18611 Nov 9 09:55:59 server83 NetworkManager[922]: <info> [1762662359.4813] dhcp4 (eth1): state changed timeout -> done Nov 9 09:55:59 server83 NetworkManager[922]: <info> [1762662359.4815] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 09:55:59 server83 NetworkManager[922]: <warn> [1762662359.4819] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 09:55:59 server83 NetworkManager[922]: <info> [1762662359.4820] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 09:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=10366 PROTO=TCP SPT=40898 DPT=20191 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:56:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.103 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56168 DPT=47833 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:56:01 server83 systemd: Started Session 310058 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310059 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310060 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310061 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310063 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310062 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310064 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310066 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310067 of user root. Nov 9 09:56:01 server83 systemd: Started Session 310065 of user root. Nov 9 09:56:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11098 SEQ=1 Nov 9 09:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=32368 DPT=888 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.115.246 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=2001 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:56:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=14601 DPT=8880 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3432 SEQ=1 Nov 9 09:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62679 SEQ=1 Nov 9 09:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8854 SEQ=1 Nov 9 09:56:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64681 PROTO=TCP SPT=45727 DPT=31216 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63403 PROTO=TCP SPT=60448 DPT=4245 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:56:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.45 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=55711 PROTO=TCP SPT=52238 DPT=8702 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=41276 PROTO=TCP SPT=42375 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62806 SEQ=1 Nov 9 09:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=200.9.154.79 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38723 DPT=3030 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3515 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45908 PROTO=TCP SPT=32982 DPT=7534 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22041 SEQ=1 Nov 9 09:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56520 SEQ=1 Nov 9 09:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34637 SEQ=1 Nov 9 09:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3238 SEQ=1 Nov 9 09:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56520 SEQ=1 Nov 9 09:56:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=49132 PROTO=TCP SPT=42375 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22041 SEQ=1 Nov 9 09:56:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=57803 PROTO=TCP SPT=42375 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:56:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=47775 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34114 SEQ=1 Nov 9 09:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18374 SEQ=1 Nov 9 09:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11818 SEQ=1 Nov 9 09:56:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3514 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.67 DST=145.239.177.179 LEN=166 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=UDP SPT=51027 DPT=49155 LEN=146 Nov 9 09:56:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59097 DPT=2103 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:56:38 server83 aibolit_wrapper[20924]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626623984192242.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626623984193512.txt --log=/tmp/malware_cleaner_log_17626623984194606.txt --progress=/tmp/malware_cleaner_progress_17626623984194298.json --csv_result=/tmp/revisium_csvfile_17626623984194444.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59898 SEQ=1 Nov 9 09:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4329 SEQ=1 Nov 9 09:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4329 SEQ=1 Nov 9 09:56:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22244 SEQ=1 Nov 9 09:56:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:56:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.100 DST=145.239.177.179 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=13076 PROTO=UDP SPT=52530 DPT=7784 LEN=17 Nov 9 09:56:42 server83 aibolit_wrapper[21014]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626624026257116.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626624026258376.txt --log=/tmp/malware_cleaner_log_17626624026259670.txt --progress=/tmp/malware_cleaner_progress_17626624026259344.json --csv_result=/tmp/revisium_csvfile_17626624026259484.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:56:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.center: ProactiveModel.Host should not be empty Nov 9 09:56:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:56:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:56:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:56:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52835 PROTO=TCP SPT=58603 DPT=33389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34362 SEQ=1 Nov 9 09:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28931 SEQ=1 Nov 9 09:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20523 SEQ=1 Nov 9 09:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59895 SEQ=1 Nov 9 09:57:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31179 PROTO=TCP SPT=46370 DPT=2821 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.47.35.1 DST=51.210.113.204 LEN=34 TOS=0x00 PREC=0x00 TTL=49 ID=12031 PROTO=ICMP TYPE=8 CODE=0 ID=12031 SEQ=0 Nov 9 09:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:57:01 server83 systemd: Started Session 310068 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310069 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310070 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310071 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310073 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310074 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310075 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310072 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310076 of user root. Nov 9 09:57:01 server83 systemd: Started Session 310077 of user root. Nov 9 09:57:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56143 SEQ=1 Nov 9 09:57:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23077 SEQ=1 Nov 9 09:57:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52085 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3651 PROTO=TCP SPT=45485 DPT=9295 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.114.248 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55314 DPT=2103 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37623 SEQ=1 Nov 9 09:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52534 SEQ=1 Nov 9 09:57:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33143 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:15 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 09:57:15 server83 systemd: Stopped Status Update Service. Nov 9 09:57:15 server83 systemd: Started Status Update Service. Nov 9 09:57:16 server83 aibolit_wrapper[21867]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626624362445962.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626624362447668.txt --log=/tmp/malware_cleaner_log_17626624362449624.txt --progress=/tmp/malware_cleaner_progress_17626624362449090.json --csv_result=/tmp/revisium_csvfile_17626624362449348.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:57:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:57:16 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 09:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50852 SEQ=1 Nov 9 09:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34795 SEQ=1 Nov 9 09:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40284 SEQ=1 Nov 9 09:57:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=30520 PROTO=TCP SPT=56753 DPT=8100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54785 SEQ=1 Nov 9 09:57:20 server83 aibolit_wrapper[22039]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626624405392012.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626624405393494.txt --log=/tmp/malware_cleaner_log_17626624405394966.txt --progress=/tmp/malware_cleaner_progress_17626624405394580.json --csv_result=/tmp/revisium_csvfile_17626624405394760.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:57:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.143 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=23957 PROTO=TCP SPT=40393 DPT=21293 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 09:57:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=8451 PROTO=TCP SPT=34785 DPT=5910 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:57:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:57:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.222.160.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=10665 DF PROTO=TCP SPT=11689 DPT=18017 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 09:57:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.16 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=32972 DF PROTO=UDP SPT=52265 DPT=2123 LEN=20 Nov 9 09:57:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.181.172 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=27254 DF PROTO=TCP SPT=28278 DPT=27017 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 09:57:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53883 DPT=2227 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33357 SEQ=1 Nov 9 09:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.100 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49477 DPT=3333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45995 PROTO=TCP SPT=47517 DPT=7524 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56253 SEQ=1 Nov 9 09:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=1 Nov 9 09:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1397 SEQ=1 Nov 9 09:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50655 SEQ=1 Nov 9 09:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39771 SEQ=1 Nov 9 09:57:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51674 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:57:48 server83 aibolit_wrapper[22656]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626624687889002.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626624687890284.txt --log=/tmp/malware_cleaner_log_17626624687891480.txt --progress=/tmp/malware_cleaner_progress_17626624687891148.json --csv_result=/tmp/revisium_csvfile_17626624687891306.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39746 SEQ=1 Nov 9 09:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50121 SEQ=1 Nov 9 09:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55537 SEQ=1 Nov 9 09:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39746 SEQ=1 Nov 9 09:57:52 server83 pam_imunify_daemon.bin: time="2025-11-09T09:57:52+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 09:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56665 SEQ=1 Nov 9 09:57:54 server83 aibolit_wrapper[22746]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626624743820112.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626624743821490.txt --log=/tmp/malware_cleaner_log_17626624743822956.txt --progress=/tmp/malware_cleaner_progress_17626624743822588.json --csv_result=/tmp/revisium_csvfile_17626624743822756.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34681 SEQ=1 Nov 9 09:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34681 SEQ=1 Nov 9 09:57:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.78 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52414 DPT=1990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28312 PROTO=TCP SPT=52856 DPT=4286 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:58:01 server83 systemd: Started Session 310078 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310080 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310079 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310082 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310081 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310083 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310084 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310085 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310086 of user root. Nov 9 09:58:01 server83 systemd: Started Session 310087 of user root. Nov 9 09:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 09:58:01 server83 systemd: Started Session 310088 of user metalarts. Nov 9 09:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 09:58:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33176 SEQ=1 Nov 9 09:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24803 SEQ=1 Nov 9 09:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30619 SEQ=1 Nov 9 09:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30619 SEQ=1 Nov 9 09:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33176 SEQ=1 Nov 9 09:58:18 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 09:58:18 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 09:58:18 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 09:58:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37257 PROTO=TCP SPT=45727 DPT=33188 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:58:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:58:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 09:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 09:58:21 server83 aibolit_wrapper[23585]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625010021782.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625010023044.txt --log=/tmp/malware_cleaner_log_17626625010024328.txt --progress=/tmp/malware_cleaner_progress_17626625010023950.json --csv_result=/tmp/revisium_csvfile_17626625010024142.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:58:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12732 SEQ=1 Nov 9 09:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42908 SEQ=1 Nov 9 09:58:22 server83 imunify-auditd-log-reader[9638]: error messages suppressed: 16 Nov 9 09:58:22 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 09:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35874 SEQ=1 Nov 9 09:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11611 SEQ=1 Nov 9 09:58:25 server83 aibolit_wrapper[23687]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625051540592.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625051541910.txt --log=/tmp/malware_cleaner_log_17626625051543732.txt --progress=/tmp/malware_cleaner_progress_17626625051543186.json --csv_result=/tmp/revisium_csvfile_17626625051543428.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:58:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:58:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=200.9.154.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56105 DPT=3030 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:58:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:58:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35698 SEQ=1 Nov 9 09:58:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65237 SEQ=1 Nov 9 09:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=27.221.49.34 DST=145.239.177.179 LEN=34 TOS=0x00 PREC=0x00 TTL=47 ID=23465 PROTO=ICMP TYPE=8 CODE=0 ID=23465 SEQ=0 Nov 9 09:58:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38299 PROTO=TCP SPT=50728 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38300 PROTO=TCP SPT=50728 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.67.140 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38796 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58656 SEQ=1 Nov 9 09:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5071 PROTO=TCP SPT=45087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38301 PROTO=TCP SPT=50728 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5072 PROTO=TCP SPT=45087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38302 PROTO=TCP SPT=50728 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5073 PROTO=TCP SPT=45087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38303 PROTO=TCP SPT=50728 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12547 SEQ=1 Nov 9 09:58:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11128 SEQ=1 Nov 9 09:58:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51198 SEQ=1 Nov 9 09:58:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5074 PROTO=TCP SPT=45087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41752 SEQ=1 Nov 9 09:58:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5075 PROTO=TCP SPT=45087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 09:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40776 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:58:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.133 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52112 DPT=8016 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:58:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:58:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 09:58:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:58:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=1820 DF PROTO=ICMP TYPE=8 CODE=0 ID=26039 SEQ=40352 Nov 9 09:58:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26780 PROTO=TCP SPT=53120 DPT=2568 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:58:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44118 SEQ=1 Nov 9 09:58:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17032 SEQ=1 Nov 9 09:58:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63670 SEQ=1 Nov 9 09:58:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.194.70.252 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5570 DF PROTO=TCP SPT=37746 DPT=3965 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 09:58:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5980 SEQ=1 Nov 9 09:58:50 server83 aibolit_wrapper[24279]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625304171634.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625304173112.txt --log=/tmp/malware_cleaner_log_17626625304174332.txt --progress=/tmp/malware_cleaner_progress_17626625304174006.json --csv_result=/tmp/revisium_csvfile_17626625304174154.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:58:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37648 SEQ=1 Nov 9 09:58:56 server83 aibolit_wrapper[24438]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625362030638.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625362031726.txt --log=/tmp/malware_cleaner_log_17626625362032854.txt --progress=/tmp/malware_cleaner_progress_17626625362032532.json --csv_result=/tmp/revisium_csvfile_17626625362032676.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:59:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 09:59:01 server83 systemd: Started Session 310091 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310090 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310089 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310092 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310095 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310094 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310093 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310096 of user root. Nov 9 09:59:01 server83 systemd: Started Session 310097 of user root. Nov 9 09:59:01 server83 aibolit_wrapper[24611]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625419099464.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626625419102538.txt --progress=/tmp/malware_cleaner_progress_17626625419102066.json --csv_result=/tmp/revisium_csvfile_17626625419102272.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3522 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:59:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27125 SEQ=1 Nov 9 09:59:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45818 SEQ=1 Nov 9 09:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13755 SEQ=1 Nov 9 09:59:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12258 PROTO=TCP SPT=41239 DPT=5988 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 09:59:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.144.239.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=52444 DPT=2121 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.37 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=58325 PROTO=TCP SPT=52881 DPT=18480 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 09:59:16 server83 aibolit_wrapper[25103]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625563949426.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625563951208.txt --log=/tmp/malware_cleaner_log_17626625563953300.txt --progress=/tmp/malware_cleaner_progress_17626625563952648.json --csv_result=/tmp/revisium_csvfile_17626625563952884.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:59:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 09:59:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=36757 PROTO=TCP SPT=55975 DPT=7602 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45017 SEQ=1 Nov 9 09:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63127 SEQ=1 Nov 9 09:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62551 SEQ=1 Nov 9 09:59:20 server83 aibolit_wrapper[25293]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625606216970.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625606217734.txt --log=/tmp/malware_cleaner_log_17626625606218544.txt --progress=/tmp/malware_cleaner_progress_17626625606218360.json --csv_result=/tmp/revisium_csvfile_17626625606218442.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:59:22 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 09:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19632 SEQ=1 Nov 9 09:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14070 SEQ=1 Nov 9 09:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39374 SEQ=1 Nov 9 09:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65387 SEQ=1 Nov 9 09:59:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28504 PROTO=TCP SPT=55388 DPT=9715 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12921 DF PROTO=TCP SPT=53367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:59:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.227 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49665 DPT=45249 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12922 DF PROTO=TCP SPT=53367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:59:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 09:59:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12923 DF PROTO=TCP SPT=53367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:59:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=24273 PROTO=TCP SPT=54718 DPT=34407 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 09:59:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.148.147.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=46380 DPT=5901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12924 DF PROTO=TCP SPT=53367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:59:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37387 SEQ=1 Nov 9 09:59:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=26026 DF PROTO=ICMP TYPE=8 CODE=0 ID=49797 SEQ=40056 Nov 9 09:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8637 SEQ=1 Nov 9 09:59:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57298 SEQ=1 Nov 9 09:59:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50925 SEQ=1 Nov 9 09:59:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12925 DF PROTO=TCP SPT=53367 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 09:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19344 SEQ=1 Nov 9 09:59:39 server83 aibolit_wrapper[25593]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625798086386.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625798087976.txt --log=/tmp/malware_cleaner_log_17626625798089512.txt --progress=/tmp/malware_cleaner_progress_17626625798089072.json --csv_result=/tmp/revisium_csvfile_17626625798089262.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:59:45 server83 aibolit_wrapper[25677]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626625851902720.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626625851905412.txt --log=/tmp/malware_cleaner_log_17626625851907212.txt --progress=/tmp/malware_cleaner_progress_17626625851906796.json --csv_result=/tmp/revisium_csvfile_17626625851906992.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 09:59:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 09:59:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 09:59:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 09:59:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=603 SEQ=1 Nov 9 09:59:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54022 DPT=13443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33764 SEQ=1 Nov 9 09:59:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.203 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56677 DPT=4480 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35512 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 09:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3118 SEQ=1 Nov 9 09:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45255 SEQ=1 Nov 9 09:59:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63789 SEQ=1 Nov 9 10:00:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.42.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38113 DPT=646 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:00:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36638 PROTO=TCP SPT=41811 DPT=2743 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:00:01 server83 systemd: Started Session 310098 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310099 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310100 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310101 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310102 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310103 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310109 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310112 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310108 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310105 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310111 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310106 of user root. Nov 9 10:00:01 server83 aibolit_wrapper[25976]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626018210192.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626018211904.txt --log=/tmp/malware_cleaner_log_17626626018214020.txt --progress=/tmp/malware_cleaner_progress_17626626018213404.json --csv_result=/tmp/revisium_csvfile_17626626018213678.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:01 server83 systemd: Started Session 310113 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310104 of user root. Nov 9 10:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 10:00:01 server83 systemd: Started Session 310107 of user sanatanhinduvahi. Nov 9 10:00:01 server83 systemd: Started Session 310114 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310116 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310115 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310110 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310117 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310118 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310119 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310121 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310122 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310120 of user root. Nov 9 10:00:01 server83 systemd: Started Session 310123 of user root. Nov 9 10:00:02 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 10:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=6086 PROTO=TCP SPT=56337 DPT=550 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51229 SEQ=1 Nov 9 10:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50320 SEQ=1 Nov 9 10:00:06 server83 aibolit_wrapper[26727]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626061450130.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626061451268.txt --log=/tmp/malware_cleaner_log_17626626061452468.txt --progress=/tmp/malware_cleaner_progress_17626626061452168.json --csv_result=/tmp/revisium_csvfile_17626626061452302.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:00:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:00:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:00:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27230 PROTO=TCP SPT=50447 DPT=4555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:00:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.90 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=19451 PROTO=TCP SPT=42542 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:00:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.223.104.85 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57214 DPT=8200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:00:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52617 DPT=10801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:00:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47695 SEQ=1 Nov 9 10:00:22 server83 aibolit_wrapper[28697]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626223906928.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626223908262.txt --log=/tmp/malware_cleaner_log_17626626223909960.txt --progress=/tmp/malware_cleaner_progress_17626626223909628.json --csv_result=/tmp/revisium_csvfile_17626626223909784.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37841 SEQ=1 Nov 9 10:00:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46012 SEQ=1 Nov 9 10:00:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:00:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10385 PROTO=TCP SPT=55917 DPT=7517 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:00:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43945 SEQ=1 Nov 9 10:00:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.48.218 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=2637 DF PROTO=ICMP TYPE=8 CODE=0 ID=4953 SEQ=51448 Nov 9 10:00:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.206.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4161 DF PROTO=TCP SPT=40959 DPT=10624 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:00:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:00:27 server83 aibolit_wrapper[29328]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626279219684.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626279221042.txt --log=/tmp/malware_cleaner_log_17626626279223106.txt --progress=/tmp/malware_cleaner_progress_17626626279222508.json --csv_result=/tmp/revisium_csvfile_17626626279222734.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.125.82 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=36710 DPT=8181 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13888 SEQ=1 Nov 9 10:00:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49967 SEQ=1 Nov 9 10:00:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58678 SEQ=1 Nov 9 10:00:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.117.57.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=32943 DPT=8005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:00:37 server83 aibolit_wrapper[30451]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626373403738.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626373405114.txt --log=/tmp/malware_cleaner_log_17626626373406284.txt --progress=/tmp/malware_cleaner_progress_17626626373405982.json --csv_result=/tmp/revisium_csvfile_17626626373406110.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5056 SEQ=1 Nov 9 10:00:41 server83 aibolit_wrapper[31020]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626416332396.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626416333690.txt --log=/tmp/malware_cleaner_log_17626626416334822.txt --progress=/tmp/malware_cleaner_progress_17626626416334538.json --csv_result=/tmp/revisium_csvfile_17626626416334670.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:00:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=13972 PROTO=TCP SPT=54879 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=13973 PROTO=TCP SPT=54879 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47521 PROTO=TCP SPT=55096 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=13974 PROTO=TCP SPT=54879 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:45 server83 aibolit_wrapper[31560]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626458774104.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626458775744.txt --log=/tmp/malware_cleaner_log_17626626458776968.txt --progress=/tmp/malware_cleaner_progress_17626626458776674.json --csv_result=/tmp/revisium_csvfile_17626626458776800.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47522 PROTO=TCP SPT=55096 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=13975 PROTO=TCP SPT=54879 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:00:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.created: ProactiveModel.Host should not be empty Nov 9 10:00:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:00:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47523 PROTO=TCP SPT=55096 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.211.49.185 DST=51.210.113.204 LEN=165 TOS=0x14 PREC=0x00 TTL=49 ID=11003 PROTO=UDP SPT=12027 DPT=1900 LEN=145 Nov 9 10:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27909 SEQ=1 Nov 9 10:00:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47525 PROTO=TCP SPT=55096 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44899 SEQ=1 Nov 9 10:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60572 SEQ=1 Nov 9 10:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60572 SEQ=1 Nov 9 10:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36061 SEQ=1 Nov 9 10:00:53 server83 pam_imunify_daemon.bin: time="2025-11-09T10:00:53+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 10:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4214 SEQ=1 Nov 9 10:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4214 SEQ=1 Nov 9 10:00:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=35162 PROTO=TCP SPT=56185 DPT=7918 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4474] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4478] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4479] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4482] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4492] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4495] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:00:59 server83 NetworkManager[922]: <info> [1762662659.4508] dhcp4 (eth1): dhclient started with pid 747 Nov 9 10:00:59 server83 dhclient[747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x63306e60) Nov 9 10:01:00 server83 aibolit_wrapper[824]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626601254666.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626601255866.txt --log=/tmp/malware_cleaner_log_17626626601256678.txt --progress=/tmp/malware_cleaner_progress_17626626601256454.json --csv_result=/tmp/revisium_csvfile_17626626601256546.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:01:01 server83 systemd: Started Session 310124 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310126 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310128 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310130 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310131 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310127 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310125 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310132 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310133 of user root. Nov 9 10:01:01 server83 systemd: Started Session 310129 of user root. Nov 9 10:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:01:02 server83 dhclient[747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x63306e60) Nov 9 10:01:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38876 PROTO=TCP SPT=49956 DPT=27174 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:06 server83 dhclient[747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x63306e60) Nov 9 10:01:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20186 SEQ=1 Nov 9 10:01:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43490 SEQ=1 Nov 9 10:01:15 server83 aibolit_wrapper[2754]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626753399608.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626753400798.txt --log=/tmp/malware_cleaner_log_17626626753401980.txt --progress=/tmp/malware_cleaner_progress_17626626753401576.json --csv_result=/tmp/revisium_csvfile_17626626753401752.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:01:16 server83 dhclient[747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x63306e60) Nov 9 10:01:19 server83 aibolit_wrapper[3358]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626795272210.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626626795273778.txt --log=/tmp/malware_cleaner_log_17626626795275312.txt --progress=/tmp/malware_cleaner_progress_17626626795274884.json --csv_result=/tmp/revisium_csvfile_17626626795275100.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:01:22 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.198.98.252 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=39757 DF PROTO=UDP SPT=43795 DPT=5353 LEN=40 Nov 9 10:01:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14844 PROTO=TCP SPT=44175 DPT=8506 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33964 SEQ=1 Nov 9 10:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41408 SEQ=1 Nov 9 10:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25473 SEQ=1 Nov 9 10:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19381 SEQ=1 Nov 9 10:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19788 SEQ=1 Nov 9 10:01:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.42 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49169 DPT=4100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:01:24 server83 aibolit_wrapper[4007]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626626848379934.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626626848383170.txt --progress=/tmp/malware_cleaner_progress_17626626848382520.json --csv_result=/tmp/revisium_csvfile_17626626848382754.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:01:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.92.220.99 DST=51.210.113.204 LEN=72 TOS=0x00 PREC=0x00 TTL=41 ID=5186 DF PROTO=ICMP TYPE=8 CODE=0 ID=11038 SEQ=20227 Nov 9 10:01:25 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:01:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=829 PROTO=TCP SPT=50617 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:01:28 server83 dhclient[747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x63306e60) Nov 9 10:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.213 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=58032 DPT=646 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.171 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=22395 PROTO=TCP SPT=57083 DPT=2222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=830 PROTO=TCP SPT=50617 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:01:29 server83 scripts.sh: Sun Nov 9 10:01:29 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:01:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49018 PROTO=TCP SPT=60556 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:01:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=831 PROTO=TCP SPT=50617 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:01:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49020 PROTO=TCP SPT=60556 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58532 SEQ=1 Nov 9 10:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13704 SEQ=1 Nov 9 10:01:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=49022 PROTO=TCP SPT=60556 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:01:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59256 SEQ=1 Nov 9 10:01:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63445 SEQ=1 Nov 9 10:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63956 SEQ=1 Nov 9 10:01:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32061 PROTO=TCP SPT=46370 DPT=1696 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63956 SEQ=1 Nov 9 10:01:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51855 DPT=9675 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:01:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51067 DPT=29000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:01:44 server83 NetworkManager[922]: <warn> [1762662704.4423] dhcp4 (eth1): request timed out Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 747 Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:01:44 server83 NetworkManager[922]: <warn> [1762662704.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4629] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4630] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4635] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4645] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4649] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:01:44 server83 NetworkManager[922]: <info> [1762662704.4661] dhcp4 (eth1): dhclient started with pid 6522 Nov 9 10:01:44 server83 dhclient[6522]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x26c83d58) Nov 9 10:01:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46304 PROTO=TCP SPT=45727 DPT=31547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:01:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:01:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:01:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:01:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24817 PROTO=TCP SPT=45727 DPT=30970 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:49 server83 dhclient[6522]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x26c83d58) Nov 9 10:01:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25758 PROTO=TCP SPT=44194 DPT=9954 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:01:51 server83 aibolit_wrapper[7345]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627115809730.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627115811088.txt --log=/tmp/malware_cleaner_log_17626627115812268.txt --progress=/tmp/malware_cleaner_progress_17626627115811942.json --csv_result=/tmp/revisium_csvfile_17626627115812084.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50050 SEQ=1 Nov 9 10:01:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.182 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=8329 PROTO=TCP SPT=56202 DPT=2484 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34694 SEQ=1 Nov 9 10:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54058 SEQ=1 Nov 9 10:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54058 SEQ=1 Nov 9 10:01:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61322 SEQ=1 Nov 9 10:01:55 server83 dhclient[6522]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x26c83d58) Nov 9 10:01:55 server83 aibolit_wrapper[7832]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627157794616.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627157796032.txt --log=/tmp/malware_cleaner_log_17626627157797924.txt --progress=/tmp/malware_cleaner_progress_17626627157797400.json --csv_result=/tmp/revisium_csvfile_17626627157797630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:01:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:02:01 server83 systemd: Started Session 310134 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310137 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310138 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310140 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310135 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310139 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310136 of user root. Nov 9 10:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:02:01 server83 systemd: Started Session 310141 of user root. Nov 9 10:02:01 server83 systemd: Started Session 310142 of user root. Nov 9 10:02:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12926 DF PROTO=TCP SPT=57229 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12927 DF PROTO=TCP SPT=57229 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26695 SEQ=1 Nov 9 10:02:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60250 PROTO=TCP SPT=34116 DPT=9786 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:02:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12928 DF PROTO=TCP SPT=57229 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50591 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=11359 DF PROTO=ICMP TYPE=8 CODE=0 ID=30726 SEQ=61802 Nov 9 10:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23786 SEQ=1 Nov 9 10:02:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27796 SEQ=1 Nov 9 10:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20438 SEQ=1 Nov 9 10:02:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.12 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=480 PROTO=TCP SPT=26200 DPT=2552 WINDOW=58725 RES=0x00 SYN URGP=0 Nov 9 10:02:06 server83 dhclient[6522]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x26c83d58) Nov 9 10:02:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.79.198 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=56983 DF PROTO=TCP SPT=58007 DPT=6296 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:02:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12929 DF PROTO=TCP SPT=57376 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12930 DF PROTO=TCP SPT=57229 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12931 DF PROTO=TCP SPT=57376 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.138 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=30698 PROTO=TCP SPT=42360 DPT=16302 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:02:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12932 DF PROTO=TCP SPT=57376 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56211 PROTO=TCP SPT=52351 DPT=5528 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12933 DF PROTO=TCP SPT=57376 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=123.58.200.120 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=0 DF PROTO=TCP SPT=44101 DPT=6013 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46914 SEQ=1 Nov 9 10:02:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12934 DF PROTO=TCP SPT=57229 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:02:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26258 PROTO=TCP SPT=62643 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26259 PROTO=TCP SPT=62643 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=45647 PROTO=TCP SPT=46850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26260 PROTO=TCP SPT=62643 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60397 SEQ=1 Nov 9 10:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63841 SEQ=1 Nov 9 10:02:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=45648 PROTO=TCP SPT=46850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26261 PROTO=TCP SPT=62643 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14651 SEQ=1 Nov 9 10:02:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=45649 PROTO=TCP SPT=46850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:24 server83 aibolit_wrapper[11443]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627449670944.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627449672064.txt --log=/tmp/malware_cleaner_log_17626627449674026.txt --progress=/tmp/malware_cleaner_progress_17626627449673638.json --csv_result=/tmp/revisium_csvfile_17626627449673810.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=45651 PROTO=TCP SPT=46850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:02:25 server83 dhclient[6522]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x26c83d58) Nov 9 10:02:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:02:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:02:29 server83 NetworkManager[922]: <warn> [1762662749.4513] dhcp4 (eth1): request timed out Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6522 Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4596] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:02:29 server83 NetworkManager[922]: <warn> [1762662749.4603] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4606] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4661] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4667] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4669] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4675] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4687] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4691] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:02:29 server83 NetworkManager[922]: <info> [1762662749.4703] dhcp4 (eth1): dhclient started with pid 12006 Nov 9 10:02:29 server83 dhclient[12006]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x716e4863) Nov 9 10:02:30 server83 aibolit_wrapper[12135]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627505814524.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627505815676.txt --log=/tmp/malware_cleaner_log_17626627505816946.txt --progress=/tmp/malware_cleaner_progress_17626627505816638.json --csv_result=/tmp/revisium_csvfile_17626627505816780.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:02:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.135 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=35026 PROTO=TCP SPT=48450 DPT=5551 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:02:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40257 PROTO=TCP SPT=46370 DPT=2536 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:32 server83 pam_imunify_daemon.bin: time="2025-11-09T10:02:32+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 10:02:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9868 SEQ=1 Nov 9 10:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21521 PROTO=TCP SPT=42055 DPT=44048 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:35 server83 dhclient[12006]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x716e4863) Nov 9 10:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14462 SEQ=1 Nov 9 10:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=24216 PROTO=TCP SPT=55917 DPT=7504 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17183 SEQ=1 Nov 9 10:02:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39169 PROTO=TCP SPT=45727 DPT=34578 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44034 PROTO=TCP SPT=57143 DPT=8614 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:02:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:02:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:02:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.cache: ProactiveModel.Host should not be empty Nov 9 10:02:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:02:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:02:48 server83 dhclient[12006]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x716e4863) Nov 9 10:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32635 SEQ=1 Nov 9 10:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53897 SEQ=1 Nov 9 10:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5625 SEQ=1 Nov 9 10:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44336 SEQ=1 Nov 9 10:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53897 SEQ=1 Nov 9 10:02:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49537 DPT=29000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:02:58 server83 aibolit_wrapper[15249]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627783416698.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627783418462.txt --log=/tmp/malware_cleaner_log_17626627783420032.txt --progress=/tmp/malware_cleaner_progress_17626627783419628.json --csv_result=/tmp/revisium_csvfile_17626627783419812.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:03:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57214 DPT=3344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:03:01 server83 systemd: Started Session 310143 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310146 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310148 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310147 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310144 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310149 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310145 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310150 of user root. Nov 9 10:03:01 server83 systemd: Started Session 310151 of user root. Nov 9 10:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40954 SEQ=1 Nov 9 10:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55048 SEQ=1 Nov 9 10:03:02 server83 aibolit_wrapper[15830]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627825977594.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627825979132.txt --log=/tmp/malware_cleaner_log_17626627825980928.txt --progress=/tmp/malware_cleaner_progress_17626627825980482.json --csv_result=/tmp/revisium_csvfile_17626627825980700.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20869 SEQ=1 Nov 9 10:03:03 server83 dhclient[12006]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x716e4863) Nov 9 10:03:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.111 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=14319 PROTO=TCP SPT=41801 DPT=39514 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41307 SEQ=1 Nov 9 10:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40029 SEQ=1 Nov 9 10:03:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1753 PROTO=TCP SPT=49956 DPT=26378 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:03:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35207 PROTO=TCP SPT=53583 DPT=8646 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:03:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=1901 PROTO=TCP SPT=40914 DPT=20191 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:03:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58781 PROTO=TCP SPT=49956 DPT=25939 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:03:14 server83 NetworkManager[922]: <warn> [1762662794.4498] dhcp4 (eth1): request timed out Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4499] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4658] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12006 Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4658] dhcp4 (eth1): state changed timeout -> done Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4660] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:03:14 server83 NetworkManager[922]: <warn> [1762662794.4664] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4666] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4697] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4701] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4702] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4705] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4715] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4717] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:03:14 server83 NetworkManager[922]: <info> [1762662794.4729] dhcp4 (eth1): dhclient started with pid 17220 Nov 9 10:03:14 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x34171a0) Nov 9 10:03:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31544 PROTO=TCP SPT=37080 DPT=8750 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:03:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23401 SEQ=1 Nov 9 10:03:18 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x34171a0) Nov 9 10:03:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33673 SEQ=1 Nov 9 10:03:19 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:03:19 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:03:19 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:03:19 server83 aibolit_wrapper[18332]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626627998621940.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626627998623702.txt --log=/tmp/malware_cleaner_log_17626627998625152.txt --progress=/tmp/malware_cleaner_progress_17626627998624758.json --csv_result=/tmp/revisium_csvfile_17626627998624940.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:03:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33673 SEQ=1 Nov 9 10:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25266 SEQ=1 Nov 9 10:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42223 SEQ=1 Nov 9 10:03:22 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x34171a0) Nov 9 10:03:24 server83 aibolit_wrapper[18828]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628040014100.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628040015258.txt --log=/tmp/malware_cleaner_log_17626628040016400.txt --progress=/tmp/malware_cleaner_progress_17626628040016112.json --csv_result=/tmp/revisium_csvfile_17626628040016236.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12436 SEQ=1 Nov 9 10:03:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50751 PROTO=TCP SPT=37259 DPT=9648 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:03:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4767 PROTO=TCP SPT=32892 DPT=5864 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:03:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:03:26 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x34171a0) Nov 9 10:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31508 SEQ=1 Nov 9 10:03:33 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x34171a0) Nov 9 10:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53339 SEQ=1 Nov 9 10:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12058 SEQ=1 Nov 9 10:03:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:03:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3512 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55315 SEQ=1 Nov 9 10:03:37 server83 systemd: Started Session c2864 of user root. Nov 9 10:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55315 SEQ=1 Nov 9 10:03:38 server83 scripts.sh: Load Average: 3.06 , 2.82 Nov 9 10:03:38 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 10:03:38 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 10:03:38 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 10:03:38 server83 scripts.sh: HTTPD Status: inactive Nov 9 10:03:38 server83 scripts.sh: MySQL Status: active Nov 9 10:03:38 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 10:03:38 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 10:03:38 server83 scripts.sh: SSHD Status: active Nov 9 10:03:38 server83 scripts.sh: FTP Status: active Nov 9 10:03:38 server83 scripts.sh: LiteSpeed Status: Active Nov 9 10:03:38 server83 scripts.sh: Imunify Status: Active Nov 9 10:03:38 server83 scripts.sh: cPanel Status: active Nov 9 10:03:38 server83 scripts.sh: Memory Status: 13/31 GB - 41.62% Nov 9 10:03:38 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 10:03:38 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 10:03:38 server83 scripts.sh: Local Version: 4.4.5 Nov 9 10:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31502 SEQ=1 Nov 9 10:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=103 ID=30460 DF PROTO=TCP SPT=49985 DPT=2222 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:03:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=103 ID=30462 DF PROTO=TCP SPT=49985 DPT=2222 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:03:43 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x34171a0) Nov 9 10:03:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1398 PROTO=TCP SPT=53120 DPT=2470 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:03:46 server83 aibolit_wrapper[21589]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628266147454.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628266148584.txt --log=/tmp/malware_cleaner_log_17626628266149508.txt --progress=/tmp/malware_cleaner_progress_17626628266149250.json --csv_result=/tmp/revisium_csvfile_17626628266149368.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:03:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55964 SEQ=1 Nov 9 10:03:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:03:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.db2_convert: ProactiveModel.Host should not be empty Nov 9 10:03:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:03:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:03:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38947 SEQ=1 Nov 9 10:03:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.83 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54624 DPT=5080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:03:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=30464 DF PROTO=TCP SPT=49985 DPT=2222 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 10:03:50 server83 dhclient[17220]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x34171a0) Nov 9 10:03:50 server83 aibolit_wrapper[22081]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628308421498.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628308422548.txt --log=/tmp/malware_cleaner_log_17626628308423926.txt --progress=/tmp/malware_cleaner_progress_17626628308423572.json --csv_result=/tmp/revisium_csvfile_17626628308423758.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60544 SEQ=1 Nov 9 10:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40486 SEQ=1 Nov 9 10:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7659 SEQ=1 Nov 9 10:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.123 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=47572 DF PROTO=ICMP TYPE=8 CODE=0 ID=38577 SEQ=62805 Nov 9 10:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65486 SEQ=1 Nov 9 10:03:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65486 SEQ=1 Nov 9 10:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.92.47 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=45 ID=52307 DF PROTO=TCP SPT=53331 DPT=4643 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:03:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.24.237.176 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56167 PROTO=TCP SPT=52073 DPT=47506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:03:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=5890 PROTO=TCP SPT=40898 DPT=2456 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:03:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12936 DF PROTO=TCP SPT=42176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:03:59 server83 NetworkManager[922]: <warn> [1762662839.4514] dhcp4 (eth1): request timed out Nov 9 10:03:59 server83 NetworkManager[922]: <info> [1762662839.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:03:59 server83 NetworkManager[922]: <info> [1762662839.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17220 Nov 9 10:03:59 server83 NetworkManager[922]: <info> [1762662839.4594] dhcp4 (eth1): state changed timeout -> done Nov 9 10:03:59 server83 NetworkManager[922]: <info> [1762662839.4596] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:03:59 server83 NetworkManager[922]: <warn> [1762662839.4602] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:03:59 server83 NetworkManager[922]: <info> [1762662839.4605] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:04:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12937 DF PROTO=TCP SPT=42176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:04:01 server83 systemd: Started Session 310152 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310153 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310154 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310155 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310156 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310157 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310158 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310159 of user root. Nov 9 10:04:01 server83 systemd: Started Session 310160 of user root. Nov 9 10:04:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12938 DF PROTO=TCP SPT=42176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:04:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16020 SEQ=1 Nov 9 10:04:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12939 DF PROTO=TCP SPT=42176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13308 SEQ=1 Nov 9 10:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25273 SEQ=1 Nov 9 10:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46316 SEQ=1 Nov 9 10:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46316 SEQ=1 Nov 9 10:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16020 SEQ=1 Nov 9 10:04:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:04:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.123 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=59967 DF PROTO=TCP SPT=53708 DPT=23044 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:04:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12940 DF PROTO=TCP SPT=42176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:04:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7652 SEQ=1 Nov 9 10:04:18 server83 aibolit_wrapper[25389]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628581220406.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628581221892.txt --log=/tmp/malware_cleaner_log_17626628581223628.txt --progress=/tmp/malware_cleaner_progress_17626628581222810.json --csv_result=/tmp/revisium_csvfile_17626628581223118.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:04:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21822 SEQ=1 Nov 9 10:04:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1128 SEQ=1 Nov 9 10:04:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36696 DPT=20020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11754 SEQ=1 Nov 9 10:04:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.167 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=56725 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:24 server83 aibolit_wrapper[26246]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628640502422.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628640503624.txt --log=/tmp/malware_cleaner_log_17626628640506712.txt --progress=/tmp/malware_cleaner_progress_17626628640506308.json --csv_result=/tmp/revisium_csvfile_17626628640506536.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:04:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42533 SEQ=1 Nov 9 10:04:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53897 DPT=31337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:04:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2349 PROTO=TCP SPT=39243 DPT=4662 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22430 SEQ=1 Nov 9 10:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48791 SEQ=1 Nov 9 10:04:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54729 PROTO=TCP SPT=41811 DPT=2676 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:04:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42258 PROTO=TCP SPT=50391 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63570 PROTO=TCP SPT=45727 DPT=34050 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:04:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:04:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42259 PROTO=TCP SPT=50391 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:04:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19230 PROTO=TCP SPT=58288 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:04:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42260 PROTO=TCP SPT=50391 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22571 SEQ=1 Nov 9 10:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51720 SEQ=1 Nov 9 10:04:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42262 PROTO=TCP SPT=50391 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65399 SEQ=1 Nov 9 10:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42192 SEQ=1 Nov 9 10:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36064 SEQ=1 Nov 9 10:04:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19234 PROTO=TCP SPT=58288 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:04:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13766 PROTO=TCP SPT=42767 DPT=6909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3511 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:04:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:04:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.rfind: ProactiveModel.Host should not be empty Nov 9 10:04:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63692 SEQ=1 Nov 9 10:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3016 SEQ=1 Nov 9 10:04:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10330 PROTO=TCP SPT=46926 DPT=5110 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26953 SEQ=1 Nov 9 10:04:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32756 SEQ=1 Nov 9 10:04:52 server83 aibolit_wrapper[30021]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628925961172.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628925962656.txt --log=/tmp/malware_cleaner_log_17626628925963994.txt --progress=/tmp/malware_cleaner_progress_17626628925963648.json --csv_result=/tmp/revisium_csvfile_17626628925963792.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:04:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33536 SEQ=1 Nov 9 10:04:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.230 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47961 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33536 SEQ=1 Nov 9 10:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63692 SEQ=1 Nov 9 10:04:56 server83 aibolit_wrapper[30555]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626628967495602.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626628967496362.txt --log=/tmp/malware_cleaner_log_17626628967497100.txt --progress=/tmp/malware_cleaner_progress_17626628967496922.json --csv_result=/tmp/revisium_csvfile_17626628967497000.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:05:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:05:00 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 10:05:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40147 SEQ=1 Nov 9 10:05:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3171 SEQ=1 Nov 9 10:05:01 server83 systemd: Started Session 310161 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310164 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310162 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310163 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310167 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310166 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310165 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310168 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310170 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310169 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310174 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310171 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310172 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310176 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310177 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310175 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310178 of user root. Nov 9 10:05:01 server83 systemd: Started Session 310173 of user root. Nov 9 10:05:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34733 SEQ=1 Nov 9 10:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16508 SEQ=1 Nov 9 10:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22749 SEQ=1 Nov 9 10:05:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22645 PROTO=TCP SPT=44023 DPT=7139 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:05:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20833 PROTO=TCP SPT=49956 DPT=27661 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:05:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:05:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52836 DPT=10801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19838 SEQ=1 Nov 9 10:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46607 SEQ=1 Nov 9 10:05:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.115.246 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2016 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52257 SEQ=1 Nov 9 10:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55779 SEQ=1 Nov 9 10:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35836 SEQ=1 Nov 9 10:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32948 SEQ=1 Nov 9 10:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33974 SEQ=1 Nov 9 10:05:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=64638 PROTO=TCP SPT=56337 DPT=11000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:05:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:05:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.207.229 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=7541 DF PROTO=TCP SPT=41525 DPT=27006 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:05:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:05:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29482 SEQ=1 Nov 9 10:05:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.58.208 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=52216 DF PROTO=ICMP TYPE=8 CODE=0 ID=33128 SEQ=54013 Nov 9 10:05:36 server83 aibolit_wrapper[3481]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626629360400262.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626629360401618.txt --log=/tmp/malware_cleaner_log_17626629360406914.txt --progress=/tmp/malware_cleaner_progress_17626629360406418.json --csv_result=/tmp/revisium_csvfile_17626629360406694.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56028 SEQ=1 Nov 9 10:05:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17587 SEQ=1 Nov 9 10:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3500 SEQ=1 Nov 9 10:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54414 SEQ=1 Nov 9 10:05:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27284 PROTO=TCP SPT=64991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:41 server83 aibolit_wrapper[4021]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626629417618638.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626629417619962.txt --log=/tmp/malware_cleaner_log_17626629417621448.txt --progress=/tmp/malware_cleaner_progress_17626629417621072.json --csv_result=/tmp/revisium_csvfile_17626629417621216.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:05:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27285 PROTO=TCP SPT=64991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39322 PROTO=TCP SPT=33252 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27286 PROTO=TCP SPT=64991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39323 PROTO=TCP SPT=33252 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27287 PROTO=TCP SPT=64991 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39324 PROTO=TCP SPT=33252 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:05:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.partition: ProactiveModel.Host should not be empty Nov 9 10:05:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:05:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39326 PROTO=TCP SPT=33252 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34159 SEQ=1 Nov 9 10:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7793 SEQ=1 Nov 9 10:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15804 SEQ=1 Nov 9 10:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34159 SEQ=1 Nov 9 10:05:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32711 PROTO=TCP SPT=60445 DPT=4611 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22702 SEQ=1 Nov 9 10:05:56 server83 pam_imunify_daemon.bin: time="2025-11-09T10:05:56+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 10:05:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.100 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50641 DPT=47168 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:06:01 server83 systemd: Started Session 310179 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310181 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310180 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310182 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310186 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310184 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310183 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310185 of user root. Nov 9 10:06:01 server83 systemd: Started Session 310187 of user root. Nov 9 10:06:02 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.147.49 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19306 DPT=19306 LEN=16 Nov 9 10:06:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=15953 PROTO=TCP SPT=56114 DPT=7819 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36137 PROTO=TCP SPT=42111 DPT=2502 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47496 SEQ=1 Nov 9 10:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55249 SEQ=1 Nov 9 10:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49622 SEQ=1 Nov 9 10:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13380 SEQ=1 Nov 9 10:06:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:06:08 server83 aibolit_wrapper[6896]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626629684153860.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626629684155658.txt --log=/tmp/malware_cleaner_log_17626629684158074.txt --progress=/tmp/malware_cleaner_progress_17626629684157474.json --csv_result=/tmp/revisium_csvfile_17626629684157748.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47496 SEQ=1 Nov 9 10:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30949 SEQ=1 Nov 9 10:06:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.107 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50778 DPT=13128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:06:12 server83 aibolit_wrapper[7435]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626629725905468.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626629725906640.txt --log=/tmp/malware_cleaner_log_17626629725907820.txt --progress=/tmp/malware_cleaner_progress_17626629725907528.json --csv_result=/tmp/revisium_csvfile_17626629725907654.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:06:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3510 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63758 SEQ=1 Nov 9 10:06:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24346 SEQ=1 Nov 9 10:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61668 SEQ=1 Nov 9 10:06:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3509 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58191 SEQ=1 Nov 9 10:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1565 SEQ=1 Nov 9 10:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33316 SEQ=1 Nov 9 10:06:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.106.32.192 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=29379 PROTO=TCP SPT=45157 DPT=631 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:06:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:06:29 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:06:29 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:06:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14564 SEQ=1 Nov 9 10:06:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47926 SEQ=1 Nov 9 10:06:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3517 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2769 SEQ=1 Nov 9 10:06:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2769 SEQ=1 Nov 9 10:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49362 SEQ=1 Nov 9 10:06:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:06:41 server83 aibolit_wrapper[10991]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626630017404600.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626630017405594.txt --log=/tmp/malware_cleaner_log_17626630017406592.txt --progress=/tmp/malware_cleaner_progress_17626630017406252.json --csv_result=/tmp/revisium_csvfile_17626630017406404.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:06:45 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 10:06:45 server83 systemd: Stopped Status Update Service. Nov 9 10:06:45 server83 systemd: Started Status Update Service. Nov 9 10:06:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.113.20 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=14175 DF PROTO=TCP SPT=15199 DPT=3120 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:06:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:06:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 10:06:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:06:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:06:47 server83 aibolit_wrapper[11625]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626630070594306.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626630070595546.txt --log=/tmp/malware_cleaner_log_17626630070597968.txt --progress=/tmp/malware_cleaner_progress_17626630070597644.json --csv_result=/tmp/revisium_csvfile_17626630070597806.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:06:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3508 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:49 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:06:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=48506 PROTO=TCP SPT=56972 DPT=8420 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65331 SEQ=1 Nov 9 10:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63362 SEQ=1 Nov 9 10:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56645 SEQ=1 Nov 9 10:06:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36859 PROTO=TCP SPT=42111 DPT=2450 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64208 SEQ=1 Nov 9 10:06:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=52599 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32934 SEQ=1 Nov 9 10:06:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3516 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32934 SEQ=1 Nov 9 10:06:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=58322 DF PROTO=TCP SPT=40586 DPT=8081 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:06:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24252 PROTO=TCP SPT=35342 DPT=9593 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:06:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44575 PROTO=TCP SPT=63932 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:07:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44576 PROTO=TCP SPT=63932 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:07:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41993 PROTO=TCP SPT=53026 DPT=4362 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:07:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27476 PROTO=TCP SPT=56614 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:07:01 server83 systemd: Started Session 310188 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310189 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310190 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310191 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310192 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310193 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310194 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310195 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310196 of user root. Nov 9 10:07:01 server83 systemd: Started Session 310197 of user root. Nov 9 10:07:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24442 SEQ=1 Nov 9 10:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27478 PROTO=TCP SPT=56614 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4856 SEQ=1 Nov 9 10:07:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27479 PROTO=TCP SPT=56614 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:07:04 server83 aibolit_wrapper[13878]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626630245986442.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626630245987742.txt --log=/tmp/malware_cleaner_log_17626630245989038.txt --progress=/tmp/malware_cleaner_progress_17626630245988652.json --csv_result=/tmp/revisium_csvfile_17626630245988842.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27480 PROTO=TCP SPT=56614 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32888 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20055 SEQ=1 Nov 9 10:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32889 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20434 SEQ=1 Nov 9 10:07:08 server83 aibolit_wrapper[14403]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626630287417200.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626630287417972.txt --log=/tmp/malware_cleaner_log_17626630287418832.txt --progress=/tmp/malware_cleaner_progress_17626630287418630.json --csv_result=/tmp/revisium_csvfile_17626630287418732.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:07:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.108 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=18072 PROTO=TCP SPT=49262 DPT=3052 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:07:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32890 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31467 SEQ=1 Nov 9 10:07:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28833 SEQ=1 Nov 9 10:07:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=33289 PROTO=TCP SPT=56506 DPT=3394 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32891 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:07:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3093 SEQ=1 Nov 9 10:07:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18109 SEQ=1 Nov 9 10:07:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11629 SEQ=1 Nov 9 10:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32892 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6095 PROTO=TCP SPT=45727 DPT=34834 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24132 SEQ=1 Nov 9 10:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.172 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=109 ID=25609 DF PROTO=ICMP TYPE=8 CODE=0 ID=51851 SEQ=8908 Nov 9 10:07:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=62140 DF PROTO=ICMP TYPE=8 CODE=0 ID=27318 SEQ=38886 Nov 9 10:07:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:07:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.107 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53475 DPT=12022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:07:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3515 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:07:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33063 SEQ=1 Nov 9 10:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53877 SEQ=1 Nov 9 10:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61872 SEQ=1 Nov 9 10:07:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=23005 PROTO=TCP SPT=56114 DPT=7810 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32893 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:38 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34868 SEQ=1 Nov 9 10:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33063 SEQ=1 Nov 9 10:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14013 SEQ=1 Nov 9 10:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37074 SEQ=1 Nov 9 10:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39442 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39443 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39444 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:44 server83 aibolit_wrapper[18327]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626630640241816.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626630640243074.txt --log=/tmp/malware_cleaner_log_17626630640243950.txt --progress=/tmp/malware_cleaner_progress_17626630640243724.json --csv_result=/tmp/revisium_csvfile_17626630640243816.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:07:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3514 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:07:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 10:07:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:07:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:07:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39445 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:07:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23321 SEQ=1 Nov 9 10:07:49 server83 aibolit_wrapper[19026]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626630697179320.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626630697180798.txt --log=/tmp/malware_cleaner_log_17626630697182564.txt --progress=/tmp/malware_cleaner_progress_17626630697182198.json --csv_result=/tmp/revisium_csvfile_17626630697182358.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:07:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39840 SEQ=1 Nov 9 10:07:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36414 SEQ=1 Nov 9 10:07:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36414 SEQ=1 Nov 9 10:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39446 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:01 server83 systemd: Started Session 310199 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310201 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310200 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310198 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310203 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310202 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310205 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310204 of user root. Nov 9 10:08:01 server83 systemd: Started Session 310206 of user root. Nov 9 10:08:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11669 PROTO=TCP SPT=53120 DPT=2730 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:08:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17829 SEQ=1 Nov 9 10:08:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:08:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=12272 PROTO=TCP SPT=40531 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.128.159.10 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=15714 DF PROTO=ICMP TYPE=8 CODE=0 ID=32135 SEQ=12286 Nov 9 10:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30251 SEQ=1 Nov 9 10:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52838 SEQ=1 Nov 9 10:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42544 SEQ=1 Nov 9 10:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62996 SEQ=1 Nov 9 10:08:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.212.123.177 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=50500 PROTO=TCP SPT=29756 DPT=7077 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31333 SEQ=1 Nov 9 10:08:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32894 DF PROTO=TCP SPT=39606 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39447 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=23222 DF PROTO=TCP SPT=63724 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:08:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=23223 DF PROTO=TCP SPT=63724 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:08:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=23224 DF PROTO=TCP SPT=63724 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52982 SEQ=1 Nov 9 10:08:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19421 SEQ=1 Nov 9 10:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=23225 DF PROTO=TCP SPT=63724 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7629 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:20 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:08:20 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:08:20 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 10:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 10:08:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36371 SEQ=1 Nov 9 10:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40750 SEQ=1 Nov 9 10:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7630 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11881 SEQ=1 Nov 9 10:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13185 SEQ=1 Nov 9 10:08:23 server83 aibolit_wrapper[23565]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631033184852.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631033186150.txt --log=/tmp/malware_cleaner_log_17626631033187420.txt --progress=/tmp/malware_cleaner_progress_17626631033187100.json --csv_result=/tmp/revisium_csvfile_17626631033187266.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7631 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.131 DST=51.210.113.204 LEN=45 TOS=0x00 PREC=0x00 TTL=35 ID=38787 PROTO=UDP SPT=43052 DPT=47807 LEN=25 Nov 9 10:08:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:08:27 server83 aibolit_wrapper[24006]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631074871590.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631074872780.txt --log=/tmp/malware_cleaner_log_17626631074874294.txt --progress=/tmp/malware_cleaner_progress_17626631074873884.json --csv_result=/tmp/revisium_csvfile_17626631074874064.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7632 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=23251 DF PROTO=TCP SPT=64037 DPT=8090 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:08:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30339 PROTO=TCP SPT=44856 DPT=9092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:08:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=23253 DF PROTO=TCP SPT=64037 DPT=8090 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:08:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:08:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.118.216.147 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=55382 PROTO=TCP SPT=60820 DPT=5222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:08:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=23254 DF PROTO=TCP SPT=64037 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41265 SEQ=1 Nov 9 10:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=64309 DF PROTO=ICMP TYPE=8 CODE=0 ID=51167 SEQ=27377 Nov 9 10:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25616 SEQ=1 Nov 9 10:08:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=23255 DF PROTO=TCP SPT=64037 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7633 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=55927 PROTO=TCP SPT=59403 DPT=6671 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:08:37 server83 aibolit_wrapper[25186]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631172783492.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631172785184.txt --log=/tmp/malware_cleaner_log_17626631172787322.txt --progress=/tmp/malware_cleaner_progress_17626631172786670.json --csv_result=/tmp/revisium_csvfile_17626631172786948.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26511 SEQ=1 Nov 9 10:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41424 SEQ=1 Nov 9 10:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41424 SEQ=1 Nov 9 10:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5141 SEQ=1 Nov 9 10:08:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.187 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42644 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:08:41 server83 aibolit_wrapper[25655]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631215103738.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631215105260.txt --log=/tmp/malware_cleaner_log_17626631215107088.txt --progress=/tmp/malware_cleaner_progress_17626631215106688.json --csv_result=/tmp/revisium_csvfile_17626631215106880.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:08:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.41.6 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=4607 DF PROTO=TCP SPT=38993 DPT=1248 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:08:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53780 PROTO=TCP SPT=46918 DPT=8318 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:08:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=39448 DF PROTO=TCP SPT=40392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:45 server83 aibolit_wrapper[26126]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631257441700.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631257442800.txt --log=/tmp/malware_cleaner_log_17626631257444112.txt --progress=/tmp/malware_cleaner_progress_17626631257443804.json --csv_result=/tmp/revisium_csvfile_17626631257443928.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:08:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:08:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:08:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:08:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=64534 PROTO=TCP SPT=56185 DPT=7912 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:08:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35569 SEQ=1 Nov 9 10:08:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=64480 DF PROTO=ICMP TYPE=8 CODE=0 ID=51167 SEQ=38646 Nov 9 10:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=197.211.55.20 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=45562 PROTO=TCP SPT=49164 DPT=40139 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:08:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62409 SEQ=1 Nov 9 10:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15788 SEQ=1 Nov 9 10:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35625 SEQ=1 Nov 9 10:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52148 SEQ=1 Nov 9 10:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7634 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:08:52 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 10:08:57 server83 aibolit_wrapper[27236]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631379863786.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631379865346.txt --log=/tmp/malware_cleaner_log_17626631379866920.txt --progress=/tmp/malware_cleaner_progress_17626631379866514.json --csv_result=/tmp/revisium_csvfile_17626631379866684.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4758] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4763] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4764] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4768] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4778] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4781] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:08:59 server83 NetworkManager[922]: <info> [1762663139.4793] dhcp4 (eth1): dhclient started with pid 27426 Nov 9 10:08:59 server83 dhclient[27426]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x6a98dd39) Nov 9 10:09:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39283 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:09:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:09:01 server83 systemd: Started Session 310209 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310207 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310210 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310211 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310208 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310212 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310213 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310214 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310215 of user root. Nov 9 10:09:01 server83 systemd: Started Session 310216 of user root. Nov 9 10:09:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20478 SEQ=1 Nov 9 10:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28851 SEQ=1 Nov 9 10:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61794 SEQ=1 Nov 9 10:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24910 SEQ=1 Nov 9 10:09:02 server83 dhclient[27426]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6a98dd39) Nov 9 10:09:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.63 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=17610 PROTO=TCP SPT=56169 DPT=10025 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:09:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26867 SEQ=1 Nov 9 10:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22216 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5263 PROTO=TCP SPT=45727 DPT=34567 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22217 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57167 SEQ=1 Nov 9 10:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61794 SEQ=1 Nov 9 10:09:09 server83 aibolit_wrapper[28418]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631491480894.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631491482894.txt --log=/tmp/malware_cleaner_log_17626631491485116.txt --progress=/tmp/malware_cleaner_progress_17626631491484542.json --csv_result=/tmp/revisium_csvfile_17626631491484798.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:09:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54176 SEQ=1 Nov 9 10:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=58570 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22218 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:10 server83 dhclient[27426]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x6a98dd39) Nov 9 10:09:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21462 PROTO=TCP SPT=46569 DPT=8393 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22219 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36680 SEQ=1 Nov 9 10:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7195 SEQ=1 Nov 9 10:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44532 SEQ=1 Nov 9 10:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50146 SEQ=1 Nov 9 10:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22220 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36680 SEQ=1 Nov 9 10:09:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44532 SEQ=1 Nov 9 10:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7635 DF PROTO=TCP SPT=45358 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:24 server83 dhclient[27426]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x6a98dd39) Nov 9 10:09:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44092 PROTO=TCP SPT=36562 DPT=4755 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:09:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:09:30 server83 aibolit_wrapper[30701]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631707868390.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631707870674.txt --log=/tmp/malware_cleaner_log_17626631707873778.txt --progress=/tmp/malware_cleaner_progress_17626631707872962.json --csv_result=/tmp/revisium_csvfile_17626631707873464.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32753 SEQ=1 Nov 9 10:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32753 SEQ=1 Nov 9 10:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11651 SEQ=1 Nov 9 10:09:33 server83 dhclient[27426]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x6a98dd39) Nov 9 10:09:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54563 SEQ=1 Nov 9 10:09:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.194.251.17 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5631 DF PROTO=TCP SPT=44240 DPT=5050 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:09:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2404 SEQ=1 Nov 9 10:09:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49142 PROTO=TCP SPT=42111 DPT=2610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:09:36 server83 aibolit_wrapper[31337]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631765354566.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631765356024.txt --log=/tmp/malware_cleaner_log_17626631765357916.txt --progress=/tmp/malware_cleaner_progress_17626631765357344.json --csv_result=/tmp/revisium_csvfile_17626631765357600.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29928 SEQ=1 Nov 9 10:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22221 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.119.208.109 DST=51.210.113.204 LEN=72 TOS=0x00 PREC=0x00 TTL=41 ID=40075 DF PROTO=ICMP TYPE=8 CODE=0 ID=40732 SEQ=9475 Nov 9 10:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.218.206.88 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39426 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.154 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50108 DPT=28899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42659 DF PROTO=TCP SPT=35354 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:42 server83 aibolit_wrapper[31902]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631821687760.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631821688836.txt --log=/tmp/malware_cleaner_log_17626631821690008.txt --progress=/tmp/malware_cleaner_progress_17626631821689680.json --csv_result=/tmp/revisium_csvfile_17626631821689848.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42660 DF PROTO=TCP SPT=35354 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42661 DF PROTO=TCP SPT=35354 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:44 server83 NetworkManager[922]: <warn> [1762663184.4503] dhcp4 (eth1): request timed out Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27426 Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:09:44 server83 NetworkManager[922]: <warn> [1762663184.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4672] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4705] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4710] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4711] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4715] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4726] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4729] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:09:44 server83 NetworkManager[922]: <info> [1762663184.4743] dhcp4 (eth1): dhclient started with pid 32156 Nov 9 10:09:44 server83 dhclient[32156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0xef4006c) Nov 9 10:09:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.221.137.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=32999 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.191 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56263 DPT=9317 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:09:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:09:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:09:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:09:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16085 PROTO=TCP SPT=57143 DPT=8622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:09:48 server83 dhclient[32156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0xef4006c) Nov 9 10:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62664 SEQ=1 Nov 9 10:09:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59109 SEQ=1 Nov 9 10:09:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51850 DPT=9047 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59109 SEQ=1 Nov 9 10:09:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.216 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=9831 PROTO=TCP SPT=53543 DPT=987 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27952 SEQ=1 Nov 9 10:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25560 SEQ=1 Nov 9 10:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5503 SEQ=1 Nov 9 10:09:55 server83 aibolit_wrapper[862]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626631955874588.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626631955875766.txt --log=/tmp/malware_cleaner_log_17626631955876598.txt --progress=/tmp/malware_cleaner_progress_17626631955876364.json --csv_result=/tmp/revisium_csvfile_17626631955876464.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:09:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=48074 PROTO=TCP SPT=54081 DPT=6969 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42663 DF PROTO=TCP SPT=35354 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:09:57 server83 dhclient[32156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0xef4006c) Nov 9 10:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:10:01 server83 systemd: Started Session 310221 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310222 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310219 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310223 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310225 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310217 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310218 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310220 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310226 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310227 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310228 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310224 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310229 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310230 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310231 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310232 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310233 of user root. Nov 9 10:10:01 server83 systemd: Started Session 310234 of user root. Nov 9 10:10:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=6283 PROTO=TCP SPT=40531 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6769 SEQ=1 Nov 9 10:10:03 server83 aibolit_wrapper[1848]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626632037848168.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626632037849482.txt --log=/tmp/malware_cleaner_log_17626632037850804.txt --progress=/tmp/malware_cleaner_progress_17626632037850552.json --csv_result=/tmp/revisium_csvfile_17626632037850676.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:10:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51747 DPT=1030 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:10:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13242 SEQ=1 Nov 9 10:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29648 SEQ=1 Nov 9 10:10:08 server83 aibolit_wrapper[2279]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626632080040566.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626632080041360.txt --log=/tmp/malware_cleaner_log_17626632080042090.txt --progress=/tmp/malware_cleaner_progress_17626632080041888.json --csv_result=/tmp/revisium_csvfile_17626632080041980.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12390 SEQ=1 Nov 9 10:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6769 SEQ=1 Nov 9 10:10:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24528 SEQ=1 Nov 9 10:10:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22222 DF PROTO=TCP SPT=57622 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42664 DF PROTO=TCP SPT=35354 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.6 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=51884 PROTO=TCP SPT=26200 DPT=16831 WINDOW=43178 RES=0x00 SYN URGP=0 Nov 9 10:10:18 server83 dhclient[32156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0xef4006c) Nov 9 10:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3698 SEQ=1 Nov 9 10:10:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:10:20 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 10:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20762 SEQ=1 Nov 9 10:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30086 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3698 SEQ=1 Nov 9 10:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61435 SEQ=1 Nov 9 10:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46644 SEQ=1 Nov 9 10:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30087 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.164 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50055 DPT=12086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:10:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20762 SEQ=1 Nov 9 10:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30088 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:10:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.148 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=55348 PROTO=TCP SPT=29099 DPT=9042 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:10:28 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=201.111.5.148 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=9881 PROTO=UDP SPT=46640 DPT=46276 LEN=520 Nov 9 10:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30089 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:29 server83 NetworkManager[922]: <warn> [1762663229.4510] dhcp4 (eth1): request timed out Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4510] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4831] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32156 Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4832] dhcp4 (eth1): state changed timeout -> done Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4835] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:10:29 server83 NetworkManager[922]: <warn> [1762663229.4841] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4844] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4877] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4882] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4883] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4888] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4899] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4902] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:10:29 server83 NetworkManager[922]: <info> [1762663229.4914] dhcp4 (eth1): dhclient started with pid 4502 Nov 9 10:10:29 server83 dhclient[4502]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5975db79) Nov 9 10:10:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:10:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34765 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45582 SEQ=1 Nov 9 10:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6694 SEQ=1 Nov 9 10:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49071 SEQ=1 Nov 9 10:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10275 SEQ=1 Nov 9 10:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30090 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40027 SEQ=1 Nov 9 10:10:37 server83 dhclient[4502]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x5975db79) Nov 9 10:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53057 SEQ=1 Nov 9 10:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36745 SEQ=1 Nov 9 10:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16897 SEQ=1 Nov 9 10:10:43 server83 aibolit_wrapper[5884]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626632432713172.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626632432714558.txt --log=/tmp/malware_cleaner_log_17626632432716178.txt --progress=/tmp/malware_cleaner_progress_17626632432715676.json --csv_result=/tmp/revisium_csvfile_17626632432715938.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:10:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42665 DF PROTO=TCP SPT=35354 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.request: ProactiveModel.Host should not be empty Nov 9 10:10:46 server83 imunify360-php-daemon[734]: /var/tmp/.factor: ProactiveModel.Host should not be empty Nov 9 10:10:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:10:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:10:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12941 DF PROTO=TCP SPT=52541 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:10:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.93 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54303 DPT=9735 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:10:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.213.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=3193 DF PROTO=TCP SPT=44682 DPT=16900 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:10:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12942 DF PROTO=TCP SPT=52541 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:10:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7527 SEQ=1 Nov 9 10:10:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.45.236.191 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x60 TTL=43 ID=36870 DF PROTO=TCP SPT=35112 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:10:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55712 SEQ=1 Nov 9 10:10:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60484 SEQ=1 Nov 9 10:10:49 server83 aibolit_wrapper[6470]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626632491483856.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626632491485022.txt --log=/tmp/malware_cleaner_log_17626632491486204.txt --progress=/tmp/malware_cleaner_progress_17626632491485932.json --csv_result=/tmp/revisium_csvfile_17626632491486052.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:10:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12943 DF PROTO=TCP SPT=52541 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42825 SEQ=1 Nov 9 10:10:52 server83 dhclient[4502]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5975db79) Nov 9 10:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30091 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:10:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27857 PROTO=TCP SPT=55578 DPT=9184 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2766 SEQ=1 Nov 9 10:10:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23302 PROTO=TCP SPT=51181 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:10:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12946 DF PROTO=TCP SPT=52798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.194.231.231 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=0 DF PROTO=TCP SPT=55920 DPT=6013 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:11:00 server83 dhclient[4502]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x5975db79) Nov 9 10:11:00 server83 scripts.sh: Sun Nov 9 10:11:00 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:11:01 server83 systemd: Started Session 310237 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310236 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310238 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310235 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310239 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310240 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310241 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310243 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310242 of user root. Nov 9 10:11:01 server83 systemd: Started Session 310244 of user root. Nov 9 10:11:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12948 DF PROTO=TCP SPT=52541 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=420 SEQ=1 Nov 9 10:11:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58843 SEQ=1 Nov 9 10:11:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12949 DF PROTO=TCP SPT=52798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=172 SEQ=1 Nov 9 10:11:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13931 SEQ=1 Nov 9 10:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36817 SEQ=1 Nov 9 10:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24335 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24336 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24337 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12950 DF PROTO=TCP SPT=52798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:14 server83 NetworkManager[922]: <warn> [1762663274.4390] dhcp4 (eth1): request timed out Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4390] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4550] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4502 Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4551] dhcp4 (eth1): state changed timeout -> done Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4554] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:11:14 server83 NetworkManager[922]: <warn> [1762663274.4557] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4558] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4588] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4590] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4591] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4593] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4602] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4604] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:11:14 server83 NetworkManager[922]: <info> [1762663274.4617] dhcp4 (eth1): dhclient started with pid 8956 Nov 9 10:11:14 server83 dhclient[8956]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x7cb7fcaa) Nov 9 10:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24338 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40953 SEQ=1 Nov 9 10:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52541 SEQ=1 Nov 9 10:11:20 server83 dhclient[8956]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x7cb7fcaa) Nov 9 10:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27668 SEQ=1 Nov 9 10:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43891 SEQ=1 Nov 9 10:11:21 server83 aibolit_wrapper[9740]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626632819240144.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626632819241538.txt --log=/tmp/malware_cleaner_log_17626632819242780.txt --progress=/tmp/malware_cleaner_progress_17626632819242466.json --csv_result=/tmp/revisium_csvfile_17626632819242604.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41334 SEQ=1 Nov 9 10:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62191 SEQ=1 Nov 9 10:11:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.49.234 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=40870 DF PROTO=ICMP TYPE=8 CODE=0 ID=34663 SEQ=11016 Nov 9 10:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24339 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:11:26 server83 aibolit_wrapper[10140]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626632862182784.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626632862184336.txt --log=/tmp/malware_cleaner_log_17626632862185998.txt --progress=/tmp/malware_cleaner_progress_17626632862185622.json --csv_result=/tmp/revisium_csvfile_17626632862185802.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:11:26 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:11:26 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:11:26 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30092 DF PROTO=TCP SPT=48096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:29 server83 dhclient[8956]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7cb7fcaa) Nov 9 10:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57780 SEQ=1 Nov 9 10:11:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:11:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=47444 PROTO=TCP SPT=55975 DPT=7600 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65138 SEQ=1 Nov 9 10:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13568 SEQ=1 Nov 9 10:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59182 SEQ=1 Nov 9 10:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22802 SEQ=1 Nov 9 10:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.235.100.142 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=22236 PROTO=TCP SPT=43100 DPT=502 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:11:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12951 DF PROTO=TCP SPT=53905 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12952 DF PROTO=TCP SPT=53905 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24340 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:41 server83 dhclient[8956]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x7cb7fcaa) Nov 9 10:11:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12953 DF PROTO=TCP SPT=53905 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36666 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36667 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=46634 PROTO=TCP SPT=59428 DPT=19541 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36668 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:11:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1958 SEQ=1 Nov 9 10:11:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7827 SEQ=1 Nov 9 10:11:47 server83 pam_imunify_daemon.bin: time="2025-11-09T10:11:47+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 10:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15664 SEQ=1 Nov 9 10:11:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12957 DF PROTO=TCP SPT=54052 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63519 SEQ=1 Nov 9 10:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36669 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12958 DF PROTO=TCP SPT=54052 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:11:53 server83 dhclient[8956]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7cb7fcaa) Nov 9 10:11:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37000 PROTO=TCP SPT=49120 DPT=3391 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:11:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.104 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=22998 DF PROTO=ICMP TYPE=8 CODE=0 ID=9431 SEQ=15777 Nov 9 10:11:58 server83 aibolit_wrapper[11225]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626633185657268.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626633185658550.txt --log=/tmp/malware_cleaner_log_17626633185659554.txt --progress=/tmp/malware_cleaner_progress_17626633185659286.json --csv_result=/tmp/revisium_csvfile_17626633185659414.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36670 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:11:59 server83 NetworkManager[922]: <warn> [1762663319.4503] dhcp4 (eth1): request timed out Nov 9 10:11:59 server83 NetworkManager[922]: <info> [1762663319.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:11:59 server83 NetworkManager[922]: <info> [1762663319.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8956 Nov 9 10:11:59 server83 NetworkManager[922]: <info> [1762663319.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 10:11:59 server83 NetworkManager[922]: <info> [1762663319.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:11:59 server83 NetworkManager[922]: <warn> [1762663319.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:11:59 server83 NetworkManager[922]: <info> [1762663319.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:12:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12960 DF PROTO=TCP SPT=54052 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:12:01 server83 systemd: Started Session 310246 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310247 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310248 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310249 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310250 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310252 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310245 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310251 of user root. Nov 9 10:12:01 server83 systemd: Started Session 310253 of user root. Nov 9 10:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27313 SEQ=1 Nov 9 10:12:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51154 PROTO=TCP SPT=57143 DPT=8606 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:02 server83 aibolit_wrapper[11385]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626633227608152.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626633227609882.txt --log=/tmp/malware_cleaner_log_17626633227611762.txt --progress=/tmp/malware_cleaner_progress_17626633227611236.json --csv_result=/tmp/revisium_csvfile_17626633227611492.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9825 SEQ=1 Nov 9 10:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57686 SEQ=1 Nov 9 10:12:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39308 SEQ=1 Nov 9 10:12:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65508 SEQ=1 Nov 9 10:12:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=65511 PROTO=TCP SPT=56033 DPT=7703 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.214 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=20927 PROTO=TCP SPT=54554 DPT=11211 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27313 SEQ=1 Nov 9 10:12:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25860 PROTO=TCP SPT=45727 DPT=34792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63109 PROTO=TCP SPT=59466 DPT=5972 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:12:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26235 PROTO=TCP SPT=46370 DPT=2816 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24341 DF PROTO=TCP SPT=36850 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.139.72 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50460 DPT=8123 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36671 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:12:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3504 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.89.53 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48940 DPT=102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36218 SEQ=1 Nov 9 10:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27115 PROTO=TCP SPT=46370 DPT=3250 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2426 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.16 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=2160 PROTO=TCP SPT=64944 DPT=12322 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=28981 DF PROTO=ICMP TYPE=8 CODE=0 ID=8232 SEQ=28144 Nov 9 10:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50559 SEQ=1 Nov 9 10:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2427 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41844 SEQ=1 Nov 9 10:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8457 SEQ=1 Nov 9 10:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2428 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:12:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58216 PROTO=TCP SPT=53120 DPT=2611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:12:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.123 DST=145.239.177.179 LEN=30 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=55096 DPT=5632 LEN=10 Nov 9 10:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2429 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.208.236 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=42771 DPT=808 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2520 SEQ=1 Nov 9 10:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12728 SEQ=1 Nov 9 10:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63165 SEQ=1 Nov 9 10:12:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63257 SEQ=1 Nov 9 10:12:37 server83 aibolit_wrapper[12385]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626633570207160.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626633570208768.txt --log=/tmp/malware_cleaner_log_17626633570210614.txt --progress=/tmp/malware_cleaner_progress_17626633570210100.json --csv_result=/tmp/revisium_csvfile_17626633570210352.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:12:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41729 SEQ=1 Nov 9 10:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2430 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:41 server83 aibolit_wrapper[12502]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626633612357714.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626633612359180.txt --log=/tmp/malware_cleaner_log_17626633612363698.txt --progress=/tmp/malware_cleaner_progress_17626633612362828.json --csv_result=/tmp/revisium_csvfile_17626633612363402.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:12:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.189.140.215 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=233 ID=12322 PROTO=TCP SPT=61015 DPT=8090 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:12:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:12:45 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:12:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:12:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:12:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36672 DF PROTO=TCP SPT=44072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54256 SEQ=1 Nov 9 10:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11857 SEQ=1 Nov 9 10:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.48 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=12082 DF PROTO=ICMP TYPE=8 CODE=0 ID=10495 SEQ=39741 Nov 9 10:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36328 SEQ=1 Nov 9 10:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28409 SEQ=1 Nov 9 10:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55095 SEQ=1 Nov 9 10:12:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11857 SEQ=1 Nov 9 10:12:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2431 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:12:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:13:01 server83 systemd: Started Session 310257 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310256 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310254 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310255 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310258 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310259 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310261 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310260 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310262 of user root. Nov 9 10:13:01 server83 systemd: Started Session 310263 of user root. Nov 9 10:13:01 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 10:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22394 SEQ=1 Nov 9 10:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=44883 PROTO=TCP SPT=53789 DPT=39443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=11674 PROTO=TCP SPT=58835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12999 SEQ=1 Nov 9 10:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20351 SEQ=1 Nov 9 10:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=11675 PROTO=TCP SPT=58835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=34045 PROTO=TCP SPT=43403 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=11676 PROTO=TCP SPT=58835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=34046 PROTO=TCP SPT=43403 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.217.33.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=11677 PROTO=TCP SPT=58835 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=34047 PROTO=TCP SPT=43403 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:08 server83 systemd: Started Session c2865 of user root. Nov 9 10:13:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=34048 PROTO=TCP SPT=43403 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:13:08 server83 scripts.sh: Load Average: 2.84 , 3.25 Nov 9 10:13:08 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 10:13:08 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 10:13:08 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 10:13:08 server83 scripts.sh: HTTPD Status: inactive Nov 9 10:13:08 server83 scripts.sh: MySQL Status: active Nov 9 10:13:08 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 10:13:08 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 10:13:08 server83 scripts.sh: SSHD Status: active Nov 9 10:13:08 server83 scripts.sh: FTP Status: active Nov 9 10:13:08 server83 scripts.sh: LiteSpeed Status: Active Nov 9 10:13:08 server83 scripts.sh: Imunify Status: Active Nov 9 10:13:08 server83 scripts.sh: cPanel Status: active Nov 9 10:13:08 server83 scripts.sh: Memory Status: 12/31 GB - 38.92% Nov 9 10:13:08 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 10:13:08 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 10:13:08 server83 scripts.sh: Local Version: 4.4.5 Nov 9 10:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.39 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=59351 PROTO=TCP SPT=56236 DPT=14053 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53385 DF PROTO=TCP SPT=40232 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53386 DF PROTO=TCP SPT=40232 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:15 server83 aibolit_wrapper[13670]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626633955371818.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626633955374060.txt --log=/tmp/malware_cleaner_log_17626633955376138.txt --progress=/tmp/malware_cleaner_progress_17626633955375548.json --csv_result=/tmp/revisium_csvfile_17626633955375792.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:13:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=51417 PROTO=TCP SPT=53857 DPT=44363 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53387 DF PROTO=TCP SPT=40232 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:21 server83 aibolit_wrapper[13890]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626634013937870.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626634013939404.txt --log=/tmp/malware_cleaner_log_17626634013941098.txt --progress=/tmp/malware_cleaner_progress_17626634013940712.json --csv_result=/tmp/revisium_csvfile_17626634013940896.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:13:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40175 SEQ=1 Nov 9 10:13:22 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:13:22 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:13:22 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:13:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53388 DF PROTO=TCP SPT=40232 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2432 DF PROTO=TCP SPT=51912 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=39111 PROTO=TCP SPT=45281 DPT=5222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:13:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.46 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=29374 PROTO=TCP SPT=62798 DPT=29877 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27548 SEQ=1 Nov 9 10:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27548 SEQ=1 Nov 9 10:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50778 SEQ=1 Nov 9 10:13:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48665 SEQ=1 Nov 9 10:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=504 SEQ=1 Nov 9 10:13:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39132 PROTO=TCP SPT=45727 DPT=33051 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49926 SEQ=1 Nov 9 10:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56647 SEQ=1 Nov 9 10:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50522 SEQ=1 Nov 9 10:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25023 SEQ=1 Nov 9 10:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53389 DF PROTO=TCP SPT=40232 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44522 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:13:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 10:13:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44523 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44524 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37187 SEQ=1 Nov 9 10:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22846 SEQ=1 Nov 9 10:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37187 SEQ=1 Nov 9 10:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47594 SEQ=1 Nov 9 10:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20296 SEQ=1 Nov 9 10:13:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.233.112.109 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=11978 PROTO=TCP SPT=51054 DPT=7000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44525 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:13:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:13:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.96 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53100 DPT=45444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:13:57 server83 aibolit_wrapper[14784]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626634370761054.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626634370762612.txt --log=/tmp/malware_cleaner_log_17626634370764482.txt --progress=/tmp/malware_cleaner_progress_17626634370763938.json --csv_result=/tmp/revisium_csvfile_17626634370764186.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:13:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.38 DST=51.210.113.204 LEN=113 TOS=0x00 PREC=0x00 TTL=46 ID=38429 DF PROTO=UDP SPT=17811 DPT=161 LEN=93 Nov 9 10:14:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.34 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=50029 DF PROTO=TCP SPT=48419 DPT=24059 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:14:01 server83 aibolit_wrapper[14893]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626634413540074.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626634413541510.txt --log=/tmp/malware_cleaner_log_17626634413543196.txt --progress=/tmp/malware_cleaner_progress_17626634413542738.json --csv_result=/tmp/revisium_csvfile_17626634413542902.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44526 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:14:01 server83 systemd: Started Session 310266 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310264 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310267 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310268 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310265 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310269 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310270 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310271 of user root. Nov 9 10:14:01 server83 systemd: Started Session 310272 of user root. Nov 9 10:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55035 SEQ=1 Nov 9 10:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18145 SEQ=1 Nov 9 10:14:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64374 SEQ=1 Nov 9 10:14:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.161 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=31710 DF PROTO=TCP SPT=28001 DPT=4433 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55035 SEQ=1 Nov 9 10:14:09 server83 pam_imunify_daemon.bin: time="2025-11-09T10:14:09+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 10:14:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.138.100.150 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=27108 DF PROTO=ICMP TYPE=8 CODE=0 ID=1140 SEQ=57347 Nov 9 10:14:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.177.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=28065 PROTO=TCP SPT=60632 DPT=7000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53390 DF PROTO=TCP SPT=40232 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.87 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50008 DPT=5000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44527 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8819 SEQ=1 Nov 9 10:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35153 SEQ=1 Nov 9 10:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=11924 DF PROTO=ICMP TYPE=8 CODE=0 ID=10992 SEQ=6975 Nov 9 10:14:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21165 SEQ=1 Nov 9 10:14:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37607 SEQ=1 Nov 9 10:14:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35153 SEQ=1 Nov 9 10:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24855 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24856 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=218.161.127.13 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=59731 PROTO=TCP SPT=36685 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:14:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=218.161.127.13 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=59731 PROTO=TCP SPT=36685 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24857 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=16974 PROTO=TCP SPT=36257 DPT=8994 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24858 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:35 server83 aibolit_wrapper[16090]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626634755158314.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626634755159528.txt --log=/tmp/malware_cleaner_log_17626634755160692.txt --progress=/tmp/malware_cleaner_progress_17626634755160312.json --csv_result=/tmp/revisium_csvfile_17626634755160486.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.119.242.58 DST=51.210.113.204 LEN=54 TOS=0x00 PREC=0x00 TTL=41 ID=47021 DF PROTO=ICMP TYPE=8 CODE=0 ID=1565 SEQ=7089 Nov 9 10:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26107 SEQ=1 Nov 9 10:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40873 SEQ=1 Nov 9 10:14:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52848 DPT=30000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:14:39 server83 aibolit_wrapper[16272]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626634796698238.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626634796699604.txt --log=/tmp/malware_cleaner_log_17626634796702196.txt --progress=/tmp/malware_cleaner_progress_17626634796701718.json --csv_result=/tmp/revisium_csvfile_17626634796701962.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24859 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:45 server83 aibolit_wrapper[16406]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626634849931178.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626634849934010.txt --progress=/tmp/malware_cleaner_progress_17626634849933656.json --csv_result=/tmp/revisium_csvfile_17626634849933818.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:14:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3512 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:14:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:14:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rjust: ProactiveModel.Host should not be empty Nov 9 10:14:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 10:14:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:14:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44528 DF PROTO=TCP SPT=53404 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51025 SEQ=1 Nov 9 10:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34814 SEQ=1 Nov 9 10:14:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.34 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=16492 PROTO=TCP SPT=59187 DPT=666 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12175 SEQ=1 Nov 9 10:14:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19453 SEQ=1 Nov 9 10:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24860 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50703 SEQ=1 Nov 9 10:15:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41273 SEQ=1 Nov 9 10:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:15:01 server83 systemd: Started Session 310273 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310275 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310279 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310276 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310277 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310278 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310280 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310282 of user root. Nov 9 10:15:01 server83 systemd: Created slice User Slice of wmps. Nov 9 10:15:01 server83 systemd: Started Session 310285 of user wmps. Nov 9 10:15:01 server83 systemd: Started Session 310274 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310283 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310286 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310287 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310284 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310288 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310281 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310289 of user root. Nov 9 10:15:01 server83 systemd: Started Session 310290 of user root. Nov 9 10:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 10:15:01 server83 systemd: Started Session 310291 of user sanatanhinduvahi. Nov 9 10:15:01 server83 systemd: Started Session 310292 of user root. Nov 9 10:15:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41229 SEQ=1 Nov 9 10:15:02 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 10:15:02 server83 systemd-logind: Failed to remove runtime directory /run/user/4642: Device or resource busy Nov 9 10:15:02 server83 systemd: Removed slice User Slice of wmps. Nov 9 10:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13892 SEQ=1 Nov 9 10:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65029 SEQ=1 Nov 9 10:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13892 SEQ=1 Nov 9 10:15:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.200.116.77 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60860 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:15:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19335 PROTO=TCP SPT=42111 DPT=2458 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.121 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=22505 DF PROTO=TCP SPT=44181 DPT=30013 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4915 SEQ=1 Nov 9 10:15:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.62 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51299 DPT=9298 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18896 PROTO=TCP SPT=39600 DPT=4644 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22753 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:16 server83 aibolit_wrapper[17627]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626635164560328.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626635164562096.txt --log=/tmp/malware_cleaner_log_17626635164564112.txt --progress=/tmp/malware_cleaner_progress_17626635164563574.json --csv_result=/tmp/revisium_csvfile_17626635164563794.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22754 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:18 server83 pam_imunify_daemon.bin: time="2025-11-09T10:15:18+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 10:15:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22755 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5093 PROTO=TCP SPT=33468 DPT=7659 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:15:20 server83 aibolit_wrapper[17751]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626635205895662.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626635205896408.txt --log=/tmp/malware_cleaner_log_17626635205897166.txt --progress=/tmp/malware_cleaner_progress_17626635205896968.json --csv_result=/tmp/revisium_csvfile_17626635205897060.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:15:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47663 SEQ=1 Nov 9 10:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22756 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17174 PROTO=TCP SPT=56698 DPT=8218 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:15:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:15:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6416 PROTO=TCP SPT=45727 DPT=33940 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=24861 DF PROTO=TCP SPT=35644 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22757 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9822 PROTO=TCP SPT=51195 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29232 SEQ=1 Nov 9 10:15:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9823 PROTO=TCP SPT=51195 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2452 SEQ=1 Nov 9 10:15:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.5.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=50640 PROTO=TCP SPT=58666 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9824 PROTO=TCP SPT=51195 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.5.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=50641 PROTO=TCP SPT=58666 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=9825 PROTO=TCP SPT=51195 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.50 DST=51.210.113.204 LEN=53 TOS=0x00 PREC=0x00 TTL=48 ID=12897 PROTO=UDP SPT=40832 DPT=27023 LEN=33 Nov 9 10:15:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.5.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=50642 PROTO=TCP SPT=58666 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.5.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=50643 PROTO=TCP SPT=58666 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22909 SEQ=1 Nov 9 10:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27112 PROTO=TCP SPT=53120 DPT=2542 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.231.116 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=50463 DF PROTO=TCP SPT=52414 DPT=554 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 10:15:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.locked: ProactiveModel.Host should not be empty Nov 9 10:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13355 SEQ=1 Nov 9 10:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.153.128 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=54526 PROTO=TCP SPT=32797 DPT=8192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22758 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10931 SEQ=1 Nov 9 10:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14634 SEQ=1 Nov 9 10:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55063 SEQ=1 Nov 9 10:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53898 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57867 SEQ=1 Nov 9 10:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63968 SEQ=1 Nov 9 10:15:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53899 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46108 SEQ=1 Nov 9 10:15:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53900 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11960 SEQ=1 Nov 9 10:15:54 server83 aibolit_wrapper[18367]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626635549100892.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626635549102194.txt --log=/tmp/malware_cleaner_log_17626635549103434.txt --progress=/tmp/malware_cleaner_progress_17626635549103122.json --csv_result=/tmp/revisium_csvfile_17626635549103260.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:15:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55207 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53901 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:15:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3503 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:15:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12961 DF PROTO=TCP SPT=58956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:16:00 server83 aibolit_wrapper[18532]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626635603662576.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626635603664290.txt --log=/tmp/malware_cleaner_log_17626635603666026.txt --progress=/tmp/malware_cleaner_progress_17626635603665564.json --csv_result=/tmp/revisium_csvfile_17626635603665774.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:16:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12962 DF PROTO=TCP SPT=58956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:16:01 server83 systemd: Started Session 310295 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310294 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310296 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310293 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310297 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310298 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310299 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310300 of user root. Nov 9 10:16:01 server83 systemd: Started Session 310301 of user root. Nov 9 10:16:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12963 DF PROTO=TCP SPT=58956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53902 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12964 DF PROTO=TCP SPT=58956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=155.102.167.231 DST=145.239.177.179 LEN=84 TOS=0x08 PREC=0x20 TTL=49 ID=44708 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=0 Nov 9 10:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35891 SEQ=1 Nov 9 10:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=155.102.167.231 DST=145.239.177.179 LEN=84 TOS=0x08 PREC=0x20 TTL=49 ID=45312 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=1 Nov 9 10:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43849 SEQ=1 Nov 9 10:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44576 SEQ=1 Nov 9 10:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53003 SEQ=1 Nov 9 10:16:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12965 DF PROTO=TCP SPT=58956 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:16:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=155.102.167.231 DST=145.239.177.179 LEN=84 TOS=0x08 PREC=0x20 TTL=49 ID=49287 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=8 Nov 9 10:16:16 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 10:16:16 server83 systemd: Stopped Status Update Service. Nov 9 10:16:16 server83 systemd: Started Status Update Service. Nov 9 10:16:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.238 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53651 DPT=9453 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:16:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45718 SEQ=1 Nov 9 10:16:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44577 PROTO=TCP SPT=49956 DPT=25702 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:16:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58347 SEQ=1 Nov 9 10:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=558 PROTO=TCP SPT=56899 DPT=4522 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22759 DF PROTO=TCP SPT=58386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53903 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12116 SEQ=1 Nov 9 10:16:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43923 PROTO=TCP SPT=49956 DPT=29861 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12116 SEQ=1 Nov 9 10:16:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:16:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55753 DPT=11250 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=11742 PROTO=TCP SPT=49796 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61072 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61073 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14555 SEQ=1 Nov 9 10:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29234 SEQ=1 Nov 9 10:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8895 SEQ=1 Nov 9 10:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31248 SEQ=1 Nov 9 10:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57356 SEQ=1 Nov 9 10:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61074 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60303 DF PROTO=TCP SPT=45622 DPT=9667 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=33574 PROTO=TCP SPT=42498 DPT=2345 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:16:36 server83 aibolit_wrapper[19475]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626635965949096.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626635965950144.txt --log=/tmp/malware_cleaner_log_17626635965951074.txt --progress=/tmp/malware_cleaner_progress_17626635965950816.json --csv_result=/tmp/revisium_csvfile_17626635965950942.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61075 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=2736 PROTO=TCP SPT=41841 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:16:40 server83 aibolit_wrapper[19594]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626636007818792.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626636007820228.txt --log=/tmp/malware_cleaner_log_17626636007821992.txt --progress=/tmp/malware_cleaner_progress_17626636007821496.json --csv_result=/tmp/revisium_csvfile_17626636007821714.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=53226 PROTO=TCP SPT=55917 DPT=7513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61076 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:16:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=58767 PROTO=TCP SPT=56256 DPT=8004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:16:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.system: ProactiveModel.Host should not be empty Nov 9 10:16:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 10:16:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:16:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:16:47 server83 aibolit_wrapper[19718]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626636071967930.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626636071970326.txt --progress=/tmp/malware_cleaner_progress_17626636071970000.json --csv_result=/tmp/revisium_csvfile_17626636071970150.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17177 SEQ=1 Nov 9 10:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6992 SEQ=1 Nov 9 10:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6992 SEQ=1 Nov 9 10:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17177 SEQ=1 Nov 9 10:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9329 SEQ=1 Nov 9 10:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7688 SEQ=1 Nov 9 10:16:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53904 DF PROTO=TCP SPT=38256 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:16:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55592 PROTO=TCP SPT=46370 DPT=1843 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4492] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4499] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4500] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4505] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4517] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4520] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:16:59 server83 NetworkManager[922]: <info> [1762663619.4533] dhcp4 (eth1): dhclient started with pid 19920 Nov 9 10:16:59 server83 dhclient[19920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x59164566) Nov 9 10:17:00 server83 pam_imunify_daemon.bin: time="2025-11-09T10:17:00+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 10:17:01 server83 systemd: Started Session 310302 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310303 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310304 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310306 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310305 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310308 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310307 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310309 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310310 of user root. Nov 9 10:17:01 server83 systemd: Started Session 310311 of user root. Nov 9 10:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61077 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41559 SEQ=1 Nov 9 10:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46903 SEQ=1 Nov 9 10:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17321 SEQ=1 Nov 9 10:17:07 server83 dhclient[19920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x59164566) Nov 9 10:17:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40379 SEQ=1 Nov 9 10:17:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64709 PROTO=TCP SPT=42055 DPT=22334 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30211 PROTO=TCP SPT=45727 DPT=33630 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12966 DF PROTO=TCP SPT=60974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:16 server83 aibolit_wrapper[20391]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626636366037624.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626636366038774.txt --log=/tmp/malware_cleaner_log_17626636366039786.txt --progress=/tmp/malware_cleaner_progress_17626636366039512.json --csv_result=/tmp/revisium_csvfile_17626636366039644.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:17:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12967 DF PROTO=TCP SPT=60974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12968 DF PROTO=TCP SPT=60974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12969 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12970 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56949 SEQ=1 Nov 9 10:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3533 SEQ=1 Nov 9 10:17:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12971 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:22 server83 dhclient[19920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x59164566) Nov 9 10:17:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12972 DF PROTO=TCP SPT=60974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49230 PROTO=TCP SPT=52233 DPT=6580 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12531 SEQ=1 Nov 9 10:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55416 SEQ=1 Nov 9 10:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51710 SEQ=1 Nov 9 10:17:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12973 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:17:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3510 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12974 DF PROTO=TCP SPT=60974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60557 SEQ=1 Nov 9 10:17:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61083 SEQ=1 Nov 9 10:17:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60557 SEQ=1 Nov 9 10:17:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3509 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41875 PROTO=TCP SPT=42055 DPT=22334 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12975 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61078 DF PROTO=TCP SPT=42382 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:17:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8008 SEQ=1 Nov 9 10:17:39 server83 dhclient[19920]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x59164566) Nov 9 10:17:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=35494 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63450 SEQ=1 Nov 9 10:17:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.38 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51232 PROTO=TCP SPT=49120 DPT=3394 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18584 PROTO=TCP SPT=56698 DPT=8218 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:44 server83 NetworkManager[922]: <warn> [1762663664.4512] dhcp4 (eth1): request timed out Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4512] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4672] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19920 Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4672] dhcp4 (eth1): state changed timeout -> done Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4675] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:17:44 server83 NetworkManager[922]: <warn> [1762663664.4681] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4684] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4719] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4724] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4725] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4730] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4740] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4744] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:17:44 server83 NetworkManager[922]: <info> [1762663664.4756] dhcp4 (eth1): dhclient started with pid 20903 Nov 9 10:17:44 server83 dhclient[20903]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x24099b2a) Nov 9 10:17:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9390 PROTO=TCP SPT=49956 DPT=29708 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 10:17:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35605 SEQ=1 Nov 9 10:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17909 SEQ=1 Nov 9 10:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17909 SEQ=1 Nov 9 10:17:49 server83 dhclient[20903]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x24099b2a) Nov 9 10:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7357 SEQ=1 Nov 9 10:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37087 SEQ=1 Nov 9 10:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19430 PROTO=TCP SPT=46398 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:17:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10547 SEQ=1 Nov 9 10:17:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19431 PROTO=TCP SPT=46398 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:17:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=6120 PROTO=TCP SPT=56114 DPT=7807 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:17:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1832 PROTO=TCP SPT=46684 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:17:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19432 PROTO=TCP SPT=46398 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:17:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1833 PROTO=TCP SPT=46684 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:17:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1834 PROTO=TCP SPT=46684 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:17:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=1836 PROTO=TCP SPT=46684 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:18:00 server83 dhclient[20903]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x24099b2a) Nov 9 10:18:00 server83 aibolit_wrapper[21160]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626636801251908.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626636801253918.txt --log=/tmp/malware_cleaner_log_17626636801255596.txt --progress=/tmp/malware_cleaner_progress_17626636801255124.json --csv_result=/tmp/revisium_csvfile_17626636801255348.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:18:01 server83 systemd: Started Session 310312 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310313 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310314 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310315 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310316 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310318 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310317 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310319 of user root. Nov 9 10:18:01 server83 systemd: Started Session 310320 of user root. Nov 9 10:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12743 SEQ=1 Nov 9 10:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16098 SEQ=1 Nov 9 10:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60122 SEQ=1 Nov 9 10:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41589 SEQ=1 Nov 9 10:18:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20812 SEQ=1 Nov 9 10:18:04 server83 aibolit_wrapper[21311]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626636843728384.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626636843729868.txt --progress=/tmp/malware_cleaner_progress_17626636843729690.json --csv_result=/tmp/revisium_csvfile_17626636843729760.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:18:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.139 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=116 ID=744 PROTO=TCP SPT=29011 DPT=5901 WINDOW=42553 RES=0x00 SYN URGP=0 Nov 9 10:18:09 server83 pam_imunify_daemon.bin: time="2025-11-09T10:18:09+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 10:18:10 server83 aibolit_wrapper[21403]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626636899987190.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626636899988566.txt --log=/tmp/malware_cleaner_log_17626636899990270.txt --progress=/tmp/malware_cleaner_progress_17626636899989826.json --csv_result=/tmp/revisium_csvfile_17626636899990046.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:18:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.155 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46425 DPT=1234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32732 PROTO=TCP SPT=49901 DPT=4620 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=64209 PROTO=TCP SPT=56749 DPT=8304 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:18:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:18:16 server83 dhclient[20903]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x24099b2a) Nov 9 10:18:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63646 SEQ=1 Nov 9 10:18:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46799 PROTO=TCP SPT=58603 DPT=4444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:18:19 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.94.111.1 DST=145.239.177.179 LEN=43 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=36317 DPT=11211 LEN=23 Nov 9 10:18:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.68 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56725 DPT=9339 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 10:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 10:18:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.158 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=37159 DF PROTO=TCP SPT=30690 DPT=84 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:18:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21888 SEQ=1 Nov 9 10:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60022 SEQ=1 Nov 9 10:18:23 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 10:18:26 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:18:26 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:18:26 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:18:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:18:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43212 PROTO=TCP SPT=51190 DPT=4283 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43859 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.172.138.147 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=35316 PROTO=TCP SPT=50518 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:18:29 server83 NetworkManager[922]: <warn> [1762663709.4453] dhcp4 (eth1): request timed out Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4613] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20903 Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4613] dhcp4 (eth1): state changed timeout -> done Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4615] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:18:29 server83 NetworkManager[922]: <warn> [1762663709.4619] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4621] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4656] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4660] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4661] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4666] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4677] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4680] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:18:29 server83 NetworkManager[922]: <info> [1762663709.4691] dhcp4 (eth1): dhclient started with pid 21936 Nov 9 10:18:29 server83 dhclient[21936]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x276be7fe) Nov 9 10:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14294 SEQ=1 Nov 9 10:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56131 SEQ=1 Nov 9 10:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.208 DST=145.239.177.179 LEN=69 TOS=0x00 PREC=0x00 TTL=112 ID=32447 DF PROTO=ICMP TYPE=8 CODE=0 ID=37236 SEQ=62952 Nov 9 10:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12199 SEQ=1 Nov 9 10:18:34 server83 dhclient[21936]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x276be7fe) Nov 9 10:18:38 server83 aibolit_wrapper[22181]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637181208138.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637181209752.txt --log=/tmp/malware_cleaner_log_17626637181211792.txt --progress=/tmp/malware_cleaner_progress_17626637181211200.json --csv_result=/tmp/revisium_csvfile_17626637181211470.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8145 SEQ=1 Nov 9 10:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26337 SEQ=1 Nov 9 10:18:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.8 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55079 DPT=11994 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12976 DF PROTO=TCP SPT=63305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:18:43 server83 aibolit_wrapper[22325]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637237345388.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637237346142.txt --log=/tmp/malware_cleaner_log_17626637237346858.txt --progress=/tmp/malware_cleaner_progress_17626637237346668.json --csv_result=/tmp/revisium_csvfile_17626637237346756.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:18:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12977 DF PROTO=TCP SPT=63305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:18:44 server83 dhclient[21936]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x276be7fe) Nov 9 10:18:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=27399 PROTO=TCP SPT=56114 DPT=7805 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:18:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12978 DF PROTO=TCP SPT=63305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:18:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.15 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=52735 PROTO=TCP SPT=55730 DPT=491 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:18:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.partition: ProactiveModel.Host should not be empty Nov 9 10:18:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:18:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:18:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.87.155 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=56990 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30981 SEQ=1 Nov 9 10:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22897 SEQ=1 Nov 9 10:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58 SEQ=1 Nov 9 10:18:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12979 DF PROTO=TCP SPT=63305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15961 SEQ=1 Nov 9 10:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17537 SEQ=1 Nov 9 10:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22897 SEQ=1 Nov 9 10:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55837 SEQ=1 Nov 9 10:18:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7981 PROTO=TCP SPT=34354 DPT=4544 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:18:54 server83 dhclient[21936]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x276be7fe) Nov 9 10:18:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12980 DF PROTO=TCP SPT=63305 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:19:01 server83 systemd: Started Session 310322 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310321 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310323 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310324 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310325 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310326 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310328 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310327 of user root. Nov 9 10:19:01 server83 systemd: Started Session 310329 of user root. Nov 9 10:19:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2047 PROTO=TCP SPT=45727 DPT=34340 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:19:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.114.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=1982 PROTO=TCP SPT=43604 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64826 SEQ=1 Nov 9 10:19:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1285 SEQ=1 Nov 9 10:19:06 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.112.17 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=41 ID=43038 PROTO=UDP SPT=44062 DPT=2123 LEN=22 Nov 9 10:19:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63041 SEQ=1 Nov 9 10:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24449 SEQ=1 Nov 9 10:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26412 SEQ=1 Nov 9 10:19:10 server83 dhclient[21936]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x276be7fe) Nov 9 10:19:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.190 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=64769 DF PROTO=TCP SPT=40957 DPT=10101 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:19:14 server83 NetworkManager[922]: <warn> [1762663754.4413] dhcp4 (eth1): request timed out Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4413] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4572] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21936 Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4573] dhcp4 (eth1): state changed timeout -> done Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4575] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:19:14 server83 NetworkManager[922]: <warn> [1762663754.4578] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4580] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4610] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4616] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4617] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4620] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4631] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4634] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:19:14 server83 NetworkManager[922]: <info> [1762663754.4648] dhcp4 (eth1): dhclient started with pid 23063 Nov 9 10:19:14 server83 dhclient[23063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x4e10c5f7) Nov 9 10:19:15 server83 aibolit_wrapper[23101]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637552493830.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637552495546.txt --log=/tmp/malware_cleaner_log_17626637552497578.txt --progress=/tmp/malware_cleaner_progress_17626637552497054.json --csv_result=/tmp/revisium_csvfile_17626637552497290.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:19:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3502 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:19:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27241 SEQ=1 Nov 9 10:19:19 server83 aibolit_wrapper[23208]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637595624126.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637595625746.txt --log=/tmp/malware_cleaner_log_17626637595627644.txt --progress=/tmp/malware_cleaner_progress_17626637595627140.json --csv_result=/tmp/revisium_csvfile_17626637595627360.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:19:22 server83 dhclient[23063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x4e10c5f7) Nov 9 10:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53120 SEQ=1 Nov 9 10:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11 SEQ=1 Nov 9 10:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57547 SEQ=1 Nov 9 10:19:25 server83 aibolit_wrapper[23412]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637650448242.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637650449864.txt --log=/tmp/malware_cleaner_log_17626637650451372.txt --progress=/tmp/malware_cleaner_progress_17626637650450980.json --csv_result=/tmp/revisium_csvfile_17626637650451152.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:19:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:19:30 server83 dhclient[23063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x4e10c5f7) Nov 9 10:19:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.245.27 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4042 DF PROTO=TCP SPT=40164 DPT=10804 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3063 SEQ=1 Nov 9 10:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38692 SEQ=1 Nov 9 10:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34045 SEQ=1 Nov 9 10:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38689 SEQ=1 Nov 9 10:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55389 SEQ=1 Nov 9 10:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26152 SEQ=1 Nov 9 10:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=189 SEQ=1 Nov 9 10:19:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.183.231 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=3791 DF PROTO=TCP SPT=40856 DPT=3832 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:19:43 server83 dhclient[23063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x4e10c5f7) Nov 9 10:19:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:19:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58764 SEQ=1 Nov 9 10:19:50 server83 aibolit_wrapper[24108]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637901781712.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637901783288.txt --log=/tmp/malware_cleaner_log_17626637901784602.txt --progress=/tmp/malware_cleaner_progress_17626637901784182.json --csv_result=/tmp/revisium_csvfile_17626637901784360.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:19:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54699 PROTO=TCP SPT=53866 DPT=2600 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:19:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4527 SEQ=1 Nov 9 10:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44044 SEQ=1 Nov 9 10:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20637 SEQ=1 Nov 9 10:19:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=59728 PROTO=TCP SPT=40914 DPT=2456 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:19:55 server83 aibolit_wrapper[24259]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626637957681566.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626637957683098.txt --log=/tmp/malware_cleaner_log_17626637957684586.txt --progress=/tmp/malware_cleaner_progress_17626637957684188.json --csv_result=/tmp/revisium_csvfile_17626637957684374.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:19:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:19:59 server83 NetworkManager[922]: <warn> [1762663799.4513] dhcp4 (eth1): request timed out Nov 9 10:19:59 server83 NetworkManager[922]: <info> [1762663799.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:19:59 server83 NetworkManager[922]: <info> [1762663799.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23063 Nov 9 10:19:59 server83 NetworkManager[922]: <info> [1762663799.4673] dhcp4 (eth1): state changed timeout -> done Nov 9 10:19:59 server83 NetworkManager[922]: <info> [1762663799.4677] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:19:59 server83 NetworkManager[922]: <warn> [1762663799.4685] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:19:59 server83 NetworkManager[922]: <info> [1762663799.4687] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:20:01 server83 systemd: Started Session 310331 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310334 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310335 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310336 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310330 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310332 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310337 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310333 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310338 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310339 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310340 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310342 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310341 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310343 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310344 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310345 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310346 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310347 of user root. Nov 9 10:20:01 server83 systemd: Started Session 310348 of user root. Nov 9 10:20:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.128.84.112 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=58081 DPT=14789 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18901 PROTO=TCP SPT=41151 DPT=4955 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7708 SEQ=1 Nov 9 10:20:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47987 SEQ=1 Nov 9 10:20:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28655 SEQ=1 Nov 9 10:20:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14861 SEQ=1 Nov 9 10:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2360 SEQ=1 Nov 9 10:20:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46625 PROTO=TCP SPT=46370 DPT=2545 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:20:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=138.91.109.125 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=19132 PROTO=TCP SPT=52328 DPT=194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=42520 PROTO=TCP SPT=59428 DPT=45711 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:20:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.232.142.253 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=43815 DPT=3231 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.232.142.253 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=43831 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.232.142.253 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=43815 DPT=9608 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.232.142.253 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=43831 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.232.142.253 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=43831 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23513 SEQ=1 Nov 9 10:20:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10093 SEQ=1 Nov 9 10:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57890 SEQ=1 Nov 9 10:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61506 SEQ=1 Nov 9 10:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36056 SEQ=1 Nov 9 10:20:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3501 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19001 SEQ=1 Nov 9 10:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19001 SEQ=1 Nov 9 10:20:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55320 DPT=30000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=49523 PROTO=TCP SPT=65225 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=49524 PROTO=TCP SPT=65225 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:24 server83 aibolit_wrapper[25470]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626638244445844.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626638244447104.txt --log=/tmp/malware_cleaner_log_17626638244447978.txt --progress=/tmp/malware_cleaner_progress_17626638244447754.json --csv_result=/tmp/revisium_csvfile_17626638244447846.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:20:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24383 PROTO=TCP SPT=51893 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=49525 PROTO=TCP SPT=65225 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=24992 PROTO=TCP SPT=45285 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24384 PROTO=TCP SPT=51893 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24385 PROTO=TCP SPT=51893 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:20:28 server83 aibolit_wrapper[25642]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626638286475034.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626638286476156.txt --log=/tmp/malware_cleaner_log_17626638286477278.txt --progress=/tmp/malware_cleaner_progress_17626638286477000.json --csv_result=/tmp/revisium_csvfile_17626638286477122.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:20:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=24387 PROTO=TCP SPT=51893 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:31 server83 scripts.sh: Sun Nov 9 10:20:31 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:20:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=40966 PROTO=TCP SPT=56332 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:20:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.253 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50871 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34895 SEQ=1 Nov 9 10:20:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31311 SEQ=1 Nov 9 10:20:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21050 SEQ=1 Nov 9 10:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57464 SEQ=1 Nov 9 10:20:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.248.96 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=16956 DF PROTO=TCP SPT=17980 DPT=48000 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:20:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.71 DST=51.210.113.204 LEN=49 TOS=0x00 PREC=0x00 TTL=45 ID=42723 DF PROTO=UDP SPT=53406 DPT=5683 LEN=29 Nov 9 10:20:46 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.78 DST=51.210.113.204 LEN=88 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=55818 DPT=161 LEN=68 Nov 9 10:20:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:20:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19357 PROTO=TCP SPT=49956 DPT=29076 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:20:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 10:20:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:20:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.124.91.8 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=33625 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45903 SEQ=1 Nov 9 10:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42045 SEQ=1 Nov 9 10:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9208 SEQ=1 Nov 9 10:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46943 SEQ=1 Nov 9 10:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10867 SEQ=1 Nov 9 10:20:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10867 SEQ=1 Nov 9 10:20:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=2844 PROTO=TCP SPT=38998 DPT=5222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:20:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55629 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:21:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:21:01 server83 systemd: Started Session 310349 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310350 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310351 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310354 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310353 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310355 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310356 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310352 of user root. Nov 9 10:21:01 server83 systemd: Started Session 310357 of user root. Nov 9 10:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:21:01 server83 aibolit_wrapper[26439]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626638618794570.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626638618796222.txt --log=/tmp/malware_cleaner_log_17626638618797740.txt --progress=/tmp/malware_cleaner_progress_17626638618797280.json --csv_result=/tmp/revisium_csvfile_17626638618797482.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13951 SEQ=1 Nov 9 10:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52138 SEQ=1 Nov 9 10:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58683 SEQ=1 Nov 9 10:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49551 SEQ=1 Nov 9 10:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28195 SEQ=1 Nov 9 10:21:06 server83 aibolit_wrapper[26567]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626638660743886.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626638660744712.txt --log=/tmp/malware_cleaner_log_17626638660745466.txt --progress=/tmp/malware_cleaner_progress_17626638660745278.json --csv_result=/tmp/revisium_csvfile_17626638660745368.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36818 SEQ=1 Nov 9 10:21:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.8.234.85 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=1101 DF PROTO=ICMP TYPE=8 CODE=0 ID=33823 SEQ=42876 Nov 9 10:21:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.93 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55720 DPT=990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12621 SEQ=1 Nov 9 10:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9196 SEQ=1 Nov 9 10:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1775 SEQ=1 Nov 9 10:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61449 SEQ=1 Nov 9 10:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3295 SEQ=1 Nov 9 10:21:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:21:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51711 PROTO=TCP SPT=58526 DPT=5520 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:21:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:21:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35465 SEQ=1 Nov 9 10:21:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.44 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59852 PROTO=TCP SPT=18284 DPT=48297 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:21:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1221 SEQ=1 Nov 9 10:21:35 server83 aibolit_wrapper[30373]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626638957196470.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626638957198204.txt --log=/tmp/malware_cleaner_log_17626638957199822.txt --progress=/tmp/malware_cleaner_progress_17626638957199386.json --csv_result=/tmp/revisium_csvfile_17626638957199556.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63187 SEQ=1 Nov 9 10:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24909 SEQ=1 Nov 9 10:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57406 SEQ=1 Nov 9 10:21:40 server83 aibolit_wrapper[30534]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639000740258.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639000741558.txt --log=/tmp/malware_cleaner_log_17626639000742908.txt --progress=/tmp/malware_cleaner_progress_17626639000742518.json --csv_result=/tmp/revisium_csvfile_17626639000742696.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:21:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:21:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.internal: ProactiveModel.Host should not be empty Nov 9 10:21:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 10:21:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 10:21:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:21:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49905 DPT=3917 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:21:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.15.34.47 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=1 DF PROTO=TCP SPT=61000 DPT=25565 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 10:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50334 SEQ=1 Nov 9 10:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8069 SEQ=1 Nov 9 10:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34042 SEQ=1 Nov 9 10:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50334 SEQ=1 Nov 9 10:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1037 SEQ=1 Nov 9 10:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55200 SEQ=1 Nov 9 10:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17556 SEQ=1 Nov 9 10:21:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3699 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:21:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3700 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59890 PROTO=TCP SPT=46370 DPT=1718 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:22:01 server83 systemd: Started Session 310359 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310360 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310358 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310361 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310364 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310362 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310363 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310365 of user root. Nov 9 10:22:01 server83 systemd: Started Session 310366 of user root. Nov 9 10:22:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51070 PROTO=TCP SPT=47732 DPT=4181 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59629 SEQ=1 Nov 9 10:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42201 SEQ=1 Nov 9 10:22:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60608 SEQ=1 Nov 9 10:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46123 SEQ=1 Nov 9 10:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27593 SEQ=1 Nov 9 10:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3507 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41381 SEQ=1 Nov 9 10:22:11 server83 aibolit_wrapper[31438]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639317345330.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639317346444.txt --log=/tmp/malware_cleaner_log_17626639317347560.txt --progress=/tmp/malware_cleaner_progress_17626639317347192.json --csv_result=/tmp/revisium_csvfile_17626639317347366.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39967 SEQ=1 Nov 9 10:22:17 server83 aibolit_wrapper[31572]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639372484960.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626639372486818.txt --progress=/tmp/malware_cleaner_progress_17626639372486618.json --csv_result=/tmp/revisium_csvfile_17626639372486708.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=14.116.219.149 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=19343 PROTO=TCP SPT=41381 DPT=2376 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.124.186.156 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=47929 PROTO=TCP SPT=32969 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21613 SEQ=1 Nov 9 10:22:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3698 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:22 server83 aibolit_wrapper[31751]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639427347446.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639427348974.txt --log=/tmp/malware_cleaner_log_17626639427350702.txt --progress=/tmp/malware_cleaner_progress_17626639427350314.json --csv_result=/tmp/revisium_csvfile_17626639427350492.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54556 SEQ=1 Nov 9 10:22:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44423 SEQ=1 Nov 9 10:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39967 SEQ=1 Nov 9 10:22:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:22:24 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 10:22:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38582 PROTO=TCP SPT=46370 DPT=1732 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:22:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40244 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:22:27 server83 aibolit_wrapper[31972]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639470054674.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639470056560.txt --log=/tmp/malware_cleaner_log_17626639470058578.txt --progress=/tmp/malware_cleaner_progress_17626639470058044.json --csv_result=/tmp/revisium_csvfile_17626639470058274.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:27 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56123 SEQ=1 Nov 9 10:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25189 SEQ=1 Nov 9 10:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52429 SEQ=1 Nov 9 10:22:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=65289 PROTO=TCP SPT=25428 DPT=22042 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:22:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39616 SEQ=1 Nov 9 10:22:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45249 SEQ=1 Nov 9 10:22:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2961 SEQ=1 Nov 9 10:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20028 SEQ=1 Nov 9 10:22:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:39 server83 systemd: Started Session c2866 of user root. Nov 9 10:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.199.18.204 DST=51.210.113.204 LEN=34 TOS=0x00 PREC=0x00 TTL=45 ID=37210 PROTO=ICMP TYPE=8 CODE=0 ID=37210 SEQ=0 Nov 9 10:22:39 server83 scripts.sh: Load Average: 3.11 , 2.51 Nov 9 10:22:39 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 10:22:39 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 10:22:39 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 10:22:39 server83 scripts.sh: HTTPD Status: inactive Nov 9 10:22:39 server83 scripts.sh: MySQL Status: active Nov 9 10:22:39 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 10:22:39 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 10:22:39 server83 scripts.sh: SSHD Status: active Nov 9 10:22:39 server83 scripts.sh: FTP Status: active Nov 9 10:22:39 server83 scripts.sh: LiteSpeed Status: Active Nov 9 10:22:39 server83 scripts.sh: Imunify Status: Active Nov 9 10:22:39 server83 scripts.sh: cPanel Status: active Nov 9 10:22:39 server83 scripts.sh: Memory Status: 12/31 GB - 38.95% Nov 9 10:22:39 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 10:22:39 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 10:22:39 server83 scripts.sh: Local Version: 4.4.5 Nov 9 10:22:40 server83 aibolit_wrapper[32332]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639602919624.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639602921248.txt --log=/tmp/malware_cleaner_log_17626639602922868.txt --progress=/tmp/malware_cleaner_progress_17626639602922338.json --csv_result=/tmp/revisium_csvfile_17626639602922574.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:43 server83 pam_imunify_daemon.bin: time="2025-11-09T10:22:43+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 10:22:44 server83 aibolit_wrapper[32420]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639645101308.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639645102560.txt --log=/tmp/malware_cleaner_log_17626639645104278.txt --progress=/tmp/malware_cleaner_progress_17626639645103888.json --csv_result=/tmp/revisium_csvfile_17626639645104084.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7481 PROTO=TCP SPT=56698 DPT=8223 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:22:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:22:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.include: ProactiveModel.Host should not be empty Nov 9 10:22:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 10:22:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:22:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10817 PROTO=TCP SPT=35696 DPT=6303 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59614 SEQ=1 Nov 9 10:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59568 SEQ=1 Nov 9 10:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10240 SEQ=1 Nov 9 10:22:51 server83 aibolit_wrapper[32603]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639716919538.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626639716921620.txt --progress=/tmp/malware_cleaner_progress_17626639716921310.json --csv_result=/tmp/revisium_csvfile_17626639716921442.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62628 SEQ=1 Nov 9 10:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62628 SEQ=1 Nov 9 10:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33443 SEQ=1 Nov 9 10:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3798 PROTO=TCP SPT=42111 DPT=2679 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:23:01 server83 systemd: Started Session 310367 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310368 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310369 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310370 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310372 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310371 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310374 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310375 of user root. Nov 9 10:23:01 server83 systemd: Started Session 310373 of user root. Nov 9 10:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29391 SEQ=1 Nov 9 10:23:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7854 PROTO=TCP SPT=34264 DPT=8285 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62363 SEQ=1 Nov 9 10:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50143 SEQ=1 Nov 9 10:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62363 SEQ=1 Nov 9 10:23:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31886 SEQ=1 Nov 9 10:23:11 server83 aibolit_wrapper[719]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639910919192.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626639910920696.txt --log=/tmp/malware_cleaner_log_17626639910921950.txt --progress=/tmp/malware_cleaner_progress_17626639910921602.json --csv_result=/tmp/revisium_csvfile_17626639910921752.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:23:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12981 DF PROTO=TCP SPT=52035 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:23:16 server83 aibolit_wrapper[853]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626639969116134.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626639969117660.txt --progress=/tmp/malware_cleaner_progress_17626639969117466.json --csv_result=/tmp/revisium_csvfile_17626639969117542.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:23:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12982 DF PROTO=TCP SPT=52035 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:23:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46997 SEQ=1 Nov 9 10:23:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12983 DF PROTO=TCP SPT=52035 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12611 SEQ=1 Nov 9 10:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25334 SEQ=1 Nov 9 10:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12611 SEQ=1 Nov 9 10:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.47 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=54575 PROTO=TCP SPT=56629 DPT=46093 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:23:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12984 DF PROTO=TCP SPT=52035 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:23:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:23:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:23:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50041 PROTO=TCP SPT=46370 DPT=2702 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:26 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:23:26 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:23:26 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:23:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:23:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1437 PROTO=TCP SPT=33408 DPT=6199 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3504 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.36.97.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=59796 DPT=2379 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.174 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55000 DPT=44344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20923 PROTO=TCP SPT=42111 DPT=2743 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12985 DF PROTO=TCP SPT=52035 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51309 SEQ=1 Nov 9 10:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60292 SEQ=1 Nov 9 10:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64880 SEQ=1 Nov 9 10:23:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59618 SEQ=1 Nov 9 10:23:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.77 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51277 DPT=9093 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=43029 PROTO=TCP SPT=56114 DPT=7821 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:23:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64880 SEQ=1 Nov 9 10:23:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.238 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49418 DPT=16000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:41 server83 aibolit_wrapper[1781]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640214691772.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640214693100.txt --log=/tmp/malware_cleaner_log_17626640214694070.txt --progress=/tmp/malware_cleaner_progress_17626640214693822.json --csv_result=/tmp/revisium_csvfile_17626640214693930.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:23:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=60.191.125.35 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=55900 DPT=8118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accept: ProactiveModel.Host should not be empty Nov 9 10:23:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41670 SEQ=1 Nov 9 10:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55332 SEQ=1 Nov 9 10:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24947 SEQ=1 Nov 9 10:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19430 SEQ=1 Nov 9 10:23:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49440 PROTO=TCP SPT=36178 DPT=8539 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:23:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.94 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55972 DPT=3151 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:24:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19480 PROTO=TCP SPT=46207 DPT=4595 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:24:01 server83 systemd: Started Session 310376 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310377 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310378 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310379 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310380 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310381 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310382 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310383 of user root. Nov 9 10:24:01 server83 systemd: Started Session 310384 of user root. Nov 9 10:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25192 SEQ=1 Nov 9 10:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63483 SEQ=1 Nov 9 10:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53616 SEQ=1 Nov 9 10:24:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=36494 PROTO=TCP SPT=56185 DPT=7920 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:24:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.25 DST=51.210.113.204 LEN=42 TOS=0x00 PREC=0x00 TTL=46 ID=51193 DF PROTO=UDP SPT=13101 DPT=11211 LEN=22 Nov 9 10:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27467 SEQ=1 Nov 9 10:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5111 SEQ=1 Nov 9 10:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=25077 DF PROTO=ICMP TYPE=8 CODE=0 ID=58674 SEQ=29292 Nov 9 10:24:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34577 PROTO=TCP SPT=60335 DPT=9900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:24:13 server83 aibolit_wrapper[2647]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640536598558.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640536599670.txt --log=/tmp/malware_cleaner_log_17626640536600526.txt --progress=/tmp/malware_cleaner_progress_17626640536600294.json --csv_result=/tmp/revisium_csvfile_17626640536600394.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21326 PROTO=TCP SPT=49120 DPT=3394 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:24:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17572 PROTO=TCP SPT=42928 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:24:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32080 SEQ=1 Nov 9 10:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17573 PROTO=TCP SPT=42928 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14719 PROTO=TCP SPT=34182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17574 PROTO=TCP SPT=42928 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5345 SEQ=1 Nov 9 10:24:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14720 PROTO=TCP SPT=34182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17575 PROTO=TCP SPT=42928 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:19 server83 aibolit_wrapper[2786]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640594950568.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640594952014.txt --log=/tmp/malware_cleaner_log_17626640594953720.txt --progress=/tmp/malware_cleaner_progress_17626640594953298.json --csv_result=/tmp/revisium_csvfile_17626640594953486.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14721 PROTO=TCP SPT=34182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14723 PROTO=TCP SPT=34182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43332 SEQ=1 Nov 9 10:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43332 SEQ=1 Nov 9 10:24:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.76 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=57818 DPT=8013 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:24:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43415 SEQ=1 Nov 9 10:24:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8395 PROTO=TCP SPT=46370 DPT=1987 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:24:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:24:28 server83 aibolit_wrapper[3065]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640687427220.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640687428282.txt --log=/tmp/malware_cleaner_log_17626640687429262.txt --progress=/tmp/malware_cleaner_progress_17626640687429004.json --csv_result=/tmp/revisium_csvfile_17626640687429126.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=18354 PROTO=TCP SPT=19534 DPT=20546 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:24:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35239 SEQ=1 Nov 9 10:24:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.251.67.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=738 PROTO=TCP SPT=41116 DPT=32222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:24:36 server83 aibolit_wrapper[3256]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640760081000.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640760082450.txt --log=/tmp/malware_cleaner_log_17626640760083998.txt --progress=/tmp/malware_cleaner_progress_17626640760083620.json --csv_result=/tmp/revisium_csvfile_17626640760083780.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28081 SEQ=1 Nov 9 10:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37716 SEQ=1 Nov 9 10:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6033 SEQ=1 Nov 9 10:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5228 SEQ=1 Nov 9 10:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=32889 DF PROTO=ICMP TYPE=8 CODE=0 ID=6538 SEQ=47268 Nov 9 10:24:42 server83 pam_imunify_daemon.bin: time="2025-11-09T10:24:42+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 10:24:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49510 PROTO=TCP SPT=57514 DPT=7595 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:24:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12807 PROTO=TCP SPT=49956 DPT=26792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:24:46 server83 aibolit_wrapper[3451]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640863199714.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640863200782.txt --log=/tmp/malware_cleaner_log_17626640863201614.txt --progress=/tmp/malware_cleaner_progress_17626640863201394.json --csv_result=/tmp/revisium_csvfile_17626640863201490.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.lock: ProactiveModel.Host should not be empty Nov 9 10:24:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:24:47 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:24:47 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45844 SEQ=1 Nov 9 10:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1180 SEQ=1 Nov 9 10:24:50 server83 aibolit_wrapper[3573]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640905212280.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626640905213520.txt --log=/tmp/malware_cleaner_log_17626640905214920.txt --progress=/tmp/malware_cleaner_progress_17626640905214552.json --csv_result=/tmp/revisium_csvfile_17626640905214716.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1180 SEQ=1 Nov 9 10:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43808 SEQ=1 Nov 9 10:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=166 SEQ=1 Nov 9 10:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40073 SEQ=1 Nov 9 10:24:54 server83 aibolit_wrapper[3655]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626640947466504.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626640947470412.txt --progress=/tmp/malware_cleaner_progress_17626640947469790.json --csv_result=/tmp/revisium_csvfile_17626640947470046.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4953] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4958] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4959] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4963] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4975] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4978] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:24:59 server83 NetworkManager[922]: <info> [1762664099.4990] dhcp4 (eth1): dhclient started with pid 3739 Nov 9 10:24:59 server83 dhclient[3739]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x591cc493) Nov 9 10:25:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.224.92.128 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55088 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:25:00 server83 aibolit_wrapper[3752]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641001496444.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641001498048.txt --log=/tmp/malware_cleaner_log_17626641001500190.txt --progress=/tmp/malware_cleaner_progress_17626641001499594.json --csv_result=/tmp/revisium_csvfile_17626641001499846.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:25:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=11435 PROTO=TCP SPT=56506 DPT=3396 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:25:01 server83 systemd: Started Session 310385 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310386 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310387 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310388 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310390 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310392 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310394 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310389 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310393 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310391 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310395 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310396 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310397 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310398 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310399 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310400 of user root. Nov 9 10:25:01 server83 systemd: Started Session 310401 of user root. Nov 9 10:25:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.140.218 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=3150 DF PROTO=TCP SPT=37130 DPT=1518 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39204 SEQ=1 Nov 9 10:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27543 SEQ=1 Nov 9 10:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11117 SEQ=1 Nov 9 10:25:05 server83 dhclient[3739]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x591cc493) Nov 9 10:25:05 server83 aibolit_wrapper[4032]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641058356890.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641058358440.txt --log=/tmp/malware_cleaner_log_17626641058360340.txt --progress=/tmp/malware_cleaner_progress_17626641058359820.json --csv_result=/tmp/revisium_csvfile_17626641058360030.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:25:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3124 SEQ=1 Nov 9 10:25:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12986 DF PROTO=TCP SPT=54564 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:25:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12987 DF PROTO=TCP SPT=54564 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:25:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12988 DF PROTO=TCP SPT=54564 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:25:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39447 PROTO=TCP SPT=45727 DPT=31959 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:25:12 server83 aibolit_wrapper[4174]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641128701088.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641128702340.txt --log=/tmp/malware_cleaner_log_17626641128703756.txt --progress=/tmp/malware_cleaner_progress_17626641128703402.json --csv_result=/tmp/revisium_csvfile_17626641128703548.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:25:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12989 DF PROTO=TCP SPT=54564 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:25:14 server83 dhclient[3739]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x591cc493) Nov 9 10:25:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.11.121 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=44 ID=0 DF PROTO=TCP SPT=56272 DPT=6002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:25:17 server83 aibolit_wrapper[4261]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641171531870.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641171532852.txt --log=/tmp/malware_cleaner_log_17626641171533974.txt --progress=/tmp/malware_cleaner_progress_17626641171533690.json --csv_result=/tmp/revisium_csvfile_17626641171533816.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:25:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10168 SEQ=1 Nov 9 10:25:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50394 SEQ=1 Nov 9 10:25:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21401 SEQ=1 Nov 9 10:25:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29923 SEQ=1 Nov 9 10:25:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10168 SEQ=1 Nov 9 10:25:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:25:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12990 DF PROTO=TCP SPT=54564 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:25:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=41448 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:25:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:25:28 server83 dhclient[3739]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x591cc493) Nov 9 10:25:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37292 PROTO=TCP SPT=45727 DPT=30288 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57270 SEQ=1 Nov 9 10:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16600 SEQ=1 Nov 9 10:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=167 SEQ=1 Nov 9 10:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55589 SEQ=1 Nov 9 10:25:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21562 SEQ=1 Nov 9 10:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9387 SEQ=1 Nov 9 10:25:35 server83 dhclient[3739]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x591cc493) Nov 9 10:25:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.115 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2018 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:25:40 server83 aibolit_wrapper[4820]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641404071382.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641404072754.txt --log=/tmp/malware_cleaner_log_17626641404074358.txt --progress=/tmp/malware_cleaner_progress_17626641404073886.json --csv_result=/tmp/revisium_csvfile_17626641404074088.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:25:44 server83 NetworkManager[922]: <warn> [1762664144.4503] dhcp4 (eth1): request timed out Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3739 Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:25:44 server83 NetworkManager[922]: <warn> [1762664144.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4709] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4717] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4725] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4727] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:25:44 server83 NetworkManager[922]: <info> [1762664144.4736] dhcp4 (eth1): dhclient started with pid 4896 Nov 9 10:25:44 server83 dhclient[4896]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x76563243) Nov 9 10:25:46 server83 aibolit_wrapper[4931]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641461303048.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641461303830.txt --log=/tmp/malware_cleaner_log_17626641461304566.txt --progress=/tmp/malware_cleaner_progress_17626641461304384.json --csv_result=/tmp/revisium_csvfile_17626641461304472.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:25:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:25:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.cache: ProactiveModel.Host should not be empty Nov 9 10:25:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:25:47 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 10:25:47 server83 systemd: Stopped Status Update Service. Nov 9 10:25:47 server83 systemd: Started Status Update Service. Nov 9 10:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47337 SEQ=1 Nov 9 10:25:50 server83 dhclient[4896]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x76563243) Nov 9 10:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50979 SEQ=1 Nov 9 10:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52869 SEQ=1 Nov 9 10:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13300 SEQ=1 Nov 9 10:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47337 SEQ=1 Nov 9 10:25:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.82.47.37 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40863 DPT=8015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=45896 DF PROTO=ICMP TYPE=8 CODE=0 ID=21948 SEQ=18840 Nov 9 10:25:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.178 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41873 PROTO=TCP SPT=60000 DPT=39622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:25:58 server83 dhclient[4896]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x76563243) Nov 9 10:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:26:01 server83 systemd: Started Session 310402 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310404 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310403 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310405 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310406 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310409 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310410 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310408 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310411 of user root. Nov 9 10:26:01 server83 systemd: Started Session 310407 of user root. Nov 9 10:26:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31371 SEQ=1 Nov 9 10:26:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38763 PROTO=TCP SPT=42111 DPT=2654 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:26:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56360 SEQ=1 Nov 9 10:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28130 SEQ=1 Nov 9 10:26:03 server83 aibolit_wrapper[5327]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641633745640.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641633747320.txt --log=/tmp/malware_cleaner_log_17626641633748970.txt --progress=/tmp/malware_cleaner_progress_17626641633748544.json --csv_result=/tmp/revisium_csvfile_17626641633748750.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12991 DF PROTO=TCP SPT=53338 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12992 DF PROTO=TCP SPT=53338 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60722 SEQ=1 Nov 9 10:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21163 SEQ=1 Nov 9 10:26:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12993 DF PROTO=TCP SPT=53338 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:08 server83 dhclient[4896]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x76563243) Nov 9 10:26:08 server83 aibolit_wrapper[5449]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641689487572.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641689488912.txt --log=/tmp/malware_cleaner_log_17626641689490314.txt --progress=/tmp/malware_cleaner_progress_17626641689489946.json --csv_result=/tmp/revisium_csvfile_17626641689490094.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56360 SEQ=1 Nov 9 10:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31371 SEQ=1 Nov 9 10:26:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=62672 DF PROTO=TCP SPT=58656 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:26:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=62673 DF PROTO=TCP SPT=58656 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:26:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12994 DF PROTO=TCP SPT=53338 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=62674 DF PROTO=TCP SPT=58656 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:26:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.193 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56954 DPT=9216 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:26:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=62675 DF PROTO=TCP SPT=58656 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34236 SEQ=1 Nov 9 10:26:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12995 DF PROTO=TCP SPT=56283 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12996 DF PROTO=TCP SPT=53338 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12997 DF PROTO=TCP SPT=56283 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12998 DF PROTO=TCP SPT=56283 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60998 SEQ=1 Nov 9 10:26:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:26:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=62676 DF PROTO=TCP SPT=58656 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:26:26 server83 dhclient[4896]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x76563243) Nov 9 10:26:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=12999 DF PROTO=TCP SPT=56283 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:28 server83 aibolit_wrapper[5942]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641881244672.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641881246596.txt --log=/tmp/malware_cleaner_log_17626641881249716.txt --progress=/tmp/malware_cleaner_progress_17626641881248920.json --csv_result=/tmp/revisium_csvfile_17626641881249302.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:26:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:26:29 server83 NetworkManager[922]: <warn> [1762664189.4483] dhcp4 (eth1): request timed out Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4484] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4643] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4896 Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4643] dhcp4 (eth1): state changed timeout -> done Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4645] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:26:29 server83 NetworkManager[922]: <warn> [1762664189.4648] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4649] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4676] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4679] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4679] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4681] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4689] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4690] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:26:29 server83 NetworkManager[922]: <info> [1762664189.4704] dhcp4 (eth1): dhclient started with pid 5972 Nov 9 10:26:29 server83 dhclient[5972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0xe2ec6d3) Nov 9 10:26:32 server83 dhclient[5972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0xe2ec6d3) Nov 9 10:26:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3697 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:26:32 server83 aibolit_wrapper[6020]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641924047982.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626641924050512.txt --progress=/tmp/malware_cleaner_progress_17626641924050200.json --csv_result=/tmp/revisium_csvfile_17626641924050364.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:26:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13000 DF PROTO=TCP SPT=56283 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:26:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56213 SEQ=1 Nov 9 10:26:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46601 SEQ=1 Nov 9 10:26:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47293 SEQ=1 Nov 9 10:26:37 server83 aibolit_wrapper[6155]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626641977332806.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626641977334116.txt --log=/tmp/malware_cleaner_log_17626641977335458.txt --progress=/tmp/malware_cleaner_progress_17626641977335034.json --csv_result=/tmp/revisium_csvfile_17626641977335212.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61782 SEQ=1 Nov 9 10:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51880 SEQ=1 Nov 9 10:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59571 SEQ=1 Nov 9 10:26:39 server83 dhclient[5972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0xe2ec6d3) Nov 9 10:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.14.74.80 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=24972 PROTO=TCP SPT=41380 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:26:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.include: ProactiveModel.Host should not be empty Nov 9 10:26:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:26:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.uconvert: ProactiveModel.Host should not be empty Nov 9 10:26:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:26:47 server83 dhclient[5972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0xe2ec6d3) Nov 9 10:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48620 SEQ=1 Nov 9 10:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15038 SEQ=1 Nov 9 10:26:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=40776 DPT=5988 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:26:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.127 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13786 DF PROTO=TCP SPT=57168 DPT=9696 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:26:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59869 SEQ=1 Nov 9 10:26:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48620 SEQ=1 Nov 9 10:26:54 server83 aibolit_wrapper[6431]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642141947132.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626642141948650.txt --log=/tmp/malware_cleaner_log_17626642141950128.txt --progress=/tmp/malware_cleaner_progress_17626642141949692.json --csv_result=/tmp/revisium_csvfile_17626642141949904.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:26:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33676 PROTO=TCP SPT=58603 DPT=33899 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:26:57 server83 dhclient[5972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0xe2ec6d3) Nov 9 10:26:59 server83 aibolit_wrapper[6514]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642197102468.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626642197103762.txt --log=/tmp/malware_cleaner_log_17626642197105000.txt --progress=/tmp/malware_cleaner_progress_17626642197104700.json --csv_result=/tmp/revisium_csvfile_17626642197104834.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:27:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=56154 DPT=5920 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:27:01 server83 systemd: Started Session 310414 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310416 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310415 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310417 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310413 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310412 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310418 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310420 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310419 of user root. Nov 9 10:27:01 server83 systemd: Started Session 310421 of user root. Nov 9 10:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41164 SEQ=1 Nov 9 10:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40778 SEQ=1 Nov 9 10:27:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.200.116.77 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34744 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14212 SEQ=1 Nov 9 10:27:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=37224 DF PROTO=ICMP TYPE=8 CODE=0 ID=55569 SEQ=49085 Nov 9 10:27:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:27:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8288 SEQ=1 Nov 9 10:27:05 server83 dhclient[5972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0xe2ec6d3) Nov 9 10:27:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.55 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=36566 DPT=4434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:27:07 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 10:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22526 SEQ=1 Nov 9 10:27:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3503 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3696 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19951 SEQ=1 Nov 9 10:27:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=47644 DF PROTO=ICMP TYPE=8 CODE=0 ID=14691 SEQ=4517 Nov 9 10:27:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:27:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:27:14 server83 NetworkManager[922]: <warn> [1762664234.4423] dhcp4 (eth1): request timed out Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5972 Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:27:14 server83 NetworkManager[922]: <warn> [1762664234.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4628] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4629] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4632] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4642] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4645] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:27:14 server83 NetworkManager[922]: <info> [1762664234.4659] dhcp4 (eth1): dhclient started with pid 7002 Nov 9 10:27:14 server83 dhclient[7002]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x35a88ac) Nov 9 10:27:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42156 PROTO=TCP SPT=45727 DPT=31882 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:19 server83 dhclient[7002]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x35a88ac) Nov 9 10:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60230 SEQ=1 Nov 9 10:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55966 SEQ=1 Nov 9 10:27:21 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 10:27:21 server83 pam_imunify_daemon.bin: time="2025-11-09T10:27:21+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 10:27:22 server83 aibolit_wrapper[7228]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642421512926.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626642421514492.txt --log=/tmp/malware_cleaner_log_17626642421515712.txt --progress=/tmp/malware_cleaner_progress_17626642421515376.json --csv_result=/tmp/revisium_csvfile_17626642421515522.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:27:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.205.241.175 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=47 ID=27893 PROTO=UDP SPT=31730 DPT=34556 LEN=520 Nov 9 10:27:26 server83 aibolit_wrapper[7342]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642464489216.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626642464490402.txt --log=/tmp/malware_cleaner_log_17626642464491804.txt --progress=/tmp/malware_cleaner_progress_17626642464491510.json --csv_result=/tmp/revisium_csvfile_17626642464491646.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:27:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=61109 PROTO=TCP SPT=33443 DPT=15021 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:27:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3695 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:27:31 server83 dhclient[7002]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x35a88ac) Nov 9 10:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37438 SEQ=1 Nov 9 10:27:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:27:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:27:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19697 SEQ=1 Nov 9 10:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53650 SEQ=1 Nov 9 10:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53650 SEQ=1 Nov 9 10:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62597 SEQ=1 Nov 9 10:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41604 SEQ=1 Nov 9 10:27:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.109.222 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=23180 DF PROTO=TCP SPT=24204 DPT=9011 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:27:41 server83 dhclient[7002]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x35a88ac) Nov 9 10:27:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24819 PROTO=TCP SPT=58603 DPT=3390 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.161.227 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=44262 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.161.227 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=44262 DPT=1194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.161.227 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=44262 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.190.161.227 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=44262 DPT=9201 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.161.227 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=44278 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 10:27:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 10:27:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 10:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:27:48 server83 aibolit_wrapper[8122]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642687208720.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626642687210398.txt --log=/tmp/malware_cleaner_log_17626642687212394.txt --progress=/tmp/malware_cleaner_progress_17626642687211926.json --csv_result=/tmp/revisium_csvfile_17626642687212152.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35236 SEQ=1 Nov 9 10:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62509 SEQ=1 Nov 9 10:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35236 SEQ=1 Nov 9 10:27:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=44276 DPT=5990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24238 SEQ=1 Nov 9 10:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8558 SEQ=1 Nov 9 10:27:52 server83 aibolit_wrapper[8281]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642729008284.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626642729009088.txt --log=/tmp/malware_cleaner_log_17626642729009902.txt --progress=/tmp/malware_cleaner_progress_17626642729009644.json --csv_result=/tmp/revisium_csvfile_17626642729009758.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24535 SEQ=1 Nov 9 10:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=54124 PROTO=TCP SPT=39749 DPT=18444 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:27:54 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 10:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17170 PROTO=TCP SPT=57143 DPT=8621 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.62 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51373 DPT=8176 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.67.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50788 DPT=8002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:27:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=19144 PROTO=TCP SPT=56114 DPT=7811 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:27:59 server83 aibolit_wrapper[8535]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626642792406048.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626642792409056.txt --progress=/tmp/malware_cleaner_progress_17626642792408696.json --csv_result=/tmp/revisium_csvfile_17626642792408840.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:27:59 server83 NetworkManager[922]: <warn> [1762664279.4504] dhcp4 (eth1): request timed out Nov 9 10:27:59 server83 NetworkManager[922]: <info> [1762664279.4505] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:27:59 server83 NetworkManager[922]: <info> [1762664279.4665] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7002 Nov 9 10:27:59 server83 NetworkManager[922]: <info> [1762664279.4665] dhcp4 (eth1): state changed timeout -> done Nov 9 10:27:59 server83 NetworkManager[922]: <info> [1762664279.4668] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:27:59 server83 NetworkManager[922]: <warn> [1762664279.4674] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:27:59 server83 NetworkManager[922]: <info> [1762664279.4676] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:28:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3694 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:28:01 server83 systemd: Started Session 310422 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310424 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310426 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310425 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310423 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310427 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310428 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310429 of user root. Nov 9 10:28:01 server83 systemd: Started Session 310430 of user root. Nov 9 10:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 10:28:01 server83 systemd: Started Session 310431 of user metalarts. Nov 9 10:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 10:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.254 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=10227 DF PROTO=TCP SPT=58478 DPT=9827 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3864 SEQ=1 Nov 9 10:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14638 SEQ=1 Nov 9 10:28:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61636 SEQ=1 Nov 9 10:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41725 SEQ=1 Nov 9 10:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23124 SEQ=1 Nov 9 10:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35671 SEQ=1 Nov 9 10:28:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1037 PROTO=TCP SPT=44623 DPT=7742 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:28:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58510 PROTO=TCP SPT=56025 DPT=5443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:28:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:28:20 server83 aibolit_wrapper[9288]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626643000949926.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626643000951458.txt --log=/tmp/malware_cleaner_log_17626643000952308.txt --progress=/tmp/malware_cleaner_progress_17626643000952112.json --csv_result=/tmp/revisium_csvfile_17626643000952194.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 10:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 10:28:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9565 SEQ=1 Nov 9 10:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41775 SEQ=1 Nov 9 10:28:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63748 PROTO=TCP SPT=49956 DPT=26891 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:28:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.92.30.137 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=59321 PROTO=TCP SPT=44036 DPT=5984 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:28:27 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:28:27 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:28:27 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:28:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10415 PROTO=TCP SPT=45727 DPT=30784 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:28:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.202.118.45 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=41907 PROTO=TCP SPT=50272 DPT=1962 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:28:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:28:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45775 SEQ=1 Nov 9 10:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3962 SEQ=1 Nov 9 10:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7213 SEQ=1 Nov 9 10:28:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.238 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=34574 PROTO=TCP SPT=59402 DPT=11304 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55390 SEQ=1 Nov 9 10:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52412 SEQ=1 Nov 9 10:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29974 SEQ=1 Nov 9 10:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44527 SEQ=1 Nov 9 10:28:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=149.106.151.249 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=50 ID=12265 PROTO=UDP SPT=5187 DPT=19110 LEN=520 Nov 9 10:28:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43111 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:28:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rjust: ProactiveModel.Host should not be empty Nov 9 10:28:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:28:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:28:49 server83 aibolit_wrapper[10213]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626643293390564.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626643293392088.txt --log=/tmp/malware_cleaner_log_17626643293393744.txt --progress=/tmp/malware_cleaner_progress_17626643293393178.json --csv_result=/tmp/revisium_csvfile_17626643293393424.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14667 SEQ=1 Nov 9 10:28:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30675 PROTO=TCP SPT=59485 DPT=7081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43974 SEQ=1 Nov 9 10:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35591 SEQ=1 Nov 9 10:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40929 SEQ=1 Nov 9 10:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60261 SEQ=1 Nov 9 10:28:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40929 SEQ=1 Nov 9 10:29:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60217 SEQ=1 Nov 9 10:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:29:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:29:01 server83 systemd: Started Session 310432 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310434 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310435 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310438 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310437 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310433 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310436 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310439 of user root. Nov 9 10:29:01 server83 systemd: Started Session 310440 of user root. Nov 9 10:29:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32998 SEQ=1 Nov 9 10:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39709 SEQ=1 Nov 9 10:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22112 SEQ=1 Nov 9 10:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13697 SEQ=1 Nov 9 10:29:05 server83 aibolit_wrapper[10746]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626643450508570.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626643450511778.txt --progress=/tmp/malware_cleaner_progress_17626643450511398.json --csv_result=/tmp/revisium_csvfile_17626643450511566.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:29:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:29:18 server83 aibolit_wrapper[11010]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626643586371210.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626643586373348.txt --log=/tmp/malware_cleaner_log_17626643586374550.txt --progress=/tmp/malware_cleaner_progress_17626643586374262.json --csv_result=/tmp/revisium_csvfile_17626643586374386.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41068 SEQ=1 Nov 9 10:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17976 SEQ=1 Nov 9 10:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32216 SEQ=1 Nov 9 10:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17820 SEQ=1 Nov 9 10:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50392 SEQ=1 Nov 9 10:29:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30692 PROTO=TCP SPT=45727 DPT=32757 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12528 SEQ=1 Nov 9 10:29:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24148 PROTO=TCP SPT=42434 DPT=8756 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:29:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51860 DPT=3030 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:29:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53677 PROTO=TCP SPT=52881 DPT=5215 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55215 DPT=9807 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35986 SEQ=1 Nov 9 10:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2327 SEQ=1 Nov 9 10:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13455 SEQ=1 Nov 9 10:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26662 SEQ=1 Nov 9 10:29:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4957 PROTO=TCP SPT=59756 DPT=6962 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4106 SEQ=1 Nov 9 10:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11499 SEQ=1 Nov 9 10:29:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37437 PROTO=TCP SPT=49956 DPT=29624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:29:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51391 PROTO=TCP SPT=45727 DPT=30458 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:29:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.uconvert: ProactiveModel.Host should not be empty Nov 9 10:29:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:29:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=10758 PROTO=TCP SPT=56753 DPT=8120 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:29:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:29:49 server83 pam_imunify_daemon.bin: time="2025-11-09T10:29:49+05:30" level=warning msg="Send stats for 6 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=6 Nov 9 10:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15321 SEQ=1 Nov 9 10:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50083 SEQ=1 Nov 9 10:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53015 SEQ=1 Nov 9 10:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20464 SEQ=1 Nov 9 10:29:51 server83 aibolit_wrapper[11873]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626643909917900.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626643909920210.txt --log=/tmp/malware_cleaner_log_17626643909922032.txt --progress=/tmp/malware_cleaner_progress_17626643909921452.json --csv_result=/tmp/revisium_csvfile_17626643909921696.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62836 SEQ=1 Nov 9 10:29:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54939 PROTO=TCP SPT=45727 DPT=33066 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:29:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43994 PROTO=TCP SPT=52092 DPT=6485 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:29:56 server83 aibolit_wrapper[12135]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626643966874740.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626643966876274.txt --log=/tmp/malware_cleaner_log_17626643966878458.txt --progress=/tmp/malware_cleaner_progress_17626643966877872.json --csv_result=/tmp/revisium_csvfile_17626643966878156.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:29:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53874 DPT=3030 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:30:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=407 PROTO=TCP SPT=44805 DPT=6427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:30:01 server83 systemd: Started Session 310441 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310442 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310443 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310445 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310446 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310449 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310450 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310452 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310453 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310448 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310447 of user root. Nov 9 10:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 10:30:01 server83 systemd: Started Session 310455 of user sanatanhinduvahi. Nov 9 10:30:01 server83 systemd: Started Session 310454 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310456 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310458 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310451 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310457 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310444 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310459 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310460 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310461 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310462 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310463 of user root. Nov 9 10:30:01 server83 systemd: Started Session 310464 of user root. Nov 9 10:30:01 server83 scripts.sh: Sun Nov 9 10:30:01 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:30:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 10:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1703 SEQ=1 Nov 9 10:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43524 SEQ=1 Nov 9 10:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13403 SEQ=1 Nov 9 10:30:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3913 SEQ=1 Nov 9 10:30:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42333 SEQ=1 Nov 9 10:30:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23229 SEQ=1 Nov 9 10:30:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=53132 DF PROTO=ICMP TYPE=8 CODE=0 ID=14776 SEQ=63944 Nov 9 10:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=804 PROTO=TCP SPT=42055 DPT=48094 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:30:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=12880 PROTO=TCP SPT=41811 DPT=2766 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:30:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13128 SEQ=1 Nov 9 10:30:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42587 SEQ=1 Nov 9 10:30:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49681 SEQ=1 Nov 9 10:30:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=4331 PROTO=TCP SPT=59857 DPT=2022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:30:20 server83 aibolit_wrapper[14866]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644208495672.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626644208497536.txt --log=/tmp/malware_cleaner_log_17626644208499418.txt --progress=/tmp/malware_cleaner_progress_17626644208498878.json --csv_result=/tmp/revisium_csvfile_17626644208499122.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42587 SEQ=1 Nov 9 10:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24149 SEQ=1 Nov 9 10:30:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40794 PROTO=TCP SPT=45727 DPT=33026 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:30:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.210 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=41597 PROTO=TCP SPT=56337 DPT=1110 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:30:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:30:26 server83 aibolit_wrapper[15500]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644261751706.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626644261753270.txt --log=/tmp/malware_cleaner_log_17626644261754838.txt --progress=/tmp/malware_cleaner_progress_17626644261754504.json --csv_result=/tmp/revisium_csvfile_17626644261754648.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:30:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3502 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:30:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:30:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=55759 PROTO=TCP SPT=40898 DPT=21 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43689 SEQ=1 Nov 9 10:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30707 SEQ=1 Nov 9 10:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47832 SEQ=1 Nov 9 10:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30707 SEQ=1 Nov 9 10:30:40 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.211.52.127 DST=51.210.113.204 LEN=82 TOS=0x14 PREC=0x00 TTL=49 ID=59252 PROTO=UDP SPT=60276 DPT=427 LEN=62 Nov 9 10:30:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38311 DPT=5988 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:30:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 10:30:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15894 SEQ=1 Nov 9 10:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45322 SEQ=1 Nov 9 10:30:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54096 SEQ=1 Nov 9 10:30:50 server83 aibolit_wrapper[18420]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644500801976.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626644500803614.txt --log=/tmp/malware_cleaner_log_17626644500804834.txt --progress=/tmp/malware_cleaner_progress_17626644500804514.json --csv_result=/tmp/revisium_csvfile_17626644500804648.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44657 SEQ=1 Nov 9 10:30:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31443 SEQ=1 Nov 9 10:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15894 SEQ=1 Nov 9 10:30:55 server83 aibolit_wrapper[19186]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644559832146.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626644559833338.txt --log=/tmp/malware_cleaner_log_17626644559834452.txt --progress=/tmp/malware_cleaner_progress_17626644559834168.json --csv_result=/tmp/revisium_csvfile_17626644559834300.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:31:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56389 PROTO=TCP SPT=47851 DPT=6151 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:31:01 server83 systemd: Started Session 310465 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310467 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310466 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310468 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310469 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310470 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310472 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310473 of user root. Nov 9 10:31:01 server83 systemd: Started Session 310471 of user root. Nov 9 10:31:01 server83 pam_imunify_daemon.bin: time="2025-11-09T10:31:01+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 10:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35672 SEQ=1 Nov 9 10:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35176 SEQ=1 Nov 9 10:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41362 SEQ=1 Nov 9 10:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45756 SEQ=1 Nov 9 10:31:05 server83 aibolit_wrapper[20581]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644652482216.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626644652485022.txt --progress=/tmp/malware_cleaner_progress_17626644652484686.json --csv_result=/tmp/revisium_csvfile_17626644652484838.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:31:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:31:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26080 PROTO=TCP SPT=35935 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26081 PROTO=TCP SPT=35935 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60787 PROTO=TCP SPT=35711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26082 PROTO=TCP SPT=35935 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60788 PROTO=TCP SPT=35711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26083 PROTO=TCP SPT=35935 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60789 PROTO=TCP SPT=35711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33835 SEQ=1 Nov 9 10:31:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60791 PROTO=TCP SPT=35711 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:19 server83 aibolit_wrapper[22563]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644792051594.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626644792053270.txt --log=/tmp/malware_cleaner_log_17626644792054904.txt --progress=/tmp/malware_cleaner_progress_17626644792054480.json --csv_result=/tmp/revisium_csvfile_17626644792054680.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21474 SEQ=1 Nov 9 10:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64098 SEQ=1 Nov 9 10:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23809 SEQ=1 Nov 9 10:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21474 SEQ=1 Nov 9 10:31:23 server83 aibolit_wrapper[23185]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626644834905724.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626644834907172.txt --log=/tmp/malware_cleaner_log_17626644834908360.txt --progress=/tmp/malware_cleaner_progress_17626644834908144.json --csv_result=/tmp/revisium_csvfile_17626644834908244.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28476 SEQ=1 Nov 9 10:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23809 SEQ=1 Nov 9 10:31:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=10088 PROTO=TCP SPT=55975 DPT=7601 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:31:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:31:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:31:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25866 PROTO=TCP SPT=56535 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=28689 PROTO=TCP SPT=52752 DPT=3052 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:31:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25867 PROTO=TCP SPT=56535 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:28 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:31:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41052 PROTO=TCP SPT=58802 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41053 PROTO=TCP SPT=58802 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41054 PROTO=TCP SPT=58802 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25870 PROTO=TCP SPT=56535 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41055 PROTO=TCP SPT=58802 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13492 SEQ=1 Nov 9 10:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51278 SEQ=1 Nov 9 10:31:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:31:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41056 PROTO=TCP SPT=58802 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56397 SEQ=1 Nov 9 10:31:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=53435 PROTO=TCP SPT=59419 DPT=37614 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:31:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.115 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51362 DPT=18017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:31:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=806 PROTO=TCP SPT=37601 DPT=4275 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:31:45 server83 aibolit_wrapper[26060]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645053722294.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645053724444.txt --log=/tmp/malware_cleaner_log_17626645053726030.txt --progress=/tmp/malware_cleaner_progress_17626645053725698.json --csv_result=/tmp/revisium_csvfile_17626645053725850.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:31:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:31:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 10:31:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 10:31:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:31:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:31:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27893 PROTO=TCP SPT=58626 DPT=5584 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:31:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60635 SEQ=1 Nov 9 10:31:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52568 DPT=13020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:31:51 server83 aibolit_wrapper[26814]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645110428550.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645110429698.txt --log=/tmp/malware_cleaner_log_17626645110430956.txt --progress=/tmp/malware_cleaner_progress_17626645110430668.json --csv_result=/tmp/revisium_csvfile_17626645110430798.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5037 SEQ=1 Nov 9 10:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47145 SEQ=1 Nov 9 10:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55324 SEQ=1 Nov 9 10:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30913 SEQ=1 Nov 9 10:31:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.217 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52352 DPT=9531 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:32:01 server83 systemd: Started Session 310474 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310476 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310475 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310478 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310477 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310479 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310482 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310481 of user root. Nov 9 10:32:01 server83 systemd: Started Session 310480 of user root. Nov 9 10:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54635 SEQ=1 Nov 9 10:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2978 SEQ=1 Nov 9 10:32:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38791 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4980 PROTO=TCP SPT=45727 DPT=33752 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:32:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.193 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=26121 PROTO=TCP SPT=53904 DPT=44432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28668 SEQ=1 Nov 9 10:32:08 server83 aibolit_wrapper[28904]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645282439134.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645282440624.txt --log=/tmp/malware_cleaner_log_17626645282441924.txt --progress=/tmp/malware_cleaner_progress_17626645282441612.json --csv_result=/tmp/revisium_csvfile_17626645282441760.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60343 SEQ=1 Nov 9 10:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11772 SEQ=1 Nov 9 10:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=189.1.234.100 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=38480 DF PROTO=ICMP TYPE=8 CODE=0 ID=1320 SEQ=62954 Nov 9 10:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7996 SEQ=1 Nov 9 10:32:09 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.56.180.42 DST=51.210.113.204 LEN=36 TOS=0x08 PREC=0x20 TTL=46 ID=5453 DF PROTO=UDP SPT=54588 DPT=123 LEN=16 Nov 9 10:32:10 server83 systemd: Started Session c2867 of user root. Nov 9 10:32:10 server83 scripts.sh: Load Average: 3.64 , 2.96 Nov 9 10:32:10 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 10:32:10 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 10:32:10 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 10:32:10 server83 scripts.sh: HTTPD Status: inactive Nov 9 10:32:10 server83 scripts.sh: MySQL Status: active Nov 9 10:32:10 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 10:32:10 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 10:32:10 server83 scripts.sh: SSHD Status: active Nov 9 10:32:10 server83 scripts.sh: FTP Status: active Nov 9 10:32:10 server83 scripts.sh: LiteSpeed Status: Active Nov 9 10:32:10 server83 scripts.sh: Imunify Status: Active Nov 9 10:32:10 server83 scripts.sh: cPanel Status: active Nov 9 10:32:10 server83 scripts.sh: Memory Status: 11/31 GB - 38.24% Nov 9 10:32:10 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 10:32:10 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 10:32:10 server83 scripts.sh: Local Version: 4.4.5 Nov 9 10:32:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47295 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:12 server83 PAM-hulk[29535]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 10:32:12 server83 aibolit_wrapper[29588]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645324941952.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645324943122.txt --log=/tmp/malware_cleaner_log_17626645324944372.txt --progress=/tmp/malware_cleaner_progress_17626645324944052.json --csv_result=/tmp/revisium_csvfile_17626645324944200.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:32:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.107 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57232 DPT=46840 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:32:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41437 SEQ=1 Nov 9 10:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2121 SEQ=1 Nov 9 10:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41437 SEQ=1 Nov 9 10:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41657 SEQ=1 Nov 9 10:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13585 SEQ=1 Nov 9 10:32:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.86 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=25830 PROTO=TCP SPT=60566 DPT=25565 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47554 SEQ=1 Nov 9 10:32:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32970 PROTO=TCP SPT=57227 DPT=4122 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:32:29 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:32:30 server83 aibolit_wrapper[32001]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645500221682.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645500223462.txt --log=/tmp/malware_cleaner_log_17626645500225234.txt --progress=/tmp/malware_cleaner_progress_17626645500224712.json --csv_result=/tmp/revisium_csvfile_17626645500224926.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:32:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.237 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56316 DPT=47132 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:35 server83 aibolit_wrapper[423]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645556098302.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645556099472.txt --log=/tmp/malware_cleaner_log_17626645556100666.txt --progress=/tmp/malware_cleaner_progress_17626645556100336.json --csv_result=/tmp/revisium_csvfile_17626645556100482.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51133 SEQ=1 Nov 9 10:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7674 SEQ=1 Nov 9 10:32:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.179 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54348 DPT=45118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64839 PROTO=TCP SPT=50986 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48351 SEQ=1 Nov 9 10:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17638 SEQ=1 Nov 9 10:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64840 PROTO=TCP SPT=50986 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:32:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42257 PROTO=TCP SPT=49182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:32:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64841 PROTO=TCP SPT=50986 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:32:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.141.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=40736 DPT=33060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42259 PROTO=TCP SPT=49182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:32:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42261 PROTO=TCP SPT=49182 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:32:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.classes: ProactiveModel.Host should not be empty Nov 9 10:32:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.config: ProactiveModel.Host should not be empty Nov 9 10:32:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.rindex: ProactiveModel.Host should not be empty Nov 9 10:32:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:32:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47663 PROTO=TCP SPT=57411 DPT=6062 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:49 server83 aibolit_wrapper[2338]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645692341370.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645692342802.txt --log=/tmp/malware_cleaner_log_17626645692344148.txt --progress=/tmp/malware_cleaner_progress_17626645692343838.json --csv_result=/tmp/revisium_csvfile_17626645692343974.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:32:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16719 SEQ=1 Nov 9 10:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51076 SEQ=1 Nov 9 10:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36301 SEQ=1 Nov 9 10:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10495 SEQ=1 Nov 9 10:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51076 SEQ=1 Nov 9 10:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36301 SEQ=1 Nov 9 10:32:53 server83 aibolit_wrapper[2956]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645735765070.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645735766248.txt --log=/tmp/malware_cleaner_log_17626645735767406.txt --progress=/tmp/malware_cleaner_progress_17626645735767114.json --csv_result=/tmp/revisium_csvfile_17626645735767248.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:32:55 server83 pam_imunify_daemon.bin: time="2025-11-09T10:32:55+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 10:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=1635 PROTO=TCP SPT=53360 DPT=33060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4876] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4881] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4882] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4885] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4896] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4899] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:32:59 server83 NetworkManager[922]: <info> [1762664579.4910] dhcp4 (eth1): dhclient started with pid 3737 Nov 9 10:32:59 server83 dhclient[3737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7418b688) Nov 9 10:33:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.18.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44630 DPT=33060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:33:01 server83 systemd: Started Session 310483 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310484 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310487 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310486 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310488 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310485 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310490 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310491 of user root. Nov 9 10:33:01 server83 systemd: Started Session 310489 of user root. Nov 9 10:33:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15703 SEQ=1 Nov 9 10:33:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.116.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=8563 PROTO=TCP SPT=40585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59817 SEQ=1 Nov 9 10:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61457 SEQ=1 Nov 9 10:33:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.116.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=8564 PROTO=TCP SPT=40585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31426 SEQ=1 Nov 9 10:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31426 SEQ=1 Nov 9 10:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=25084 PROTO=TCP SPT=33497 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.116.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=8565 PROTO=TCP SPT=40585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3699 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=25085 PROTO=TCP SPT=33497 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.116.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=8566 PROTO=TCP SPT=40585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=25086 PROTO=TCP SPT=33497 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.116.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=8567 PROTO=TCP SPT=40585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:06 server83 aibolit_wrapper[4830]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645868125744.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645868127492.txt --log=/tmp/malware_cleaner_log_17626645868129418.txt --progress=/tmp/malware_cleaner_progress_17626645868128844.json --csv_result=/tmp/revisium_csvfile_17626645868129100.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:33:07 server83 dhclient[3737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7418b688) Nov 9 10:33:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=25087 PROTO=TCP SPT=33497 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3700 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5397 SEQ=1 Nov 9 10:33:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12280 SEQ=1 Nov 9 10:33:12 server83 aibolit_wrapper[5591]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645921003178.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626645921004774.txt --log=/tmp/malware_cleaner_log_17626645921006174.txt --progress=/tmp/malware_cleaner_progress_17626645921005778.json --csv_result=/tmp/revisium_csvfile_17626645921005950.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:33:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.110 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=55766 PROTO=TCP SPT=35254 DPT=33060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:33:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27792 PROTO=TCP SPT=42055 DPT=9284 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:33:18 server83 aibolit_wrapper[6423]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626645985841818.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626645985844570.txt --progress=/tmp/malware_cleaner_progress_17626645985844136.json --csv_result=/tmp/revisium_csvfile_17626645985844330.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55177 SEQ=1 Nov 9 10:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18786 SEQ=1 Nov 9 10:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18786 SEQ=1 Nov 9 10:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55798 SEQ=1 Nov 9 10:33:21 server83 dhclient[3737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7418b688) Nov 9 10:33:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=1529 PROTO=TCP SPT=30347 DPT=47090 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:33:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17125 SEQ=1 Nov 9 10:33:23 server83 aibolit_wrapper[7126]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626646037868120.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626646037871364.txt --progress=/tmp/malware_cleaner_progress_17626646037870912.json --csv_result=/tmp/revisium_csvfile_17626646037871140.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:33:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.105.121 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=8919 PROTO=TCP SPT=50906 DPT=9529 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:33:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:33:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:33:29 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:33:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13001 DF PROTO=TCP SPT=65126 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:29 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:33:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13002 DF PROTO=TCP SPT=65147 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13003 DF PROTO=TCP SPT=65126 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40110 PROTO=TCP SPT=51569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13004 DF PROTO=TCP SPT=65147 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40111 PROTO=TCP SPT=51569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1674 SEQ=1 Nov 9 10:33:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31185 PROTO=TCP SPT=42113 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40113 PROTO=TCP SPT=51569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31186 PROTO=TCP SPT=42113 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40114 PROTO=TCP SPT=51569 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:35 server83 dhclient[3737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x7418b688) Nov 9 10:33:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31187 PROTO=TCP SPT=42113 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10545 SEQ=1 Nov 9 10:33:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38818 SEQ=1 Nov 9 10:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13007 DF PROTO=TCP SPT=65126 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40101 SEQ=1 Nov 9 10:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31188 PROTO=TCP SPT=42113 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13008 DF PROTO=TCP SPT=65147 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11525 SEQ=1 Nov 9 10:33:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39491 SEQ=1 Nov 9 10:33:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.18.236.124 DST=145.239.177.179 LEN=448 TOS=0x00 PREC=0x00 TTL=51 ID=25463 DF PROTO=UDP SPT=51652 DPT=5060 LEN=428 Nov 9 10:33:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32726 PROTO=TCP SPT=57963 DPT=4576 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=48863 PROTO=TCP SPT=48580 DPT=5002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13009 DF PROTO=TCP SPT=65126 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:44 server83 NetworkManager[922]: <warn> [1762664624.4504] dhcp4 (eth1): request timed out Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3737 Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:33:44 server83 NetworkManager[922]: <warn> [1762664624.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4718] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4729] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4732] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:33:44 server83 NetworkManager[922]: <info> [1762664624.4744] dhcp4 (eth1): dhclient started with pid 10045 Nov 9 10:33:44 server83 dhclient[10045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x71c55f57) Nov 9 10:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13011 DF PROTO=TCP SPT=65147 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.created: ProactiveModel.Host should not be empty Nov 9 10:33:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:33:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13013 DF PROTO=TCP SPT=65472 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:47 server83 dhclient[10045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x71c55f57) Nov 9 10:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55958 SEQ=1 Nov 9 10:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12478 SEQ=1 Nov 9 10:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22467 SEQ=1 Nov 9 10:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4127 SEQ=1 Nov 9 10:33:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13014 DF PROTO=TCP SPT=65472 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22467 SEQ=1 Nov 9 10:33:52 server83 dhclient[10045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x71c55f57) Nov 9 10:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49295 SEQ=1 Nov 9 10:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19677 SEQ=1 Nov 9 10:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24433 PROTO=TCP SPT=45760 DPT=5802 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.135.48 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=38 ID=0 DF PROTO=TCP SPT=57196 DPT=6014 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35226 PROTO=TCP SPT=41811 DPT=2448 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:33:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13015 DF PROTO=TCP SPT=65472 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:34:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:34:01 server83 systemd: Started Session 310493 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310498 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310496 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310497 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310492 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310494 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310495 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310499 of user root. Nov 9 10:34:01 server83 systemd: Started Session 310500 of user root. Nov 9 10:34:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11498 SEQ=1 Nov 9 10:34:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.139 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52238 DPT=47978 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:34:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.240 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50229 DPT=6066 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:34:06 server83 dhclient[10045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x71c55f57) Nov 9 10:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23770 SEQ=1 Nov 9 10:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20969 SEQ=1 Nov 9 10:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55229 SEQ=1 Nov 9 10:34:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=5943 PROTO=TCP SPT=40218 DPT=5679 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:34:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.168.101.27 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=62959 PROTO=TCP SPT=53455 DPT=8002 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:34:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.127 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=24326 PROTO=TCP SPT=50979 DPT=10103 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:34:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:34:17 server83 aibolit_wrapper[14010]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626646574592304.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626646574595582.txt --progress=/tmp/malware_cleaner_progress_17626646574595134.json --csv_result=/tmp/revisium_csvfile_17626646574595306.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:34:20 server83 dhclient[10045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x71c55f57) Nov 9 10:34:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1046 SEQ=1 Nov 9 10:34:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11793 SEQ=1 Nov 9 10:34:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8457 SEQ=1 Nov 9 10:34:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=9525 DF PROTO=ICMP TYPE=8 CODE=0 ID=213 SEQ=26825 Nov 9 10:34:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44953 PROTO=TCP SPT=46370 DPT=3262 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40570 SEQ=1 Nov 9 10:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48798 SEQ=1 Nov 9 10:34:27 server83 dhclient[10045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x71c55f57) Nov 9 10:34:29 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:34:29 server83 NetworkManager[922]: <warn> [1762664669.4507] dhcp4 (eth1): request timed out Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4507] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4586] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10045 Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4586] dhcp4 (eth1): state changed timeout -> done Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4588] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:34:29 server83 NetworkManager[922]: <warn> [1762664669.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4593] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4627] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4628] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4631] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4640] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4642] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:34:29 server83 NetworkManager[922]: <info> [1762664669.4652] dhcp4 (eth1): dhclient started with pid 15634 Nov 9 10:34:29 server83 dhclient[15634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x7dbeba78) Nov 9 10:34:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:34:33 server83 dhclient[15634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7dbeba78) Nov 9 10:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=61696 DF PROTO=ICMP TYPE=8 CODE=0 ID=27048 SEQ=1807 Nov 9 10:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5907 SEQ=1 Nov 9 10:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5907 SEQ=1 Nov 9 10:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6369 SEQ=1 Nov 9 10:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43942 SEQ=1 Nov 9 10:34:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13016 DF PROTO=TCP SPT=50495 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3903 SEQ=1 Nov 9 10:34:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13017 DF PROTO=TCP SPT=50495 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:34:40 server83 dhclient[15634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7dbeba78) Nov 9 10:34:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13018 DF PROTO=TCP SPT=50495 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:34:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.38 DST=145.239.177.179 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=35454 PROTO=TCP SPT=19330 DPT=2761 WINDOW=26040 RES=0x00 SYN URGP=0 Nov 9 10:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13019 DF PROTO=TCP SPT=50495 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42268 PROTO=TCP SPT=56477 DPT=6108 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:34:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:34:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.61 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54871 DPT=8059 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:34:48 server83 dhclient[15634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x7dbeba78) Nov 9 10:34:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11071 SEQ=1 Nov 9 10:34:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50755 SEQ=1 Nov 9 10:34:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:34:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:34:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13020 DF PROTO=TCP SPT=50495 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52136 SEQ=1 Nov 9 10:34:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31128 SEQ=1 Nov 9 10:34:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64403 PROTO=TCP SPT=46370 DPT=2435 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:34:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51604 SEQ=1 Nov 9 10:34:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.94.111.1 DST=51.210.113.204 LEN=43 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=54185 DPT=11211 LEN=23 Nov 9 10:34:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3692 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:34:59 server83 pam_imunify_daemon.bin: time="2025-11-09T10:34:59+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 10:35:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:35:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:35:01 server83 systemd: Started Session 310503 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310502 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310501 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310505 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310506 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310504 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310510 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310511 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310509 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310512 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310513 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310507 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310508 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310514 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310515 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310516 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310517 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310518 of user root. Nov 9 10:35:01 server83 systemd: Started Session 310519 of user root. Nov 9 10:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20551 PROTO=TCP SPT=56698 DPT=8219 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:35:05 server83 dhclient[15634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x7dbeba78) Nov 9 10:35:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36738 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:35:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42512 SEQ=1 Nov 9 10:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29800 SEQ=1 Nov 9 10:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24178 SEQ=1 Nov 9 10:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59725 SEQ=1 Nov 9 10:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46262 SEQ=1 Nov 9 10:35:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:35:14 server83 NetworkManager[922]: <warn> [1762664714.4477] dhcp4 (eth1): request timed out Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4477] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4556] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15634 Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4556] dhcp4 (eth1): state changed timeout -> done Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4559] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:35:14 server83 NetworkManager[922]: <warn> [1762664714.4566] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4569] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4607] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4613] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4615] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4621] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4632] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4636] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:35:14 server83 NetworkManager[922]: <info> [1762664714.4649] dhcp4 (eth1): dhclient started with pid 21859 Nov 9 10:35:14 server83 dhclient[21859]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x76ec709a) Nov 9 10:35:18 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 10:35:18 server83 systemd: Stopped Status Update Service. Nov 9 10:35:18 server83 systemd: Started Status Update Service. Nov 9 10:35:18 server83 PAM-hulk[22192]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 10:35:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62134 PROTO=TCP SPT=49956 DPT=25391 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:35:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.148 DST=145.239.177.179 LEN=655 TOS=0x00 PREC=0x00 TTL=31 ID=24148 PROTO=UDP SPT=16671 DPT=3702 LEN=635 Nov 9 10:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26530 SEQ=1 Nov 9 10:35:22 server83 dhclient[21859]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x76ec709a) Nov 9 10:35:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20575 PROTO=TCP SPT=57863 DPT=7554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39207 SEQ=1 Nov 9 10:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27023 SEQ=1 Nov 9 10:35:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40960 SEQ=1 Nov 9 10:35:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50025 SEQ=1 Nov 9 10:35:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:35:28 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:35:29 server83 aibolit_wrapper[23891]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626647290547116.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626647290548312.txt --log=/tmp/malware_cleaner_log_17626647290549300.txt --progress=/tmp/malware_cleaner_progress_17626647290549026.json --csv_result=/tmp/revisium_csvfile_17626647290549136.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:35:29 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:35:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46327 SEQ=1 Nov 9 10:35:36 server83 dhclient[21859]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x76ec709a) Nov 9 10:35:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17948 SEQ=1 Nov 9 10:35:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10212 SEQ=1 Nov 9 10:35:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17297 SEQ=1 Nov 9 10:35:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=3681 PROTO=TCP SPT=56753 DPT=8112 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:35:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33035 SEQ=1 Nov 9 10:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25804 SEQ=1 Nov 9 10:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39283 SEQ=1 Nov 9 10:35:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.168 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=38914 PROTO=TCP SPT=56746 DPT=4786 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:35:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3691 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43312 SEQ=1 Nov 9 10:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54288 SEQ=1 Nov 9 10:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54288 SEQ=1 Nov 9 10:35:56 server83 dhclient[21859]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x76ec709a) Nov 9 10:35:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51882 PROTO=TCP SPT=45727 DPT=30664 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:35:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.191.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=53760 DPT=6000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:35:59 server83 NetworkManager[922]: <warn> [1762664759.4459] dhcp4 (eth1): request timed out Nov 9 10:35:59 server83 NetworkManager[922]: <info> [1762664759.4460] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:35:59 server83 NetworkManager[922]: <info> [1762664759.4619] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21859 Nov 9 10:35:59 server83 NetworkManager[922]: <info> [1762664759.4620] dhcp4 (eth1): state changed timeout -> done Nov 9 10:35:59 server83 NetworkManager[922]: <info> [1762664759.4623] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:35:59 server83 NetworkManager[922]: <warn> [1762664759.4629] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:35:59 server83 NetworkManager[922]: <info> [1762664759.4632] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:36:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:36:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9531 PROTO=TCP SPT=36310 DPT=4788 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:36:01 server83 systemd: Started Session 310520 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310521 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310525 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310524 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310523 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310522 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310526 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310528 of user root. Nov 9 10:36:01 server83 systemd: Started Session 310527 of user root. Nov 9 10:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22615 SEQ=1 Nov 9 10:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41545 SEQ=1 Nov 9 10:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53870 SEQ=1 Nov 9 10:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54905 SEQ=1 Nov 9 10:36:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=209.141.34.20 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=20613 PROTO=TCP SPT=50715 DPT=10060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26177 SEQ=1 Nov 9 10:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21111 SEQ=1 Nov 9 10:36:17 server83 aibolit_wrapper[29752]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626647774531830.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626647774533104.txt --log=/tmp/malware_cleaner_log_17626647774534092.txt --progress=/tmp/malware_cleaner_progress_17626647774533858.json --csv_result=/tmp/revisium_csvfile_17626647774533964.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:36:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15010 SEQ=1 Nov 9 10:36:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46152 SEQ=1 Nov 9 10:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2497 SEQ=1 Nov 9 10:36:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:36:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2497 SEQ=1 Nov 9 10:36:23 server83 aibolit_wrapper[30895]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626647832111326.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626647832112128.txt --log=/tmp/malware_cleaner_log_17626647832112892.txt --progress=/tmp/malware_cleaner_progress_17626647832112670.json --csv_result=/tmp/revisium_csvfile_17626647832112778.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:36:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26081 SEQ=1 Nov 9 10:36:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.41.213 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=5145 DF PROTO=TCP SPT=47572 DPT=2579 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:36:31 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 10:36:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58480 SEQ=1 Nov 9 10:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37772 SEQ=1 Nov 9 10:36:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=46.23.108.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32753 DF PROTO=TCP SPT=60504 DPT=83 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:36:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:36:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=46.23.108.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32754 DF PROTO=TCP SPT=60504 DPT=83 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33597 SEQ=1 Nov 9 10:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46071 SEQ=1 Nov 9 10:36:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=46.23.108.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32755 DF PROTO=TCP SPT=60504 DPT=83 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:36:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=46.23.108.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32756 DF PROTO=TCP SPT=60504 DPT=83 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:36:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=15053 PROTO=TCP SPT=59841 DPT=2022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:36:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.206.225.82 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=27153 PROTO=TCP SPT=45391 DPT=7210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:36:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:36:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:36:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16951 SEQ=1 Nov 9 10:36:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57336 SEQ=1 Nov 9 10:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57336 SEQ=1 Nov 9 10:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1710 SEQ=1 Nov 9 10:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1710 SEQ=1 Nov 9 10:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20395 SEQ=1 Nov 9 10:36:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17453 SEQ=1 Nov 9 10:36:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7291 PROTO=TCP SPT=49956 DPT=25011 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:37:01 server83 systemd: Started Session 310531 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310530 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310532 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310529 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310533 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310534 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310536 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310535 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310537 of user root. Nov 9 10:37:01 server83 systemd: Started Session 310538 of user root. Nov 9 10:37:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.115.246 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2018 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:37:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19384 SEQ=1 Nov 9 10:37:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44808 SEQ=1 Nov 9 10:37:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29370 SEQ=1 Nov 9 10:37:05 server83 aibolit_wrapper[3916]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648255464324.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648255465274.txt --log=/tmp/malware_cleaner_log_17626648255466166.txt --progress=/tmp/malware_cleaner_progress_17626648255465924.json --csv_result=/tmp/revisium_csvfile_17626648255466034.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43479 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=147 SEQ=1 Nov 9 10:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43480 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23454 SEQ=1 Nov 9 10:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43481 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:37:09 server83 imunify-auditd-log-reader[9638]: lost 24 message sequences Nov 9 10:37:09 server83 aibolit_wrapper[4508]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648298106610.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648298108072.txt --log=/tmp/malware_cleaner_log_17626648298109736.txt --progress=/tmp/malware_cleaner_progress_17626648298109352.json --csv_result=/tmp/revisium_csvfile_17626648298109548.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43482 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17412 SEQ=1 Nov 9 10:37:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9171 PROTO=TCP SPT=44793 DPT=4243 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:37:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43483 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60737 SEQ=1 Nov 9 10:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5946 SEQ=1 Nov 9 10:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50053 SEQ=1 Nov 9 10:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5946 SEQ=1 Nov 9 10:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=15013 DF PROTO=ICMP TYPE=8 CODE=0 ID=54363 SEQ=17813 Nov 9 10:37:25 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 10:37:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3690 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=142.93.157.82 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=38669 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:37:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42567 SEQ=1 Nov 9 10:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44066 SEQ=1 Nov 9 10:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21120 SEQ=1 Nov 9 10:37:33 server83 pam_imunify_daemon.bin: time="2025-11-09T10:37:33+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 10:37:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43484 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.235.176.50 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=39873 DPT=123 LEN=200 Nov 9 10:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48023 SEQ=1 Nov 9 10:37:39 server83 aibolit_wrapper[8595]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648594210302.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648594211542.txt --log=/tmp/malware_cleaner_log_17626648594212658.txt --progress=/tmp/malware_cleaner_progress_17626648594212392.json --csv_result=/tmp/revisium_csvfile_17626648594212512.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5521 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=46261 PROTO=TCP SPT=56256 DPT=8021 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5522 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3697 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5523 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:44 server83 aibolit_wrapper[9344]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648648305572.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648648306572.txt --log=/tmp/malware_cleaner_log_17626648648307642.txt --progress=/tmp/malware_cleaner_progress_17626648648307364.json --csv_result=/tmp/revisium_csvfile_17626648648307496.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:37:44 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:37:44 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:37:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5524 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:37:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.lock: ProactiveModel.Host should not be empty Nov 9 10:37:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:37:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=55111 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:37:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33391 SEQ=1 Nov 9 10:37:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14815 SEQ=1 Nov 9 10:37:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6747 PROTO=TCP SPT=46370 DPT=2883 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:37:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.90 DST=145.239.177.179 LEN=142 TOS=0x00 PREC=0x00 TTL=35 ID=25738 PROTO=UDP SPT=44408 DPT=88 LEN=122 Nov 9 10:37:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=18159 PROTO=TCP SPT=56749 DPT=8301 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:37:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30115 PROTO=TCP SPT=53120 DPT=2793 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40258 SEQ=1 Nov 9 10:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58703 SEQ=1 Nov 9 10:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58587 SEQ=1 Nov 9 10:37:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5525 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:37:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3688 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:37:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.229 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39889 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:37:59 server83 aibolit_wrapper[11270]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648791438578.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648791440324.txt --log=/tmp/malware_cleaner_log_17626648791441730.txt --progress=/tmp/malware_cleaner_progress_17626648791441348.json --csv_result=/tmp/revisium_csvfile_17626648791441510.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:01 server83 systemd: Started Session 310539 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310541 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310540 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310542 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310545 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310543 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310546 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310544 of user root. Nov 9 10:38:01 server83 systemd: Started Session 310547 of user root. Nov 9 10:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25480 SEQ=1 Nov 9 10:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31341 SEQ=1 Nov 9 10:38:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18051 SEQ=1 Nov 9 10:38:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55396 SEQ=1 Nov 9 10:38:04 server83 aibolit_wrapper[11882]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648845587194.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648845588418.txt --log=/tmp/malware_cleaner_log_17626648845589836.txt --progress=/tmp/malware_cleaner_progress_17626648845589474.json --csv_result=/tmp/revisium_csvfile_17626648845589674.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.211.52.18 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=17210 DF PROTO=TCP SPT=18234 DPT=8081 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:38:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=29904 PROTO=TCP SPT=55975 DPT=7610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8292 SEQ=1 Nov 9 10:38:10 server83 aibolit_wrapper[12388]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648900453274.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626648900456388.txt --progress=/tmp/malware_cleaner_progress_17626648900455928.json --csv_result=/tmp/revisium_csvfile_17626648900456142.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43485 DF PROTO=TCP SPT=45444 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5526 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18452 PROTO=TCP SPT=33205 DPT=7443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29273 PROTO=TCP SPT=42055 DPT=48094 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:38:17 server83 aibolit_wrapper[13050]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626648974817942.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626648974819388.txt --log=/tmp/malware_cleaner_log_17626648974820554.txt --progress=/tmp/malware_cleaner_progress_17626648974820262.json --csv_result=/tmp/revisium_csvfile_17626648974820388.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9057 SEQ=1 Nov 9 10:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16572 DF PROTO=TCP SPT=42856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3696 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 10:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 10:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16573 DF PROTO=TCP SPT=42856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54576 SEQ=1 Nov 9 10:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46980 SEQ=1 Nov 9 10:38:21 server83 aibolit_wrapper[13445]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649016936636.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649016937980.txt --log=/tmp/malware_cleaner_log_17626649016939556.txt --progress=/tmp/malware_cleaner_progress_17626649016939096.json --csv_result=/tmp/revisium_csvfile_17626649016939312.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1331 SEQ=1 Nov 9 10:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54576 SEQ=1 Nov 9 10:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16574 DF PROTO=TCP SPT=42856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54278 DPT=5985 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13021 DF PROTO=TCP SPT=54517 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50335 SEQ=1 Nov 9 10:38:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13022 DF PROTO=TCP SPT=54517 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:38:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13023 DF PROTO=TCP SPT=54517 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:38:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52654 PROTO=TCP SPT=35299 DPT=6929 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.152.190 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=57957 PROTO=TCP SPT=50598 DPT=7210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:30 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:38:30 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:38:30 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24684 SEQ=1 Nov 9 10:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20234 SEQ=1 Nov 9 10:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23785 SEQ=1 Nov 9 10:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18435 SEQ=1 Nov 9 10:38:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52164 SEQ=1 Nov 9 10:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16576 DF PROTO=TCP SPT=42856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49365 DPT=9596 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:38:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.65.175 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=3914 DF PROTO=TCP SPT=41269 DPT=4550 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:38:37 server83 aibolit_wrapper[15073]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649179580434.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649179582212.txt --log=/tmp/malware_cleaner_log_17626649179584066.txt --progress=/tmp/malware_cleaner_progress_17626649179583624.json --csv_result=/tmp/revisium_csvfile_17626649179583824.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56086 SEQ=1 Nov 9 10:38:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3695 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:38:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13025 DF PROTO=TCP SPT=54517 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:38:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.236.74.65 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45017 DF PROTO=TCP SPT=46350 DPT=37215 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 10:38:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.236.74.65 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45018 DF PROTO=TCP SPT=46350 DPT=37215 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 10:38:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=200.9.154.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=43447 DPT=2024 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.236.74.65 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45019 DF PROTO=TCP SPT=46350 DPT=37215 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 10:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5527 DF PROTO=TCP SPT=52352 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:43 server83 aibolit_wrapper[15579]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649237507680.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649237508970.txt --log=/tmp/malware_cleaner_log_17626649237510410.txt --progress=/tmp/malware_cleaner_progress_17626649237510070.json --csv_result=/tmp/revisium_csvfile_17626649237510232.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.202 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54533 DPT=48767 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.config: ProactiveModel.Host should not be empty Nov 9 10:38:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accept: ProactiveModel.Host should not be empty Nov 9 10:38:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:38:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 10:38:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:38:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1450 SEQ=1 Nov 9 10:38:49 server83 aibolit_wrapper[16155]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649299395084.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649299396654.txt --log=/tmp/malware_cleaner_log_17626649299398760.txt --progress=/tmp/malware_cleaner_progress_17626649299398180.json --csv_result=/tmp/revisium_csvfile_17626649299398456.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55475 SEQ=1 Nov 9 10:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47608 SEQ=1 Nov 9 10:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14232 SEQ=1 Nov 9 10:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16577 DF PROTO=TCP SPT=42856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.142.222.118 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=42473 PROTO=TCP SPT=40606 DPT=8188 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63105 SEQ=1 Nov 9 10:38:55 server83 aibolit_wrapper[16690]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649355226972.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626649355230296.txt --progress=/tmp/malware_cleaner_progress_17626649355229750.json --csv_result=/tmp/revisium_csvfile_17626649355229988.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:38:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.59 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55679 DPT=48577 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:38:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.190.163.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40403 DPT=90 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.167 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43445 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:39:01 server83 aibolit_wrapper[17247]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649410795764.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649410796930.txt --log=/tmp/malware_cleaner_log_17626649410798048.txt --progress=/tmp/malware_cleaner_progress_17626649410797790.json --csv_result=/tmp/revisium_csvfile_17626649410797908.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:39:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26854 SEQ=1 Nov 9 10:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:39:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:39:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:39:01 server83 systemd: Started Session 310548 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310551 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310550 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310552 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310553 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310554 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310555 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310556 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310549 of user root. Nov 9 10:39:01 server83 systemd: Started Session 310557 of user root. Nov 9 10:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7788 SEQ=1 Nov 9 10:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21772 SEQ=1 Nov 9 10:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32503 SEQ=1 Nov 9 10:39:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13212 SEQ=1 Nov 9 10:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4492 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17036 PROTO=TCP SPT=49956 DPT=25106 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:39:07 server83 aibolit_wrapper[17994]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649473617470.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649473618898.txt --log=/tmp/malware_cleaner_log_17626649473620096.txt --progress=/tmp/malware_cleaner_progress_17626649473619786.json --csv_result=/tmp/revisium_csvfile_17626649473619926.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4493 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55462 SEQ=1 Nov 9 10:39:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4494 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3694 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:39:12 server83 kernel: lsphp[18420]: segfault at 4 ip 00000000006767c3 sp 00007ffcea7282c8 error 4 in lsphp[400000+3c2000] Nov 9 10:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.80 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48206 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4495 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.163.30.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=41274 DPT=6443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:39:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:39:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:39:16 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:39:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27497 SEQ=1 Nov 9 10:39:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34628 SEQ=1 Nov 9 10:39:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4496 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45437 SEQ=1 Nov 9 10:39:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45437 SEQ=1 Nov 9 10:39:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16578 DF PROTO=TCP SPT=42856 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.205.206 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=4605 DF PROTO=TCP SPT=43035 DPT=4236 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:39:29 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:39:29 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52158 SEQ=1 Nov 9 10:39:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26610 SEQ=1 Nov 9 10:39:32 server83 scripts.sh: Sun Nov 9 10:39:32 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:39:32 server83 aibolit_wrapper[20573]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649728383678.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649728385176.txt --log=/tmp/malware_cleaner_log_17626649728388172.txt --progress=/tmp/malware_cleaner_progress_17626649728386526.json --csv_result=/tmp/revisium_csvfile_17626649728387944.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47800 SEQ=1 Nov 9 10:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54127 SEQ=1 Nov 9 10:39:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.182 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=23494 PROTO=TCP SPT=24640 DPT=4840 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:39:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=218.104.149.112 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=7915 PROTO=TCP SPT=60864 DPT=9108 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:39:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:39:37 server83 aibolit_wrapper[20990]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626649770307924.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626649770308742.txt --log=/tmp/malware_cleaner_log_17626649770309492.txt --progress=/tmp/malware_cleaner_progress_17626649770309296.json --csv_result=/tmp/revisium_csvfile_17626649770309384.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4497 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26407 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26408 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46694 PROTO=TCP SPT=42111 DPT=2661 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26409 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:39:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 10:39:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 10:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18820 SEQ=1 Nov 9 10:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38554 PROTO=TCP SPT=45727 DPT=30705 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26410 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33972 SEQ=1 Nov 9 10:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44189 SEQ=1 Nov 9 10:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16662 SEQ=1 Nov 9 10:39:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.206.223 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4851 DF PROTO=TCP SPT=42430 DPT=7337 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45853 SEQ=1 Nov 9 10:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18820 SEQ=1 Nov 9 10:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55796 SEQ=1 Nov 9 10:39:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14152 PROTO=TCP SPT=61000 DPT=29149 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:39:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43197 SEQ=1 Nov 9 10:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26411 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:39:59 server83 pam_imunify_daemon.bin: time="2025-11-09T10:39:59+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 10:40:00 server83 aibolit_wrapper[23098]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650003788560.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650003790154.txt --log=/tmp/malware_cleaner_log_17626650003791410.txt --progress=/tmp/malware_cleaner_progress_17626650003791068.json --csv_result=/tmp/revisium_csvfile_17626650003791228.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:40:01 server83 systemd: Started Session 310561 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310558 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310562 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310559 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310560 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310563 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310564 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310565 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310566 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310567 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310569 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310568 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310570 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310571 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310573 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310574 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310572 of user root. Nov 9 10:40:01 server83 systemd: Started Session 310575 of user root. Nov 9 10:40:05 server83 aibolit_wrapper[23778]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650058836646.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650058838654.txt --log=/tmp/malware_cleaner_log_17626650058840312.txt --progress=/tmp/malware_cleaner_progress_17626650058839930.json --csv_result=/tmp/revisium_csvfile_17626650058840108.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:40:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=37308 PROTO=TCP SPT=55917 DPT=7501 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47653 SEQ=1 Nov 9 10:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18603 SEQ=1 Nov 9 10:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30925 SEQ=1 Nov 9 10:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33491 SEQ=1 Nov 9 10:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11201 SEQ=1 Nov 9 10:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46915 PROTO=TCP SPT=40107 DPT=5997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4498 DF PROTO=TCP SPT=36090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26412 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:12 server83 aibolit_wrapper[24395]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650125571688.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626650125574370.txt --progress=/tmp/malware_cleaner_progress_17626650125574064.json --csv_result=/tmp/revisium_csvfile_17626650125574194.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:40:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.249 DST=51.210.113.204 LEN=73 TOS=0x00 PREC=0x00 TTL=34 ID=54201 PROTO=UDP SPT=8490 DPT=63825 LEN=53 Nov 9 10:40:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13026 DF PROTO=TCP SPT=57444 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:40:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54228 PROTO=TCP SPT=56256 DPT=8016 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:40:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13027 DF PROTO=TCP SPT=57444 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:40:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5388 SEQ=1 Nov 9 10:40:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13028 DF PROTO=TCP SPT=57444 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42356 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42357 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2474 SEQ=1 Nov 9 10:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41417 SEQ=1 Nov 9 10:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14570 SEQ=1 Nov 9 10:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48475 SEQ=1 Nov 9 10:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13029 DF PROTO=TCP SPT=57444 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42358 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.65.175 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=7806 DF PROTO=TCP SPT=44776 DPT=1704 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:40:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42359 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47099 PROTO=TCP SPT=45727 DPT=33144 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:40:29 server83 aibolit_wrapper[25913]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650299804554.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650299806392.txt --log=/tmp/malware_cleaner_log_17626650299808042.txt --progress=/tmp/malware_cleaner_progress_17626650299807598.json --csv_result=/tmp/revisium_csvfile_17626650299807806.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:40:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13030 DF PROTO=TCP SPT=57444 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58127 SEQ=1 Nov 9 10:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6218 SEQ=1 Nov 9 10:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8729 SEQ=1 Nov 9 10:40:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.194.70.253 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=3044 DF PROTO=TCP SPT=45110 DPT=6747 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:40:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50121 SEQ=1 Nov 9 10:40:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62035 SEQ=1 Nov 9 10:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61397 SEQ=1 Nov 9 10:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18193 SEQ=1 Nov 9 10:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42360 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.211.149.241 DST=51.210.113.204 LEN=50 TOS=0x14 PREC=0x00 TTL=43 ID=28049 PROTO=ICMP TYPE=8 CODE=0 ID=15442 SEQ=39399 Nov 9 10:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61397 SEQ=1 Nov 9 10:40:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=65466 PROTO=TCP SPT=38490 DPT=1782 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:40:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.11.225 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=6007 DF PROTO=TCP SPT=39990 DPT=1809 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:40:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59709 PROTO=TCP SPT=49956 DPT=29974 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:40:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26413 DF PROTO=TCP SPT=40762 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=9384 PROTO=TCP SPT=59419 DPT=46332 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: circuit breaker is open Nov 9 10:40:46 server83 imunify360-php-daemon[734]: connections: {total = 17963, closed_as_old = 0, dropped = 1},#012messages: {total_received = 35300, blamer_received = 35091, blamer_filtered = 1327, aggregated = 1023, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 397, send = 0, send_failed = 515, stored = 117, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 14224, fevents_total = 11034,#012#011#011#011#011 fevents_filtered = {total = 24266, wrong_id = 133525, wrong_function_name = 8612685, match_file_false = 6001596, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 3534, fevents_stored_updated = 384, fevents_send_success = 0, fevents_send_failure = 392 } Nov 9 10:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 16809800 B, totalAlloc = 797540164568 B, sys = 68965640 B, rss = 191090688 B Nov 9 10:40:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:40:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9306 SEQ=1 Nov 9 10:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47731 SEQ=1 Nov 9 10:40:52 server83 aibolit_wrapper[27963]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650523486132.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650523486990.txt --log=/tmp/malware_cleaner_log_17626650523487704.txt --progress=/tmp/malware_cleaner_progress_17626650523487534.json --csv_result=/tmp/revisium_csvfile_17626650523487610.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42361 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19329 SEQ=1 Nov 9 10:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41623 SEQ=1 Nov 9 10:40:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28174 SEQ=1 Nov 9 10:40:57 server83 aibolit_wrapper[28553]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650579806702.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650579807870.txt --log=/tmp/malware_cleaner_log_17626650579809076.txt --progress=/tmp/malware_cleaner_progress_17626650579808724.json --csv_result=/tmp/revisium_csvfile_17626650579808876.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:40:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13031 DF PROTO=TCP SPT=58464 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4494] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4499] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4500] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4504] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4515] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4517] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:40:59 server83 NetworkManager[922]: <info> [1762665059.4530] dhcp4 (eth1): dhclient started with pid 28690 Nov 9 10:40:59 server83 dhclient[28690]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2f1308a7) Nov 9 10:40:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13032 DF PROTO=TCP SPT=58464 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:41:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35907 SEQ=1 Nov 9 10:41:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48504 SEQ=1 Nov 9 10:41:01 server83 systemd: Started Session 310577 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310576 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310579 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310578 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310580 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310581 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310582 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310583 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310584 of user root. Nov 9 10:41:01 server83 systemd: Started Session 310585 of user root. Nov 9 10:41:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13033 DF PROTO=TCP SPT=58464 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:41:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11241 SEQ=1 Nov 9 10:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5076 SEQ=1 Nov 9 10:41:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.115 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54164 DPT=9167 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:41:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13034 DF PROTO=TCP SPT=58464 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:41:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55643 PROTO=TCP SPT=41811 DPT=2767 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:41:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.35 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42035 PROTO=TCP SPT=9121 DPT=4877 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:41:07 server83 dhclient[28690]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x2f1308a7) Nov 9 10:41:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=43937 DPT=8008 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31657 SEQ=1 Nov 9 10:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28870 DF PROTO=TCP SPT=45542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=9184 DPT=8880 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45758 PROTO=TCP SPT=57143 DPT=8614 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:41:12 server83 aibolit_wrapper[29842]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650721985250.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650721986850.txt --log=/tmp/malware_cleaner_log_17626650721988760.txt --progress=/tmp/malware_cleaner_progress_17626650721988358.json --csv_result=/tmp/revisium_csvfile_17626650721988544.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:41:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=11054 DPT=888 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:41:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13035 DF PROTO=TCP SPT=58464 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:41:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28873 DF PROTO=TCP SPT=45542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:16 server83 dhclient[28690]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x2f1308a7) Nov 9 10:41:16 server83 aibolit_wrapper[29937]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650763993164.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650763994672.txt --log=/tmp/malware_cleaner_log_17626650763996406.txt --progress=/tmp/malware_cleaner_progress_17626650763995948.json --csv_result=/tmp/revisium_csvfile_17626650763996162.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39067 SEQ=1 Nov 9 10:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1854 SEQ=1 Nov 9 10:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10159 SEQ=1 Nov 9 10:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51399 SEQ=1 Nov 9 10:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10951 SEQ=1 Nov 9 10:41:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17940 PROTO=TCP SPT=53120 DPT=2404 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:41:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.203.59.6 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=229 ID=54321 PROTO=TCP SPT=58254 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1854 SEQ=1 Nov 9 10:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43893 SEQ=1 Nov 9 10:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28874 DF PROTO=TCP SPT=45542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:25 server83 dhclient[28690]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x2f1308a7) Nov 9 10:41:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42362 DF PROTO=TCP SPT=50046 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45499 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:41:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=39111 DPT=40815 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24738 SEQ=1 Nov 9 10:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46063 SEQ=1 Nov 9 10:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8961 SEQ=1 Nov 9 10:41:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62113 SEQ=1 Nov 9 10:41:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49816 SEQ=1 Nov 9 10:41:35 server83 aibolit_wrapper[30451]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650952085450.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650952086808.txt --log=/tmp/malware_cleaner_log_17626650952088140.txt --progress=/tmp/malware_cleaner_progress_17626650952087822.json --csv_result=/tmp/revisium_csvfile_17626650952087958.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:41:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.173.74 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5750 DF PROTO=TCP SPT=41643 DPT=10579 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:41:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:41:37 server83 dhclient[28690]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x2f1308a7) Nov 9 10:41:39 server83 aibolit_wrapper[30561]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626650994756234.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626650994757386.txt --log=/tmp/malware_cleaner_log_17626650994758582.txt --progress=/tmp/malware_cleaner_progress_17626650994758310.json --csv_result=/tmp/revisium_csvfile_17626650994758436.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28875 DF PROTO=TCP SPT=45542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:40 server83 systemd: Started Session c2868 of user root. Nov 9 10:41:41 server83 scripts.sh: Load Average: 2.83 , 3.13 Nov 9 10:41:41 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 10:41:41 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 10:41:41 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 10:41:41 server83 scripts.sh: HTTPD Status: inactive Nov 9 10:41:41 server83 scripts.sh: MySQL Status: active Nov 9 10:41:41 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 10:41:41 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 10:41:41 server83 scripts.sh: SSHD Status: active Nov 9 10:41:41 server83 scripts.sh: FTP Status: active Nov 9 10:41:41 server83 scripts.sh: LiteSpeed Status: Active Nov 9 10:41:41 server83 scripts.sh: Imunify Status: Active Nov 9 10:41:41 server83 scripts.sh: cPanel Status: active Nov 9 10:41:41 server83 scripts.sh: Memory Status: 11/31 GB - 38.26% Nov 9 10:41:41 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 10:41:41 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 10:41:41 server83 scripts.sh: Local Version: 4.4.5 Nov 9 10:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4434 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4435 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:44 server83 NetworkManager[922]: <warn> [1762665104.4414] dhcp4 (eth1): request timed out Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4414] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4574] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28690 Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4574] dhcp4 (eth1): state changed timeout -> done Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4576] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:41:44 server83 NetworkManager[922]: <warn> [1762665104.4582] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4584] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4617] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4623] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4624] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4628] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4639] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4641] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:41:44 server83 NetworkManager[922]: <info> [1762665104.4653] dhcp4 (eth1): dhclient started with pid 30782 Nov 9 10:41:44 server83 dhclient[30782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1594abf6) Nov 9 10:41:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4436 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:41:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.post: ProactiveModel.Host should not be empty Nov 9 10:41:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:41:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50687 SEQ=1 Nov 9 10:41:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.230 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49776 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:41:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4437 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30456 SEQ=1 Nov 9 10:41:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11894 SEQ=1 Nov 9 10:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46496 SEQ=1 Nov 9 10:41:51 server83 dhclient[30782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1594abf6) Nov 9 10:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8481 SEQ=1 Nov 9 10:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11894 SEQ=1 Nov 9 10:41:53 server83 aibolit_wrapper[30985]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651136618318.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626651136620880.txt --progress=/tmp/malware_cleaner_progress_17626651136620566.json --csv_result=/tmp/revisium_csvfile_17626651136620712.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:41:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.134 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=45478 PROTO=TCP SPT=55767 DPT=11165 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4438 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:41:58 server83 dhclient[30782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1594abf6) Nov 9 10:41:59 server83 aibolit_wrapper[31116]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651193237246.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626651193238674.txt --log=/tmp/malware_cleaner_log_17626651193240194.txt --progress=/tmp/malware_cleaner_progress_17626651193239806.json --csv_result=/tmp/revisium_csvfile_17626651193239998.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:41:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38016 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:01 server83 systemd: Started Session 310586 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310589 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310587 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310588 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310591 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310590 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310592 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310593 of user root. Nov 9 10:42:01 server83 systemd: Started Session 310594 of user root. Nov 9 10:42:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1809 SEQ=1 Nov 9 10:42:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21160 SEQ=1 Nov 9 10:42:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.128.159.59 DST=51.210.113.204 LEN=62 TOS=0x08 PREC=0x40 TTL=41 ID=58969 DF PROTO=ICMP TYPE=8 CODE=0 ID=52812 SEQ=34053 Nov 9 10:42:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37791 PROTO=TCP SPT=42055 DPT=44048 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49602 SEQ=1 Nov 9 10:42:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47211 SEQ=1 Nov 9 10:42:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:42:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.3.53.11 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=240 ID=54321 PROTO=TCP SPT=37730 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:04 server83 aibolit_wrapper[31343]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651248101912.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626651248102974.txt --log=/tmp/malware_cleaner_log_17626651248104202.txt --progress=/tmp/malware_cleaner_progress_17626651248103886.json --csv_result=/tmp/revisium_csvfile_17626651248104028.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:42:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3687 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:05 server83 dhclient[30782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1594abf6) Nov 9 10:42:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26898 SEQ=1 Nov 9 10:42:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50529 SEQ=1 Nov 9 10:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.208.236 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41263 DPT=808 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:14 server83 dhclient[30782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1594abf6) Nov 9 10:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28876 DF PROTO=TCP SPT=45542 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4439 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.186.171.52 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=34811 DPT=1212 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13429 SEQ=1 Nov 9 10:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3617 SEQ=1 Nov 9 10:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2251 SEQ=1 Nov 9 10:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2251 SEQ=1 Nov 9 10:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5166 SEQ=1 Nov 9 10:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13429 SEQ=1 Nov 9 10:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=310 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=311 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5166 SEQ=1 Nov 9 10:42:25 server83 aibolit_wrapper[31834]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651452848696.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626651452850286.txt --log=/tmp/malware_cleaner_log_17626651452852058.txt --progress=/tmp/malware_cleaner_progress_17626651452851456.json --csv_result=/tmp/revisium_csvfile_17626651452851732.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:42:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=312 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:26 server83 dhclient[30782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x1594abf6) Nov 9 10:42:29 server83 NetworkManager[922]: <warn> [1762665149.4410] dhcp4 (eth1): request timed out Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4410] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:42:29 server83 aibolit_wrapper[31931]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651494342964.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626651494344320.txt --log=/tmp/malware_cleaner_log_17626651494345682.txt --progress=/tmp/malware_cleaner_progress_17626651494345308.json --csv_result=/tmp/revisium_csvfile_17626651494345472.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4570] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 30782 Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4570] dhcp4 (eth1): state changed timeout -> done Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4573] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:42:29 server83 NetworkManager[922]: <warn> [1762665149.4579] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4582] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4618] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4624] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4625] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4630] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4641] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4645] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:42:29 server83 NetworkManager[922]: <info> [1762665149.4659] dhcp4 (eth1): dhclient started with pid 31943 Nov 9 10:42:29 server83 dhclient[31943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x25f22e36) Nov 9 10:42:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=313 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=330 PROTO=TCP SPT=53120 DPT=2421 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27214 SEQ=1 Nov 9 10:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59887 SEQ=1 Nov 9 10:42:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32 PROTO=TCP SPT=53120 DPT=2682 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:36 server83 dhclient[31943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x25f22e36) Nov 9 10:42:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11526 PROTO=TCP SPT=60506 DPT=4685 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:36 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:42:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=109.236.61.23 DST=145.239.177.179 LEN=66 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=10922 DPT=161 LEN=46 Nov 9 10:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45033 SEQ=1 Nov 9 10:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=314 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.72.206.178 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=28442 PROTO=TCP SPT=44851 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13036 DF PROTO=TCP SPT=60959 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:42:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13037 DF PROTO=TCP SPT=60959 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:42:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.148.147.222 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34348 DPT=5901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13038 DF PROTO=TCP SPT=60959 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:42:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43829 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:42:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13039 DF PROTO=TCP SPT=60959 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:42:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:42:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 10:42:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.locked: ProactiveModel.Host should not be empty Nov 9 10:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4440 DF PROTO=TCP SPT=36076 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.246 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56086 DPT=46315 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:49 server83 dhclient[31943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x25f22e36) Nov 9 10:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9740 SEQ=1 Nov 9 10:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51353 SEQ=1 Nov 9 10:42:50 server83 aibolit_wrapper[32721]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651708459546.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626651708461060.txt --log=/tmp/malware_cleaner_log_17626651708462674.txt --progress=/tmp/malware_cleaner_progress_17626651708462216.json --csv_result=/tmp/revisium_csvfile_17626651708462400.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54525 SEQ=1 Nov 9 10:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57234 SEQ=1 Nov 9 10:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55271 SEQ=1 Nov 9 10:42:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:42:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3686 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:42:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13040 DF PROTO=TCP SPT=60959 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=315 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:42:56 server83 aibolit_wrapper[484]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651761862058.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626651761862912.txt --log=/tmp/malware_cleaner_log_17626651761863928.txt --progress=/tmp/malware_cleaner_progress_17626651761863704.json --csv_result=/tmp/revisium_csvfile_17626651761863818.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:42:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=40533 DPT=40822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:42:57 server83 dhclient[31943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x25f22e36) Nov 9 10:42:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:43:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3685 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:43:01 server83 systemd: Started Session 310595 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310596 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310600 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310599 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310598 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310597 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310601 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310603 of user root. Nov 9 10:43:01 server83 systemd: Started Session 310602 of user root. Nov 9 10:43:01 server83 aibolit_wrapper[744]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626651817574486.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626651817577572.txt --progress=/tmp/malware_cleaner_progress_17626651817577176.json --csv_result=/tmp/revisium_csvfile_17626651817577374.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:43:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=33646 DPT=40792 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18069 SEQ=1 Nov 9 10:43:03 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.56.180.42 DST=145.239.177.179 LEN=36 TOS=0x08 PREC=0x20 TTL=46 ID=2132 DF PROTO=UDP SPT=45744 DPT=123 LEN=16 Nov 9 10:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4399 SEQ=1 Nov 9 10:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32885 SEQ=1 Nov 9 10:43:05 server83 dhclient[31943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x25f22e36) Nov 9 10:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57037 SEQ=1 Nov 9 10:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49462 SEQ=1 Nov 9 10:43:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26929 SEQ=1 Nov 9 10:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35307 SEQ=1 Nov 9 10:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6889 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6890 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:14 server83 NetworkManager[922]: <warn> [1762665194.4423] dhcp4 (eth1): request timed out Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 31943 Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:43:14 server83 NetworkManager[922]: <warn> [1762665194.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4625] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4629] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4630] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4633] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4643] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4646] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:43:14 server83 NetworkManager[922]: <info> [1762665194.4656] dhcp4 (eth1): dhclient started with pid 1349 Nov 9 10:43:14 server83 dhclient[1349]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x23753a0b) Nov 9 10:43:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6891 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48883 PROTO=TCP SPT=61000 DPT=29096 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28428 PROTO=TCP SPT=46939 DPT=4921 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:43:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6892 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:20 server83 aibolit_wrapper[1610]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652004056334.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626652004058078.txt --log=/tmp/malware_cleaner_log_17626652004060044.txt --progress=/tmp/malware_cleaner_progress_17626652004059544.json --csv_result=/tmp/revisium_csvfile_17626652004059746.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49915 SEQ=1 Nov 9 10:43:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19641 SEQ=1 Nov 9 10:43:20 server83 dhclient[1349]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x23753a0b) Nov 9 10:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12208 SEQ=1 Nov 9 10:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49915 SEQ=1 Nov 9 10:43:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.121.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=38322 DPT=3391 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15047 SEQ=1 Nov 9 10:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9473 SEQ=1 Nov 9 10:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9857 SEQ=1 Nov 9 10:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6893 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=316 DF PROTO=TCP SPT=41768 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53162 PROTO=TCP SPT=56949 DPT=8511 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1146 SEQ=1 Nov 9 10:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29429 SEQ=1 Nov 9 10:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3734 SEQ=1 Nov 9 10:43:34 server83 dhclient[1349]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x23753a0b) Nov 9 10:43:35 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:43:35 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:43:35 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28863 SEQ=1 Nov 9 10:43:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.212 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48008 DPT=5080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5812 SEQ=1 Nov 9 10:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3734 SEQ=1 Nov 9 10:43:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17683 SEQ=1 Nov 9 10:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5812 SEQ=1 Nov 9 10:43:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3684 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=28379 PROTO=TCP SPT=47431 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6894 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:44 server83 aibolit_wrapper[2499]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652247037792.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626652247039066.txt --log=/tmp/malware_cleaner_log_17626652247040234.txt --progress=/tmp/malware_cleaner_progress_17626652247039914.json --csv_result=/tmp/revisium_csvfile_17626652247040072.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48024 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48025 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 10:43:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:43:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.created: ProactiveModel.Host should not be empty Nov 9 10:43:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.class: ProactiveModel.Host should not be empty Nov 9 10:43:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:43:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:43:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64143 SEQ=1 Nov 9 10:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49510 SEQ=1 Nov 9 10:43:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3207 SEQ=1 Nov 9 10:43:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48026 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:48 server83 aibolit_wrapper[2612]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652289158880.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626652289159618.txt --log=/tmp/malware_cleaner_log_17626652289160654.txt --progress=/tmp/malware_cleaner_progress_17626652289160344.json --csv_result=/tmp/revisium_csvfile_17626652289160494.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:43:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46449 SEQ=1 Nov 9 10:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48027 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:43:53 server83 pam_imunify_daemon.bin: time="2025-11-09T10:43:53+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 10:43:54 server83 dhclient[1349]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x23753a0b) Nov 9 10:43:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3207 SEQ=1 Nov 9 10:43:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13619 SEQ=1 Nov 9 10:43:59 server83 NetworkManager[922]: <warn> [1762665239.4473] dhcp4 (eth1): request timed out Nov 9 10:43:59 server83 NetworkManager[922]: <info> [1762665239.4473] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:43:59 server83 NetworkManager[922]: <info> [1762665239.4552] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1349 Nov 9 10:43:59 server83 NetworkManager[922]: <info> [1762665239.4552] dhcp4 (eth1): state changed timeout -> done Nov 9 10:43:59 server83 NetworkManager[922]: <info> [1762665239.4554] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:43:59 server83 NetworkManager[922]: <warn> [1762665239.4560] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:43:59 server83 NetworkManager[922]: <info> [1762665239.4562] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48028 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:44:01 server83 systemd: Started Session 310604 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310605 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310606 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310607 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310610 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310609 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310608 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310611 of user root. Nov 9 10:44:01 server83 systemd: Started Session 310612 of user root. Nov 9 10:44:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25998 PROTO=TCP SPT=49956 DPT=27804 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:44:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3503 SEQ=1 Nov 9 10:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13857 SEQ=1 Nov 9 10:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26380 SEQ=1 Nov 9 10:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10885 SEQ=1 Nov 9 10:44:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.61 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53282 DPT=990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:44:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57216 PROTO=TCP SPT=46370 DPT=1623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:44:14 server83 aibolit_wrapper[3375]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652541279528.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626652541281150.txt --log=/tmp/malware_cleaner_log_17626652541282836.txt --progress=/tmp/malware_cleaner_progress_17626652541282378.json --csv_result=/tmp/revisium_csvfile_17626652541282582.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48029 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6895 DF PROTO=TCP SPT=51500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:18 server83 aibolit_wrapper[3598]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652583924952.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626652583926646.txt --log=/tmp/malware_cleaner_log_17626652583928712.txt --progress=/tmp/malware_cleaner_progress_17626652583928292.json --csv_result=/tmp/revisium_csvfile_17626652583928490.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.169.7 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=6442 DF PROTO=TCP SPT=48274 DPT=30 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31887 SEQ=1 Nov 9 10:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65507 SEQ=1 Nov 9 10:44:23 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:44:25 server83 aibolit_wrapper[3849]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652654559272.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626652654562828.txt --progress=/tmp/malware_cleaner_progress_17626652654562402.json --csv_result=/tmp/revisium_csvfile_17626652654562606.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11332 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11333 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11334 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.127.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=49079 DPT=4545 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:44:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=11639 PROTO=TCP SPT=56033 DPT=7723 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:44:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.211 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4464 DF PROTO=TCP SPT=48126 DPT=1477 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11335 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=193 SEQ=1 Nov 9 10:44:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60320 SEQ=1 Nov 9 10:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60320 SEQ=1 Nov 9 10:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47648 SEQ=1 Nov 9 10:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28312 SEQ=1 Nov 9 10:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11336 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:44 server83 aibolit_wrapper[4449]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626652848623212.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626652848624796.txt --log=/tmp/malware_cleaner_log_17626652848626900.txt --progress=/tmp/malware_cleaner_progress_17626652848626354.json --csv_result=/tmp/revisium_csvfile_17626652848626590.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:44:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:44:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:44:48 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 10:44:48 server83 systemd: Stopped Status Update Service. Nov 9 10:44:48 server83 systemd: Started Status Update Service. Nov 9 10:44:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:44:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48030 DF PROTO=TCP SPT=58860 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49088 SEQ=1 Nov 9 10:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1747 SEQ=1 Nov 9 10:44:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39543 SEQ=1 Nov 9 10:44:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4389 PROTO=TCP SPT=34731 DPT=7136 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:44:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49784 PROTO=TCP SPT=46370 DPT=1770 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44179 SEQ=1 Nov 9 10:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11337 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.51.225 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4078 DF PROTO=TCP SPT=45834 DPT=2771 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:44:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50119 DPT=5343 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:45:01 server83 systemd: Started Session 310613 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310615 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310614 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310616 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310617 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310619 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310622 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310621 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310620 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310618 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310625 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310624 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310626 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310623 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310627 of user root. Nov 9 10:45:01 server83 systemd: Started Session 310628 of user root. Nov 9 10:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 10:45:01 server83 systemd: Started Session 310630 of user sanatanhinduvahi. Nov 9 10:45:01 server83 systemd: Started Session 310629 of user root. Nov 9 10:45:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 10:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12054 SEQ=1 Nov 9 10:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26839 SEQ=1 Nov 9 10:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9369 SEQ=1 Nov 9 10:45:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=54331 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.139 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56903 DPT=46919 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:06 server83 aibolit_wrapper[5281]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653061082790.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653061084702.txt --log=/tmp/malware_cleaner_log_17626653061086674.txt --progress=/tmp/malware_cleaner_progress_17626653061086140.json --csv_result=/tmp/revisium_csvfile_17626653061086416.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13681 DF PROTO=TCP SPT=58022 DPT=7777 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=5438 DF PROTO=TCP SPT=42206 DPT=10250 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=48220 DF PROTO=TCP SPT=43994 DPT=13389 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=29993 DF PROTO=TCP SPT=53184 DPT=1521 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12054 SEQ=1 Nov 9 10:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55456 SEQ=1 Nov 9 10:45:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=56399 DF PROTO=TCP SPT=57704 DPT=22222 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28874 SEQ=1 Nov 9 10:45:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=39063 DF PROTO=TCP SPT=43470 DPT=11099 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:12 server83 aibolit_wrapper[5639]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653123346096.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653123347784.txt --log=/tmp/malware_cleaner_log_17626653123349178.txt --progress=/tmp/malware_cleaner_progress_17626653123348796.json --csv_result=/tmp/revisium_csvfile_17626653123348966.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:45:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.158.98 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=46 ID=0 DF PROTO=TCP SPT=51406 DPT=6014 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.218.94.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=61406 DF PROTO=TCP SPT=45354 DPT=7990 WINDOW=62727 RES=0x00 SYN URGP=0 Nov 9 10:45:18 server83 aibolit_wrapper[5805]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653179955840.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653179956978.txt --log=/tmp/malware_cleaner_log_17626653179958162.txt --progress=/tmp/malware_cleaner_progress_17626653179957858.json --csv_result=/tmp/revisium_csvfile_17626653179958000.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:45:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45662 SEQ=1 Nov 9 10:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18688 DF PROTO=TCP SPT=51646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=7846 PROTO=TCP SPT=20631 DPT=33389 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:45:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12549 SEQ=1 Nov 9 10:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26572 SEQ=1 Nov 9 10:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57030 SEQ=1 Nov 9 10:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63081 SEQ=1 Nov 9 10:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18689 DF PROTO=TCP SPT=51646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12549 SEQ=1 Nov 9 10:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18690 DF PROTO=TCP SPT=51646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=11338 DF PROTO=TCP SPT=55642 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41768 SEQ=1 Nov 9 10:45:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10310 SEQ=1 Nov 9 10:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45380 SEQ=1 Nov 9 10:45:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57637 SEQ=1 Nov 9 10:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12596 SEQ=1 Nov 9 10:45:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24730 PROTO=TCP SPT=57126 DPT=4961 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:40 server83 aibolit_wrapper[6603]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653402400922.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653402402218.txt --log=/tmp/malware_cleaner_log_17626653402403326.txt --progress=/tmp/malware_cleaner_progress_17626653402402954.json --csv_result=/tmp/revisium_csvfile_17626653402403156.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:45:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=55407 PROTO=TCP SPT=56765 DPT=8300 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:45:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.180.157.88 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=36719 DPT=1212 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.176 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37185 DPT=4080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=48097 PROTO=TCP SPT=49858 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2363 PROTO=TCP SPT=38875 DPT=2002 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:45:44 server83 aibolit_wrapper[6832]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653444811584.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653444812646.txt --log=/tmp/malware_cleaner_log_17626653444813848.txt --progress=/tmp/malware_cleaner_progress_17626653444813550.json --csv_result=/tmp/revisium_csvfile_17626653444813686.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:45:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:45:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:45:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18691 DF PROTO=TCP SPT=51646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56023 SEQ=1 Nov 9 10:45:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37107 SEQ=1 Nov 9 10:45:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8507 SEQ=1 Nov 9 10:45:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.217.194.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53818 DPT=5959 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64299 DF PROTO=TCP SPT=43376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4218 SEQ=1 Nov 9 10:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64300 DF PROTO=TCP SPT=43376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.172 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2020 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:45:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33921 PROTO=TCP SPT=49956 DPT=28094 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:45:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46205 PROTO=TCP SPT=40387 DPT=4027 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:45:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18574 SEQ=1 Nov 9 10:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44751 SEQ=1 Nov 9 10:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=128.9.29.131 DST=145.239.177.179 LEN=32 TOS=0x00 PREC=0x00 TTL=48 ID=32487 DF PROTO=ICMP TYPE=8 CODE=0 ID=7902 SEQ=4685 Nov 9 10:45:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.204.255.106 DST=145.239.177.179 LEN=531 TOS=0x00 PREC=0x00 TTL=48 ID=45809 DF PROTO=UDP SPT=5082 DPT=5060 LEN=511 Nov 9 10:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4218 SEQ=1 Nov 9 10:45:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14273 PROTO=TCP SPT=56949 DPT=8517 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64302 DF PROTO=TCP SPT=43376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:46:01 server83 systemd: Started Session 310632 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310631 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310633 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310634 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310636 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310635 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310637 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310638 of user root. Nov 9 10:46:01 server83 systemd: Started Session 310639 of user root. Nov 9 10:46:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37011 SEQ=1 Nov 9 10:46:05 server83 aibolit_wrapper[7676]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653651176278.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653651177704.txt --log=/tmp/malware_cleaner_log_17626653651179400.txt --progress=/tmp/malware_cleaner_progress_17626653651178916.json --csv_result=/tmp/revisium_csvfile_17626653651179114.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64303 DF PROTO=TCP SPT=43376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3692 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:46:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51301 SEQ=1 Nov 9 10:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31337 SEQ=1 Nov 9 10:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43511 SEQ=1 Nov 9 10:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14144 SEQ=1 Nov 9 10:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37011 SEQ=1 Nov 9 10:46:10 server83 aibolit_wrapper[7876]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653706191024.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653706192474.txt --log=/tmp/malware_cleaner_log_17626653706194384.txt --progress=/tmp/malware_cleaner_progress_17626653706193876.json --csv_result=/tmp/revisium_csvfile_17626653706194078.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:46:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13041 DF PROTO=TCP SPT=64669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:46:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13042 DF PROTO=TCP SPT=64669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:46:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13043 DF PROTO=TCP SPT=64669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:46:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.148 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=7780 PROTO=TCP SPT=45591 DPT=3924 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:46:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34550 PROTO=TCP SPT=42055 DPT=4359 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:46:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13044 DF PROTO=TCP SPT=64669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:46:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5265 PROTO=TCP SPT=55138 DPT=4085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18692 DF PROTO=TCP SPT=51646 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:20 server83 pam_imunify_daemon.bin: time="2025-11-09T10:46:20+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 10:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64304 DF PROTO=TCP SPT=43376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=22173 PROTO=TCP SPT=56185 DPT=7923 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=26000 DF PROTO=ICMP TYPE=8 CODE=0 ID=18361 SEQ=49145 Nov 9 10:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37323 SEQ=1 Nov 9 10:46:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:46:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13045 DF PROTO=TCP SPT=64669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:46:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21089 DF PROTO=TCP SPT=40572 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=44521 PROTO=TCP SPT=6853 DPT=6760 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21090 DF PROTO=TCP SPT=40572 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:46:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:46:32 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:46:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21091 DF PROTO=TCP SPT=40572 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:33 server83 aibolit_wrapper[8758]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653937927834.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653937928986.txt --log=/tmp/malware_cleaner_log_17626653937929934.txt --progress=/tmp/malware_cleaner_progress_17626653937929664.json --csv_result=/tmp/revisium_csvfile_17626653937929776.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40038 SEQ=1 Nov 9 10:46:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21092 DF PROTO=TCP SPT=40572 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55780 SEQ=1 Nov 9 10:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11201 SEQ=1 Nov 9 10:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37075 SEQ=1 Nov 9 10:46:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53737 SEQ=1 Nov 9 10:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53737 SEQ=1 Nov 9 10:46:39 server83 aibolit_wrapper[8954]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626653991768926.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626653991769798.txt --log=/tmp/malware_cleaner_log_17626653991770594.txt --progress=/tmp/malware_cleaner_progress_17626653991770392.json --csv_result=/tmp/revisium_csvfile_17626653991770496.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:46:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55744 PROTO=TCP SPT=45727 DPT=30315 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21093 DF PROTO=TCP SPT=40572 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.config: ProactiveModel.Host should not be empty Nov 9 10:46:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accept: ProactiveModel.Host should not be empty Nov 9 10:46:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=40925 DPT=4081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4096 SEQ=1 Nov 9 10:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8337 SEQ=1 Nov 9 10:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6396 SEQ=1 Nov 9 10:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6396 SEQ=1 Nov 9 10:46:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4096 SEQ=1 Nov 9 10:46:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64305 DF PROTO=TCP SPT=43376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:46:55 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 10:46:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31579 PROTO=TCP SPT=40461 DPT=7656 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:47:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45502 PROTO=TCP SPT=39047 DPT=5995 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:47:00 server83 aibolit_wrapper[9437]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654207586882.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626654207588186.txt --log=/tmp/malware_cleaner_log_17626654207589448.txt --progress=/tmp/malware_cleaner_progress_17626654207589082.json --csv_result=/tmp/revisium_csvfile_17626654207589250.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:47:01 server83 systemd: Started Session 310640 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310641 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310642 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310643 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310644 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310645 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310646 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310647 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310648 of user root. Nov 9 10:47:01 server83 systemd: Started Session 310649 of user root. Nov 9 10:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21094 DF PROTO=TCP SPT=40572 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 10:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.172 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52270 DPT=9800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:47:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3691 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:05 server83 aibolit_wrapper[9629]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654249877986.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626654249879790.txt --log=/tmp/malware_cleaner_log_17626654249881804.txt --progress=/tmp/malware_cleaner_progress_17626654249881212.json --csv_result=/tmp/revisium_csvfile_17626654249881444.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:47:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27359 SEQ=1 Nov 9 10:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23901 SEQ=1 Nov 9 10:47:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41847 SEQ=1 Nov 9 10:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55511 SEQ=1 Nov 9 10:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12085 SEQ=1 Nov 9 10:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12085 SEQ=1 Nov 9 10:47:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3683 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35695 SEQ=1 Nov 9 10:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44518 SEQ=1 Nov 9 10:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28679 SEQ=1 Nov 9 10:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28679 SEQ=1 Nov 9 10:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44518 SEQ=1 Nov 9 10:47:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38719 SEQ=1 Nov 9 10:47:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27051 PROTO=TCP SPT=53907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27052 PROTO=TCP SPT=53907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.189.100.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=1016 PROTO=TCP SPT=58239 DPT=9200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=800 PROTO=TCP SPT=39806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=27053 PROTO=TCP SPT=53907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:29 server83 aibolit_wrapper[10144]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654491495010.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626654491496666.txt --log=/tmp/malware_cleaner_log_17626654491498528.txt --progress=/tmp/malware_cleaner_progress_17626654491498120.json --csv_result=/tmp/revisium_csvfile_17626654491498308.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:47:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=801 PROTO=TCP SPT=39806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=802 PROTO=TCP SPT=39806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=804 PROTO=TCP SPT=39806 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57180 SEQ=1 Nov 9 10:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19141 SEQ=1 Nov 9 10:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44598 SEQ=1 Nov 9 10:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44598 SEQ=1 Nov 9 10:47:34 server83 aibolit_wrapper[10636]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654544211360.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626654544212678.txt --log=/tmp/malware_cleaner_log_17626654544214108.txt --progress=/tmp/malware_cleaner_progress_17626654544213750.json --csv_result=/tmp/revisium_csvfile_17626654544213908.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:47:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27902 PROTO=TCP SPT=57143 DPT=8621 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.162 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=36596 PROTO=TCP SPT=56016 DPT=6002 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36448 SEQ=1 Nov 9 10:47:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=26371 PROTO=TCP SPT=56506 DPT=3390 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48330 SEQ=1 Nov 9 10:47:40 server83 aibolit_wrapper[10918]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654601376664.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626654601379706.txt --progress=/tmp/malware_cleaner_progress_17626654601379242.json --csv_result=/tmp/revisium_csvfile_17626654601379458.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:47:45 server83 aibolit_wrapper[11143]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654655043420.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626654655046908.txt --progress=/tmp/malware_cleaner_progress_17626654655046380.json --csv_result=/tmp/revisium_csvfile_17626654655046630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:47:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3910 PROTO=TCP SPT=46370 DPT=1089 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:47:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.request: ProactiveModel.Host should not be empty Nov 9 10:47:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:47:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.class: ProactiveModel.Host should not be empty Nov 9 10:47:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:47:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=43511 PROTO=TCP SPT=45245 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:47:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21841 SEQ=1 Nov 9 10:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24428 SEQ=1 Nov 9 10:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38689 SEQ=1 Nov 9 10:47:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21841 SEQ=1 Nov 9 10:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52883 SEQ=1 Nov 9 10:47:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:48:01 server83 aibolit_wrapper[11575]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654810940898.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626654810942100.txt --log=/tmp/malware_cleaner_log_17626654810943368.txt --progress=/tmp/malware_cleaner_progress_17626654810942958.json --csv_result=/tmp/revisium_csvfile_17626654810943198.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 systemd: Started Session 310652 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310650 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310653 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310655 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310656 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310654 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310657 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310658 of user root. Nov 9 10:48:01 server83 systemd: Started Session 310651 of user root. Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58608 SEQ=1 Nov 9 10:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58608 SEQ=1 Nov 9 10:48:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25115 SEQ=1 Nov 9 10:48:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.170 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50406 DPT=6080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44544 SEQ=1 Nov 9 10:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54970 SEQ=1 Nov 9 10:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37442 SEQ=1 Nov 9 10:48:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.3.140.22 DST=145.239.177.179 LEN=1007 TOS=0x08 PREC=0x20 TTL=43 ID=29925 DF PROTO=UDP SPT=23299 DPT=5060 LEN=987 Nov 9 10:48:18 server83 aibolit_wrapper[12069]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626654986966440.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626654986968976.txt --progress=/tmp/malware_cleaner_progress_17626654986968668.json --csv_result=/tmp/revisium_csvfile_17626654986968796.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23238 SEQ=1 Nov 9 10:48:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23238 SEQ=1 Nov 9 10:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 10:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 10:48:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19408 SEQ=1 Nov 9 10:48:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=26564 PROTO=TCP SPT=55975 DPT=7600 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:48:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59051 SEQ=1 Nov 9 10:48:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59051 SEQ=1 Nov 9 10:48:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.255 DST=51.210.113.204 LEN=78 TOS=0x00 PREC=0x00 TTL=34 ID=23871 PROTO=UDP SPT=17750 DPT=30504 LEN=58 Nov 9 10:48:26 server83 aibolit_wrapper[12220]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655063904252.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655063906000.txt --log=/tmp/malware_cleaner_log_17626655063907482.txt --progress=/tmp/malware_cleaner_progress_17626655063907082.json --csv_result=/tmp/revisium_csvfile_17626655063907258.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:48:30 server83 aibolit_wrapper[12285]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655105704734.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655105705754.txt --log=/tmp/malware_cleaner_log_17626655105706930.txt --progress=/tmp/malware_cleaner_progress_17626655105706632.json --csv_result=/tmp/revisium_csvfile_17626655105706772.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:48:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=60401 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:48:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15047 SEQ=1 Nov 9 10:48:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15047 SEQ=1 Nov 9 10:48:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24596 SEQ=1 Nov 9 10:48:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64997 SEQ=1 Nov 9 10:48:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56690 DPT=6080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63136 SEQ=1 Nov 9 10:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63136 SEQ=1 Nov 9 10:48:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.21 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55289 DPT=3120 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:48:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:48:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3690 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:48:39 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:48:39 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:48:39 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:48:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 10:48:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.sys: ProactiveModel.Host should not be empty Nov 9 10:48:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:48:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.206 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55468 DPT=9092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:48:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25272 SEQ=1 Nov 9 10:48:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64754 SEQ=1 Nov 9 10:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29451 SEQ=1 Nov 9 10:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49638 SEQ=1 Nov 9 10:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46879 SEQ=1 Nov 9 10:48:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:48:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:48:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.156 DST=51.210.113.204 LEN=75 TOS=0x00 PREC=0x00 TTL=35 ID=58508 PROTO=UDP SPT=24617 DPT=427 LEN=55 Nov 9 10:48:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=69.164.205.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=24788 PROTO=TCP SPT=44165 DPT=5984 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:48:55 server83 aibolit_wrapper[12887]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655357147434.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655357148482.txt --log=/tmp/malware_cleaner_log_17626655357149556.txt --progress=/tmp/malware_cleaner_progress_17626655357149320.json --csv_result=/tmp/revisium_csvfile_17626655357149424.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4950] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4954] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4955] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4958] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4968] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4971] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:48:59 server83 NetworkManager[922]: <info> [1762665539.4985] dhcp4 (eth1): dhclient started with pid 12979 Nov 9 10:48:59 server83 dhclient[12979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x782c4b57) Nov 9 10:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:49:01 server83 systemd: Started Session 310660 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310659 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310661 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310662 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310663 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310665 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310666 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310664 of user root. Nov 9 10:49:01 server83 systemd: Started Session 310667 of user root. Nov 9 10:49:01 server83 aibolit_wrapper[13122]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655413264608.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655413265424.txt --log=/tmp/malware_cleaner_log_17626655413266218.txt --progress=/tmp/malware_cleaner_progress_17626655413266012.json --csv_result=/tmp/revisium_csvfile_17626655413266112.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:03 server83 scripts.sh: Sun Nov 9 10:49:03 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:49:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=55463 PROTO=TCP SPT=45542 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:49:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13046 DF PROTO=TCP SPT=52196 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13047 DF PROTO=TCP SPT=52196 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=57576 PROTO=TCP SPT=45542 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:49:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=40 PROTO=TCP SPT=45542 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:49:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3688 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:49:07 server83 aibolit_wrapper[13383]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655475492966.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626655475495706.txt --progress=/tmp/malware_cleaner_progress_17626655475495356.json --csv_result=/tmp/revisium_csvfile_17626655475495508.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:07 server83 dhclient[12979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x782c4b57) Nov 9 10:49:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31396 SEQ=1 Nov 9 10:49:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15638 SEQ=1 Nov 9 10:49:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13048 DF PROTO=TCP SPT=52196 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34821 SEQ=1 Nov 9 10:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20456 SEQ=1 Nov 9 10:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4353 SEQ=1 Nov 9 10:49:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13049 DF PROTO=TCP SPT=52196 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:13 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:49:13 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:49:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=45422 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:49:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13050 DF PROTO=TCP SPT=52196 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8065 SEQ=1 Nov 9 10:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8853 SEQ=1 Nov 9 10:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15047 SEQ=1 Nov 9 10:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19431 SEQ=1 Nov 9 10:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46741 SEQ=1 Nov 9 10:49:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13255 SEQ=1 Nov 9 10:49:24 server83 dhclient[12979]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x782c4b57) Nov 9 10:49:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.173.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34761 DPT=1234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:49:28 server83 aibolit_wrapper[13922]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655681261832.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655681263616.txt --log=/tmp/malware_cleaner_log_17626655681265444.txt --progress=/tmp/malware_cleaner_progress_17626655681264828.json --csv_result=/tmp/revisium_csvfile_17626655681265070.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=65248 PROTO=TCP SPT=35529 DPT=5429 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:49:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.40 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54365 DPT=18778 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:49:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=21448 DF PROTO=TCP SPT=33231 DPT=1337 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:49:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58005 SEQ=1 Nov 9 10:49:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38758 PROTO=TCP SPT=60585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38759 PROTO=TCP SPT=60585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21781 SEQ=1 Nov 9 10:49:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33236 PROTO=TCP SPT=46370 DPT=2180 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63623 SEQ=1 Nov 9 10:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38227 SEQ=1 Nov 9 10:49:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=529 PROTO=TCP SPT=33194 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62994 SEQ=1 Nov 9 10:49:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:49:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38760 PROTO=TCP SPT=60585 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18030 SEQ=1 Nov 9 10:49:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30542 PROTO=TCP SPT=39850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27305 SEQ=1 Nov 9 10:49:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=531 PROTO=TCP SPT=33194 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=533 PROTO=TCP SPT=33194 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=62042 PROTO=TCP SPT=48154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:49:44 server83 aibolit_wrapper[14309]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655843128104.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655843129540.txt --log=/tmp/malware_cleaner_log_17626655843130924.txt --progress=/tmp/malware_cleaner_progress_17626655843130536.json --csv_result=/tmp/revisium_csvfile_17626655843130706.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:44 server83 NetworkManager[922]: <warn> [1762665584.4504] dhcp4 (eth1): request timed out Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12979 Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4584] dhcp4 (eth1): state changed timeout -> done Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:49:44 server83 NetworkManager[922]: <warn> [1762665584.4592] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4595] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4629] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4633] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4634] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4638] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4649] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4652] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:49:44 server83 NetworkManager[922]: <info> [1762665584.4665] dhcp4 (eth1): dhclient started with pid 14323 Nov 9 10:49:44 server83 dhclient[14323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x33fa5a8) Nov 9 10:49:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:49:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13053 DF PROTO=TCP SPT=53093 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:49:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:49:48 server83 aibolit_wrapper[14475]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655884639756.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655884641146.txt --log=/tmp/malware_cleaner_log_17626655884642704.txt --progress=/tmp/malware_cleaner_progress_17626655884642292.json --csv_result=/tmp/revisium_csvfile_17626655884642492.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:49 server83 dhclient[14323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x33fa5a8) Nov 9 10:49:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13055 DF PROTO=TCP SPT=53093 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13054 DF PROTO=TCP SPT=53286 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.48 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54990 DPT=48357 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:49:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13056 DF PROTO=TCP SPT=53286 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49076 SEQ=1 Nov 9 10:49:52 server83 aibolit_wrapper[14570]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655926523292.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626655926525216.txt --progress=/tmp/malware_cleaner_progress_17626655926525006.json --csv_result=/tmp/revisium_csvfile_17626655926525112.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.97 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=37816 DF PROTO=TCP SPT=30121 DPT=8020 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13057 DF PROTO=TCP SPT=53286 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.136 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=109 ID=31614 DF PROTO=ICMP TYPE=8 CODE=0 ID=65224 SEQ=52623 Nov 9 10:49:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13058 DF PROTO=TCP SPT=53286 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:58 server83 aibolit_wrapper[14709]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626655981021702.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626655981022822.txt --log=/tmp/malware_cleaner_log_17626655981024136.txt --progress=/tmp/malware_cleaner_progress_17626655981023778.json --csv_result=/tmp/revisium_csvfile_17626655981023964.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:49:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13059 DF PROTO=TCP SPT=53093 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:49:58 server83 dhclient[14323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x33fa5a8) Nov 9 10:50:01 server83 systemd: Started Session 310669 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310668 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310670 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310672 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310671 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310674 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310673 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310676 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310677 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310675 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310679 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310680 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310682 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310681 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310685 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310686 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310684 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310683 of user root. Nov 9 10:50:01 server83 systemd: Started Session 310678 of user root. Nov 9 10:50:02 server83 aibolit_wrapper[14949]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656023731058.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656023732396.txt --log=/tmp/malware_cleaner_log_17626656023733786.txt --progress=/tmp/malware_cleaner_progress_17626656023733442.json --csv_result=/tmp/revisium_csvfile_17626656023733604.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40342 PROTO=TCP SPT=46370 DPT=1394 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29266 PROTO=TCP SPT=41829 DPT=6379 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13060 DF PROTO=TCP SPT=53286 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:50:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50211 PROTO=TCP SPT=55791 DPT=4565 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13491 SEQ=1 Nov 9 10:50:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28456 SEQ=1 Nov 9 10:50:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13491 SEQ=1 Nov 9 10:50:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.199 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51217 DPT=47506 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58067 DPT=1 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6822 SEQ=1 Nov 9 10:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24463 SEQ=1 Nov 9 10:50:08 server83 aibolit_wrapper[15093]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656081167266.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656081168678.txt --log=/tmp/malware_cleaner_log_17626656081170134.txt --progress=/tmp/malware_cleaner_progress_17626656081169770.json --csv_result=/tmp/revisium_csvfile_17626656081169946.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:08 server83 dhclient[14323]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x33fa5a8) Nov 9 10:50:12 server83 aibolit_wrapper[15173]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656121763168.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656121764496.txt --log=/tmp/malware_cleaner_log_17626656121765804.txt --progress=/tmp/malware_cleaner_progress_17626656121765466.json --csv_result=/tmp/revisium_csvfile_17626656121765614.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.187.179.75 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=12529 DF PROTO=TCP SPT=7375 DPT=902 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 10:50:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.194.188 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=12135 PROTO=TCP SPT=43730 DPT=1962 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:17 server83 aibolit_wrapper[15320]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656179717720.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656179719192.txt --log=/tmp/malware_cleaner_log_17626656179721044.txt --progress=/tmp/malware_cleaner_progress_17626656179720516.json --csv_result=/tmp/revisium_csvfile_17626656179720738.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.9 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=32428 DF PROTO=TCP SPT=370 DPT=8245 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:50:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.141.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=4105 DF PROTO=TCP SPT=45819 DPT=3441 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45909 SEQ=1 Nov 9 10:50:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=60317 PROTO=TCP SPT=59403 DPT=13893 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39313 SEQ=1 Nov 9 10:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10190 SEQ=1 Nov 9 10:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19691 SEQ=1 Nov 9 10:50:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43671 PROTO=TCP SPT=33239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9629 PROTO=TCP SPT=35027 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:23 server83 aibolit_wrapper[15494]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656233778164.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656233779500.txt --log=/tmp/malware_cleaner_log_17626656233780904.txt --progress=/tmp/malware_cleaner_progress_17626656233780522.json --csv_result=/tmp/revisium_csvfile_17626656233780692.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59231 SEQ=1 Nov 9 10:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4706 SEQ=1 Nov 9 10:50:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9630 PROTO=TCP SPT=35027 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43672 PROTO=TCP SPT=33239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59397 PROTO=TCP SPT=60314 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59399 PROTO=TCP SPT=60314 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:29 server83 aibolit_wrapper[15667]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656291211820.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656291213358.txt --log=/tmp/malware_cleaner_log_17626656291215530.txt --progress=/tmp/malware_cleaner_progress_17626656291214966.json --csv_result=/tmp/revisium_csvfile_17626656291215250.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:29 server83 PAM-hulk[15605]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 10:50:29 server83 NetworkManager[922]: <warn> [1762665629.4409] dhcp4 (eth1): request timed out Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4409] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4569] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 14323 Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4569] dhcp4 (eth1): state changed timeout -> done Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4571] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:50:29 server83 NetworkManager[922]: <warn> [1762665629.4576] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4578] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4611] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4616] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4617] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4621] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4631] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4634] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:50:29 server83 NetworkManager[922]: <info> [1762665629.4648] dhcp4 (eth1): dhclient started with pid 15684 Nov 9 10:50:29 server83 dhclient[15684]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x4bd438d2) Nov 9 10:50:33 server83 dhclient[15684]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4bd438d2) Nov 9 10:50:33 server83 aibolit_wrapper[15814]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656333606798.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626656333609282.txt --progress=/tmp/malware_cleaner_progress_17626656333609006.json --csv_result=/tmp/revisium_csvfile_17626656333609140.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:50:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26368 PROTO=TCP SPT=49399 DPT=9848 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3682 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33442 SEQ=1 Nov 9 10:50:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33442 SEQ=1 Nov 9 10:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1987 SEQ=1 Nov 9 10:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3333 SEQ=1 Nov 9 10:50:38 server83 aibolit_wrapper[16056]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656386011962.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656386013636.txt --log=/tmp/malware_cleaner_log_17626656386015540.txt --progress=/tmp/malware_cleaner_progress_17626656386015062.json --csv_result=/tmp/revisium_csvfile_17626656386015300.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9920 SEQ=1 Nov 9 10:50:40 server83 dhclient[15684]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x4bd438d2) Nov 9 10:50:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43069 PROTO=TCP SPT=63794 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43070 PROTO=TCP SPT=63794 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45930 PROTO=TCP SPT=49956 DPT=25024 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46776 PROTO=TCP SPT=38723 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43071 PROTO=TCP SPT=63794 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46777 PROTO=TCP SPT=38723 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46778 PROTO=TCP SPT=38723 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:50:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=46780 PROTO=TCP SPT=38723 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:50:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=46011 DPT=5991 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63092 PROTO=TCP SPT=45727 DPT=30448 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:50:48 server83 aibolit_wrapper[16369]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656481932456.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626656481935112.txt --progress=/tmp/malware_cleaner_progress_17626656481934790.json --csv_result=/tmp/revisium_csvfile_17626656481934926.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4729 PROTO=TCP SPT=47080 DPT=6294 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:50:50 server83 dhclient[15684]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x4bd438d2) Nov 9 10:50:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32790 SEQ=1 Nov 9 10:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=10494 DF PROTO=ICMP TYPE=8 CODE=0 ID=37859 SEQ=59506 Nov 9 10:50:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.84.83.221 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=18881 DF PROTO=TCP SPT=49746 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22626 SEQ=1 Nov 9 10:50:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63760 SEQ=1 Nov 9 10:50:54 server83 aibolit_wrapper[16559]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656547698086.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656547699752.txt --log=/tmp/malware_cleaner_log_17626656547701466.txt --progress=/tmp/malware_cleaner_progress_17626656547700920.json --csv_result=/tmp/revisium_csvfile_17626656547701164.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:50:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.84.83.221 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=18884 DF PROTO=TCP SPT=49746 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 10:51:00 server83 aibolit_wrapper[16663]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656602044304.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656602045958.txt --log=/tmp/malware_cleaner_log_17626656602047506.txt --progress=/tmp/malware_cleaner_progress_17626656602047074.json --csv_result=/tmp/revisium_csvfile_17626656602047244.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:51:01 server83 systemd: Started Session 310687 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310688 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310689 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310690 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310691 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310692 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310693 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310695 of user root. Nov 9 10:51:01 server83 systemd: Started Session 310694 of user root. Nov 9 10:51:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30236 SEQ=1 Nov 9 10:51:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25169 SEQ=1 Nov 9 10:51:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.84.83.221 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18885 DF PROTO=TCP SPT=49746 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 10:51:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64657 SEQ=1 Nov 9 10:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28127 SEQ=1 Nov 9 10:51:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.223 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54750 DPT=43676 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51533 SEQ=1 Nov 9 10:51:06 server83 dhclient[15684]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x4bd438d2) Nov 9 10:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30236 SEQ=1 Nov 9 10:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25169 SEQ=1 Nov 9 10:51:11 server83 systemd: Started Session c2869 of user root. Nov 9 10:51:11 server83 pam_imunify_daemon.bin: time="2025-11-09T10:51:11+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 10:51:11 server83 scripts.sh: Load Average: 2.08 , 2.32 Nov 9 10:51:11 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 10:51:11 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 10:51:11 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 10:51:11 server83 scripts.sh: HTTPD Status: inactive Nov 9 10:51:11 server83 scripts.sh: MySQL Status: active Nov 9 10:51:11 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 10:51:11 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 10:51:11 server83 scripts.sh: SSHD Status: active Nov 9 10:51:11 server83 scripts.sh: FTP Status: active Nov 9 10:51:11 server83 scripts.sh: LiteSpeed Status: Active Nov 9 10:51:11 server83 scripts.sh: Imunify Status: Active Nov 9 10:51:11 server83 scripts.sh: cPanel Status: active Nov 9 10:51:11 server83 scripts.sh: Memory Status: 12/31 GB - 38.98% Nov 9 10:51:11 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 10:51:11 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 10:51:11 server83 scripts.sh: Local Version: 4.4.5 Nov 9 10:51:14 server83 NetworkManager[922]: <warn> [1762665674.4383] dhcp4 (eth1): request timed out Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4462] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15684 Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4463] dhcp4 (eth1): state changed timeout -> done Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4465] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:51:14 server83 NetworkManager[922]: <warn> [1762665674.4469] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4471] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4503] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4507] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4508] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4513] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4523] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4527] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:51:14 server83 NetworkManager[922]: <info> [1762665674.4539] dhcp4 (eth1): dhclient started with pid 17029 Nov 9 10:51:14 server83 dhclient[17029]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x3a931d78) Nov 9 10:51:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=41062 DPT=5992 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:51:17 server83 dhclient[17029]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x3a931d78) Nov 9 10:51:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27255 SEQ=1 Nov 9 10:51:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25336 SEQ=1 Nov 9 10:51:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46061 SEQ=1 Nov 9 10:51:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19363 SEQ=1 Nov 9 10:51:20 server83 aibolit_wrapper[17117]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656803784124.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656803785734.txt --log=/tmp/malware_cleaner_log_17626656803787186.txt --progress=/tmp/malware_cleaner_progress_17626656803786776.json --csv_result=/tmp/revisium_csvfile_17626656803786954.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:51:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.26.39.231 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=7045 DF PROTO=TCP SPT=37576 DPT=3768 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:51:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.151 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51427 DPT=48221 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:51:21 server83 dhclient[17029]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3a931d78) Nov 9 10:51:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.141 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=44813 PROTO=TCP SPT=51115 DPT=1801 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27255 SEQ=1 Nov 9 10:51:25 server83 aibolit_wrapper[17203]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626656856200306.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626656856201754.txt --log=/tmp/malware_cleaner_log_17626656856203620.txt --progress=/tmp/malware_cleaner_progress_17626656856203136.json --csv_result=/tmp/revisium_csvfile_17626656856203382.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:51:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3681 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:51:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.241 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2624 DF PROTO=TCP SPT=38631 DPT=5683 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:51:28 server83 dhclient[17029]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3a931d78) Nov 9 10:51:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40858 SEQ=1 Nov 9 10:51:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5018 SEQ=1 Nov 9 10:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36230 SEQ=1 Nov 9 10:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10635 SEQ=1 Nov 9 10:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1408 SEQ=1 Nov 9 10:51:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31183 PROTO=TCP SPT=57143 DPT=8616 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:51:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10635 SEQ=1 Nov 9 10:51:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:51:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=13423 DF PROTO=ICMP TYPE=8 CODE=0 ID=32781 SEQ=24192 Nov 9 10:51:37 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5018 SEQ=1 Nov 9 10:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2715 SEQ=1 Nov 9 10:51:40 server83 aibolit_wrapper[17522]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657001477452.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657001478934.txt --log=/tmp/malware_cleaner_log_17626657001480182.txt --progress=/tmp/malware_cleaner_progress_17626657001479834.json --csv_result=/tmp/revisium_csvfile_17626657001479972.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:51:42 server83 dhclient[17029]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x3a931d78) Nov 9 10:51:45 server83 aibolit_wrapper[17670]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657053966036.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657053967526.txt --log=/tmp/malware_cleaner_log_17626657053968568.txt --progress=/tmp/malware_cleaner_progress_17626657053968316.json --csv_result=/tmp/revisium_csvfile_17626657053968428.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:51:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 10:51:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.requests: ProactiveModel.Host should not be empty Nov 9 10:51:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.locked: ProactiveModel.Host should not be empty Nov 9 10:51:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:51:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19750 SEQ=1 Nov 9 10:51:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32607 SEQ=1 Nov 9 10:51:49 server83 aibolit_wrapper[17840]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657095271000.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657095271762.txt --log=/tmp/malware_cleaner_log_17626657095272450.txt --progress=/tmp/malware_cleaner_progress_17626657095272274.json --csv_result=/tmp/revisium_csvfile_17626657095272356.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:51:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59835 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59697 SEQ=1 Nov 9 10:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17257 SEQ=1 Nov 9 10:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=1292 DF PROTO=ICMP TYPE=8 CODE=0 ID=13655 SEQ=26013 Nov 9 10:51:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.180.138 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=46 ID=0 DF PROTO=TCP SPT=45437 DPT=3443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6498 SEQ=1 Nov 9 10:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16128 PROTO=TCP SPT=39182 DPT=8467 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:51:54 server83 dhclient[17029]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3a931d78) Nov 9 10:51:59 server83 NetworkManager[922]: <warn> [1762665719.4503] dhcp4 (eth1): request timed out Nov 9 10:51:59 server83 NetworkManager[922]: <info> [1762665719.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:51:59 server83 NetworkManager[922]: <info> [1762665719.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17029 Nov 9 10:51:59 server83 NetworkManager[922]: <info> [1762665719.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 10:51:59 server83 NetworkManager[922]: <info> [1762665719.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:51:59 server83 NetworkManager[922]: <warn> [1762665719.4589] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:51:59 server83 NetworkManager[922]: <info> [1762665719.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:51:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.66.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=8233 PROTO=TCP SPT=45661 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:52:01 server83 systemd: Started Session 310696 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310698 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310701 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310700 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310699 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310697 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310702 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310703 of user root. Nov 9 10:52:01 server83 systemd: Started Session 310704 of user root. Nov 9 10:52:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=38304 DPT=5993 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53908 PROTO=TCP SPT=49956 DPT=26774 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:52:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35705 SEQ=1 Nov 9 10:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51514 SEQ=1 Nov 9 10:52:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16130 SEQ=1 Nov 9 10:52:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29109 SEQ=1 Nov 9 10:52:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35705 SEQ=1 Nov 9 10:52:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26199 PROTO=TCP SPT=42061 DPT=7921 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.8.58.33 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=1024 DF PROTO=ICMP TYPE=8 CODE=0 ID=17897 SEQ=43383 Nov 9 10:52:08 server83 aibolit_wrapper[18406]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657287299538.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657287301024.txt --log=/tmp/malware_cleaner_log_17626657287302274.txt --progress=/tmp/malware_cleaner_progress_17626657287301918.json --csv_result=/tmp/revisium_csvfile_17626657287302068.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:52:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=116.202.106.0 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=49233 DF PROTO=ICMP TYPE=8 CODE=0 ID=40706 SEQ=32556 Nov 9 10:52:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.252 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=17135 PROTO=TCP SPT=52487 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:52:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59193 PROTO=TCP SPT=60229 DPT=4784 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:14 server83 aibolit_wrapper[18539]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657346881736.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626657346883606.txt --progress=/tmp/malware_cleaner_progress_17626657346883366.json --csv_result=/tmp/revisium_csvfile_17626657346883498.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:52:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=27272 PROTO=TCP SPT=56114 DPT=7821 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:52:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.225 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=2111 DF PROTO=TCP SPT=33768 DPT=5007 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:52:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29996 PROTO=TCP SPT=57389 DPT=5353 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2208 PROTO=TCP SPT=34170 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9732 SEQ=1 Nov 9 10:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9732 SEQ=1 Nov 9 10:52:19 server83 aibolit_wrapper[18650]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657399781676.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657399782472.txt --log=/tmp/malware_cleaner_log_17626657399783308.txt --progress=/tmp/malware_cleaner_progress_17626657399783074.json --csv_result=/tmp/revisium_csvfile_17626657399783202.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:52:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2209 PROTO=TCP SPT=34170 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:52:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=41386 DPT=5994 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25007 PROTO=TCP SPT=33966 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:52:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2210 PROTO=TCP SPT=34170 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57232 SEQ=1 Nov 9 10:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48136 SEQ=1 Nov 9 10:52:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=17279 DF PROTO=ICMP TYPE=8 CODE=0 ID=44014 SEQ=51857 Nov 9 10:52:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25009 PROTO=TCP SPT=33966 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:52:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25011 PROTO=TCP SPT=33966 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:52:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30815 PROTO=TCP SPT=49956 DPT=25119 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:52:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=56368 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17807 SEQ=1 Nov 9 10:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25407 SEQ=1 Nov 9 10:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8311 SEQ=1 Nov 9 10:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61873 SEQ=1 Nov 9 10:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61873 SEQ=1 Nov 9 10:52:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:52:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=61124 PROTO=TCP SPT=56033 DPT=7710 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:52:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.84.60 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=6577 PROTO=TCP SPT=58585 DPT=8099 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:36 server83 aibolit_wrapper[19070]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657562864720.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657562867332.txt --log=/tmp/malware_cleaner_log_17626657562869412.txt --progress=/tmp/malware_cleaner_progress_17626657562868944.json --csv_result=/tmp/revisium_csvfile_17626657562869146.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61852 SEQ=1 Nov 9 10:52:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:52:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.139.107 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36720 DPT=7047 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.205 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53145 DPT=49060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18241 SEQ=1 Nov 9 10:52:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=5868 PROTO=TCP SPT=56256 DPT=8014 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:52:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=21065 PROTO=TCP SPT=56765 DPT=8315 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:52:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.rindex: ProactiveModel.Host should not be empty Nov 9 10:52:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:52:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.classes: ProactiveModel.Host should not be empty Nov 9 10:52:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:52:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25716 PROTO=TCP SPT=33627 DPT=6075 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:52:52 server83 aibolit_wrapper[19485]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657726310456.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657726311764.txt --log=/tmp/malware_cleaner_log_17626657726312984.txt --progress=/tmp/malware_cleaner_progress_17626657726312670.json --csv_result=/tmp/revisium_csvfile_17626657726312790.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:52:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18674 SEQ=1 Nov 9 10:52:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45758 SEQ=1 Nov 9 10:52:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58214 SEQ=1 Nov 9 10:52:58 server83 aibolit_wrapper[19628]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657788165024.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657788166136.txt --log=/tmp/malware_cleaner_log_17626657788167258.txt --progress=/tmp/malware_cleaner_progress_17626657788166940.json --csv_result=/tmp/revisium_csvfile_17626657788167066.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3680 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=28451 DF PROTO=TCP SPT=35958 DPT=9607 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:53:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34330 SEQ=1 Nov 9 10:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:53:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:53:01 server83 systemd: Started Session 310705 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310708 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310709 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310706 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310710 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310711 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310707 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310712 of user root. Nov 9 10:53:01 server83 systemd: Started Session 310713 of user root. Nov 9 10:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16611 SEQ=1 Nov 9 10:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57259 SEQ=1 Nov 9 10:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39407 SEQ=1 Nov 9 10:53:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=57385 PROTO=TCP SPT=54928 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10266 PROTO=TCP SPT=42055 DPT=4359 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12138 SEQ=1 Nov 9 10:53:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3687 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:16 server83 aibolit_wrapper[20057]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626657959891128.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626657959892436.txt --log=/tmp/malware_cleaner_log_17626657959893956.txt --progress=/tmp/malware_cleaner_progress_17626657959893592.json --csv_result=/tmp/revisium_csvfile_17626657959893720.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:53:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3679 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.54 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55724 DPT=27547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.52 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=58128 PROTO=TCP SPT=49864 DPT=2323 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:21 server83 aibolit_wrapper[20173]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658015857590.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658015858470.txt --log=/tmp/malware_cleaner_log_17626658015859838.txt --progress=/tmp/malware_cleaner_progress_17626658015859542.json --csv_result=/tmp/revisium_csvfile_17626658015859688.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27013 SEQ=1 Nov 9 10:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21023 SEQ=1 Nov 9 10:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21350 SEQ=1 Nov 9 10:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64688 SEQ=1 Nov 9 10:53:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12575 PROTO=TCP SPT=54851 DPT=8866 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56690 PROTO=TCP SPT=58759 DPT=4881 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41291 SEQ=1 Nov 9 10:53:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21350 SEQ=1 Nov 9 10:53:27 server83 aibolit_wrapper[20284]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658076391392.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626658076393240.txt --progress=/tmp/malware_cleaner_progress_17626658076392868.json --csv_result=/tmp/revisium_csvfile_17626658076393064.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:53:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36310 PROTO=TCP SPT=56949 DPT=8522 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:53:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20913 SEQ=1 Nov 9 10:53:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44532 PROTO=TCP SPT=43372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=33938 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44533 PROTO=TCP SPT=43372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=31313 PROTO=TCP SPT=64166 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44534 PROTO=TCP SPT=43372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:37 server83 aibolit_wrapper[20578]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658178944276.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658178945314.txt --log=/tmp/malware_cleaner_log_17626658178946318.txt --progress=/tmp/malware_cleaner_progress_17626658178945976.json --csv_result=/tmp/revisium_csvfile_17626658178946088.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:53:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:53:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44535 PROTO=TCP SPT=43372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15447 SEQ=1 Nov 9 10:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45047 SEQ=1 Nov 9 10:53:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=44536 PROTO=TCP SPT=43372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23252 SEQ=1 Nov 9 10:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33533 SEQ=1 Nov 9 10:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50404 SEQ=1 Nov 9 10:53:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=31317 PROTO=TCP SPT=64166 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:53:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.190.11.60 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=61490 PROTO=UDP SPT=55794 DPT=44731 LEN=520 Nov 9 10:53:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:53:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:53:45 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:53:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.classes: ProactiveModel.Host should not be empty Nov 9 10:53:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:53:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:53:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.39 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43627 DPT=9100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24952 PROTO=TCP SPT=49956 DPT=27594 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10480 PROTO=TCP SPT=55975 DPT=7603 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13061 DF PROTO=TCP SPT=32689 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:53:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14861 PROTO=TCP SPT=61000 DPT=29487 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:53:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13062 DF PROTO=TCP SPT=32689 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:53:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28012 SEQ=1 Nov 9 10:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49020 SEQ=1 Nov 9 10:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36465 SEQ=1 Nov 9 10:53:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=56664 PROTO=TCP SPT=39340 DPT=40796 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28012 SEQ=1 Nov 9 10:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31857 PROTO=TCP SPT=39209 DPT=9173 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13063 DF PROTO=TCP SPT=32689 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:53:58 server83 aibolit_wrapper[21192]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658380773564.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658380775326.txt --log=/tmp/malware_cleaner_log_17626658380777118.txt --progress=/tmp/malware_cleaner_progress_17626658380776544.json --csv_result=/tmp/revisium_csvfile_17626658380776790.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:53:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13064 DF PROTO=TCP SPT=32689 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:54:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.37 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49817 DPT=8887 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:54:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:54:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:54:01 server83 systemd: Started Session 310714 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310715 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310716 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310717 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310720 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310719 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310721 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310718 of user root. Nov 9 10:54:01 server83 systemd: Started Session 310722 of user root. Nov 9 10:54:02 server83 aibolit_wrapper[21402]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658423816028.txt --input-fn-b64-encoded --username=bangkokhotelmass --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658423817478.txt --log=/tmp/malware_cleaner_log_17626658423819210.txt --progress=/tmp/malware_cleaner_progress_17626658423818768.json --csv_result=/tmp/revisium_csvfile_17626658423818994.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21152 SEQ=1 Nov 9 10:54:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3686 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:54:06 server83 aibolit_wrapper[21542]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658463380802.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658463381608.txt --log=/tmp/malware_cleaner_log_17626658463382630.txt --progress=/tmp/malware_cleaner_progress_17626658463382284.json --csv_result=/tmp/revisium_csvfile_17626658463382422.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10550 SEQ=1 Nov 9 10:54:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13065 DF PROTO=TCP SPT=32689 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25640 SEQ=1 Nov 9 10:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=350 SEQ=1 Nov 9 10:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50823 SEQ=1 Nov 9 10:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37076 SEQ=1 Nov 9 10:54:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35156 SEQ=1 Nov 9 10:54:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3685 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:54:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43610 PROTO=TCP SPT=56038 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43611 PROTO=TCP SPT=56038 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:14 server83 aibolit_wrapper[21793]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658545245542.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658545246940.txt --log=/tmp/malware_cleaner_log_17626658545248148.txt --progress=/tmp/malware_cleaner_progress_17626658545247826.json --csv_result=/tmp/revisium_csvfile_17626658545247952.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29150 PROTO=TCP SPT=38089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43612 PROTO=TCP SPT=56038 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29151 PROTO=TCP SPT=38089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.208 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43613 PROTO=TCP SPT=56038 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61235 SEQ=1 Nov 9 10:54:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29153 PROTO=TCP SPT=38089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20390 SEQ=1 Nov 9 10:54:18 server83 aibolit_wrapper[21962]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658587736294.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658587737362.txt --log=/tmp/malware_cleaner_log_17626658587738668.txt --progress=/tmp/malware_cleaner_progress_17626658587738220.json --csv_result=/tmp/revisium_csvfile_17626658587738424.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61235 SEQ=1 Nov 9 10:54:19 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 10:54:19 server83 systemd: Stopped Status Update Service. Nov 9 10:54:19 server83 systemd: Started Status Update Service. Nov 9 10:54:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.18 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=64167 PROTO=TCP SPT=26200 DPT=18239 WINDOW=51562 RES=0x00 SYN URGP=0 Nov 9 10:54:22 server83 aibolit_wrapper[22079]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658629297908.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658629299226.txt --log=/tmp/malware_cleaner_log_17626658629300622.txt --progress=/tmp/malware_cleaner_progress_17626658629300256.json --csv_result=/tmp/revisium_csvfile_17626658629300410.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:54:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.31 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=11486 PROTO=TCP SPT=37723 DPT=7547 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61268 SEQ=1 Nov 9 10:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17651 SEQ=1 Nov 9 10:54:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.163 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=44503 DPT=9100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46590 SEQ=1 Nov 9 10:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32023 SEQ=1 Nov 9 10:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=450 SEQ=1 Nov 9 10:54:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54495 SEQ=1 Nov 9 10:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=53714 DF PROTO=ICMP TYPE=8 CODE=0 ID=56589 SEQ=14442 Nov 9 10:54:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6766 SEQ=1 Nov 9 10:54:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=450 SEQ=1 Nov 9 10:54:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38692 SEQ=1 Nov 9 10:54:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:54:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24528 PROTO=TCP SPT=44350 DPT=9371 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:54:41 server83 aibolit_wrapper[22666]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658814662464.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658814663476.txt --log=/tmp/malware_cleaner_log_17626658814664290.txt --progress=/tmp/malware_cleaner_progress_17626658814664068.json --csv_result=/tmp/revisium_csvfile_17626658814664164.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:54:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:54:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:54:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.created: ProactiveModel.Host should not be empty Nov 9 10:54:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:54:47 server83 aibolit_wrapper[22870]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626658870230240.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626658870231058.txt --log=/tmp/malware_cleaner_log_17626658870231950.txt --progress=/tmp/malware_cleaner_progress_17626658870231716.json --csv_result=/tmp/revisium_csvfile_17626658870231832.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:54:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.151 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=24535 PROTO=TCP SPT=49571 DPT=33679 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29553 SEQ=1 Nov 9 10:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52326 SEQ=1 Nov 9 10:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2298 SEQ=1 Nov 9 10:54:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3684 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:54:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12553 SEQ=1 Nov 9 10:54:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=22817 DF PROTO=TCP SPT=59048 DPT=8231 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:54:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2507 DF PROTO=TCP SPT=59060 DPT=8231 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:54:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2508 DF PROTO=TCP SPT=59060 DPT=8231 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:54:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63727 DF PROTO=TCP SPT=59088 DPT=8231 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:54:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35186 PROTO=TCP SPT=57312 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:54:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.183 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63728 DF PROTO=TCP SPT=59088 DPT=8231 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:55:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=26699 PROTO=TCP SPT=44434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:55:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:55:01 server83 systemd: Started Session 310723 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310726 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310724 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310727 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310725 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310731 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310729 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310730 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310733 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310734 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310728 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310732 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310735 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310736 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310738 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310737 of user root. Nov 9 10:55:01 server83 systemd: Started Session 310739 of user root. Nov 9 10:55:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=26701 PROTO=TCP SPT=44434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:55:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26529 SEQ=1 Nov 9 10:55:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52238 SEQ=1 Nov 9 10:55:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54751 SEQ=1 Nov 9 10:55:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20081 SEQ=1 Nov 9 10:55:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12541 SEQ=1 Nov 9 10:55:05 server83 aibolit_wrapper[23679]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659052494960.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659052496690.txt --log=/tmp/malware_cleaner_log_17626659052498586.txt --progress=/tmp/malware_cleaner_progress_17626659052498004.json --csv_result=/tmp/revisium_csvfile_17626659052498262.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:55:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.36.97.74 DST=145.239.177.179 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=6659 DF PROTO=TCP SPT=40282 DPT=34567 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:55:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.247.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40953 DPT=5002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:55:11 server83 aibolit_wrapper[23844]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659115675666.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659115676740.txt --log=/tmp/malware_cleaner_log_17626659115677536.txt --progress=/tmp/malware_cleaner_progress_17626659115677300.json --csv_result=/tmp/revisium_csvfile_17626659115677394.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:55:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=12090 PROTO=TCP SPT=57785 DPT=10109 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:55:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.215.0.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47518 PROTO=TCP SPT=60022 DPT=7001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:55:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.129 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=56237 DF PROTO=TCP SPT=59788 DPT=18944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46801 SEQ=1 Nov 9 10:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59494 SEQ=1 Nov 9 10:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10911 SEQ=1 Nov 9 10:55:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.129 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=56238 DF PROTO=TCP SPT=59788 DPT=18944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:55:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.129 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=1953 DF PROTO=TCP SPT=59792 DPT=18944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:55:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.129 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=1954 DF PROTO=TCP SPT=59792 DPT=18944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:55:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.129 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=54273 DF PROTO=TCP SPT=59810 DPT=18944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34385 SEQ=1 Nov 9 10:55:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.129 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=54274 DF PROTO=TCP SPT=59810 DPT=18944 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37644 SEQ=1 Nov 9 10:55:26 server83 aibolit_wrapper[24093]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659260680044.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626659260682314.txt --progress=/tmp/malware_cleaner_progress_17626659260682044.json --csv_result=/tmp/revisium_csvfile_17626659260682166.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:55:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14170 PROTO=TCP SPT=45230 DPT=4468 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:55:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.223.104.85 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38690 DPT=8091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:55:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2586 PROTO=TCP SPT=39651 DPT=9926 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35203 SEQ=1 Nov 9 10:55:31 server83 aibolit_wrapper[24257]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659317266124.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659317267618.txt --log=/tmp/malware_cleaner_log_17626659317269144.txt --progress=/tmp/malware_cleaner_progress_17626659317268732.json --csv_result=/tmp/revisium_csvfile_17626659317268928.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45184 SEQ=1 Nov 9 10:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64383 SEQ=1 Nov 9 10:55:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13066 DF PROTO=TCP SPT=60225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:55:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61418 SEQ=1 Nov 9 10:55:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21221 SEQ=1 Nov 9 10:55:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13067 DF PROTO=TCP SPT=60225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:55:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13068 DF PROTO=TCP SPT=60225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:55:35 server83 aibolit_wrapper[24448]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659357895844.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659357896606.txt --log=/tmp/malware_cleaner_log_17626659357897370.txt --progress=/tmp/malware_cleaner_progress_17626659357897168.json --csv_result=/tmp/revisium_csvfile_17626659357897248.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45221 SEQ=1 Nov 9 10:55:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61418 SEQ=1 Nov 9 10:55:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:55:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13069 DF PROTO=TCP SPT=60225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:55:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:55:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 10:55:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 10:55:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13070 DF PROTO=TCP SPT=60225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:55:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57800 PROTO=TCP SPT=49956 DPT=25741 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:55:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42716 SEQ=1 Nov 9 10:55:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11626 SEQ=1 Nov 9 10:55:56 server83 aibolit_wrapper[24832]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659568812352.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659568814294.txt --log=/tmp/malware_cleaner_log_17626659568820044.txt --progress=/tmp/malware_cleaner_progress_17626659568819542.json --csv_result=/tmp/revisium_csvfile_17626659568819794.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:55:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:56:01 server83 systemd: Started Session 310740 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310741 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310742 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310743 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310744 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310746 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310745 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310748 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310747 of user root. Nov 9 10:56:01 server83 systemd: Started Session 310749 of user root. Nov 9 10:56:02 server83 aibolit_wrapper[25001]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659620359108.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659620360728.txt --log=/tmp/malware_cleaner_log_17626659620362428.txt --progress=/tmp/malware_cleaner_progress_17626659620361958.json --csv_result=/tmp/revisium_csvfile_17626659620362158.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:56:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3822 SEQ=1 Nov 9 10:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=653 DF PROTO=ICMP TYPE=8 CODE=0 ID=31338 SEQ=17479 Nov 9 10:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39116 SEQ=1 Nov 9 10:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1635 PROTO=TCP SPT=44378 DPT=5309 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:56:07 server83 aibolit_wrapper[25145]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659675099530.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626659675101172.txt --progress=/tmp/malware_cleaner_progress_17626659675100954.json --csv_result=/tmp/revisium_csvfile_17626659675101054.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2258 SEQ=1 Nov 9 10:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58557 SEQ=1 Nov 9 10:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4069 SEQ=1 Nov 9 10:56:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.72.9 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2020 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:56:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59846 SEQ=1 Nov 9 10:56:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.210 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=13931 PROTO=TCP SPT=56337 DPT=11110 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:56:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9273 PROTO=TCP SPT=56949 DPT=8505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:56:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60032 PROTO=TCP SPT=64028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.81 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=49968 DF PROTO=TCP SPT=55620 DPT=32796 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60033 PROTO=TCP SPT=64028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.81 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=49969 DF PROTO=TCP SPT=55620 DPT=32796 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:56:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2485 SEQ=1 Nov 9 10:56:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2851 PROTO=TCP SPT=57954 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=20329 DF PROTO=ICMP TYPE=8 CODE=0 ID=34119 SEQ=52210 Nov 9 10:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3796 SEQ=1 Nov 9 10:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19866 SEQ=1 Nov 9 10:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52239 SEQ=1 Nov 9 10:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65090 SEQ=1 Nov 9 10:56:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=59974 PROTO=TCP SPT=45975 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:56:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=34836 PROTO=TCP SPT=45975 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:56:26 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 10:56:27 server83 aibolit_wrapper[25678]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626659877797888.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626659877799464.txt --log=/tmp/malware_cleaner_log_17626659877801016.txt --progress=/tmp/malware_cleaner_progress_17626659877800574.json --csv_result=/tmp/revisium_csvfile_17626659877800756.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:56:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=36082 PROTO=TCP SPT=45975 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:56:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47452 SEQ=1 Nov 9 10:56:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28542 SEQ=1 Nov 9 10:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3379 SEQ=1 Nov 9 10:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50594 SEQ=1 Nov 9 10:56:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26089 PROTO=TCP SPT=49956 DPT=29531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:56:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.105.124 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=55385 DPT=6443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:56:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53532 PROTO=TCP SPT=59811 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:56:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:56:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53533 PROTO=TCP SPT=59811 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:56:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.169.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=49907 PROTO=TCP SPT=51577 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53534 PROTO=TCP SPT=59811 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.169.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=105 ID=49908 PROTO=TCP SPT=51577 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48807 SEQ=1 Nov 9 10:56:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53535 PROTO=TCP SPT=59811 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.169.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=105 ID=49909 PROTO=TCP SPT=51577 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:56:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.169.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=49911 PROTO=TCP SPT=51577 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:56:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:56:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:56:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:56:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.system: ProactiveModel.Host should not be empty Nov 9 10:56:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.sys: ProactiveModel.Host should not be empty Nov 9 10:56:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:56:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.250.138.220 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=16728 DF PROTO=TCP SPT=17752 DPT=47380 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 10:56:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=7393 DF PROTO=ICMP TYPE=8 CODE=0 ID=41866 SEQ=23003 Nov 9 10:56:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.79 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=48791 DF PROTO=TCP SPT=38730 DPT=3388 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 10:56:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55459 PROTO=TCP SPT=43500 DPT=5558 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:56:51 server83 aibolit_wrapper[26384]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660112482930.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660112485908.txt --log=/tmp/malware_cleaner_log_17626660112487958.txt --progress=/tmp/malware_cleaner_progress_17626660112487492.json --csv_result=/tmp/revisium_csvfile_17626660112487696.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18451 SEQ=1 Nov 9 10:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19701 SEQ=1 Nov 9 10:56:55 server83 aibolit_wrapper[26519]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660154874692.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660154875426.txt --log=/tmp/malware_cleaner_log_17626660154876174.txt --progress=/tmp/malware_cleaner_progress_17626660154875974.json --csv_result=/tmp/revisium_csvfile_17626660154876060.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4514] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4519] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4520] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4525] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4535] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4538] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:56:59 server83 NetworkManager[922]: <info> [1762666019.4549] dhcp4 (eth1): dhclient started with pid 26587 Nov 9 10:56:59 server83 dhclient[26587]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x46673a28) Nov 9 10:57:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30754 SEQ=1 Nov 9 10:57:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52877 PROTO=TCP SPT=41466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 10:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:57:01 server83 systemd: Started Session 310752 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310754 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310750 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310751 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310753 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310755 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310757 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310758 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310756 of user root. Nov 9 10:57:01 server83 systemd: Started Session 310759 of user root. Nov 9 10:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1315 SEQ=1 Nov 9 10:57:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52878 PROTO=TCP SPT=41466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54928 DPT=2053 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.183 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=43751 PROTO=TCP SPT=24208 DPT=9200 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64472 SEQ=1 Nov 9 10:57:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=7304 PROTO=TCP SPT=50646 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52879 PROTO=TCP SPT=41466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:03 server83 dhclient[26587]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x46673a28) Nov 9 10:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64472 SEQ=1 Nov 9 10:57:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=7305 PROTO=TCP SPT=50646 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52880 PROTO=TCP SPT=41466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13071 DF PROTO=TCP SPT=62504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=7306 PROTO=TCP SPT=50646 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52881 PROTO=TCP SPT=41466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=7307 PROTO=TCP SPT=50646 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10584 SEQ=1 Nov 9 10:57:08 server83 aibolit_wrapper[26852]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660285903940.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660285905096.txt --log=/tmp/malware_cleaner_log_17626660285906148.txt --progress=/tmp/malware_cleaner_progress_17626660285905886.json --csv_result=/tmp/revisium_csvfile_17626660285905988.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43579 SEQ=1 Nov 9 10:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39224 SEQ=1 Nov 9 10:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30336 SEQ=1 Nov 9 10:57:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39485 PROTO=TCP SPT=58005 DPT=6254 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13074 DF PROTO=TCP SPT=62504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:11 server83 dhclient[26587]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x46673a28) Nov 9 10:57:12 server83 aibolit_wrapper[26945]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660326993094.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660326993866.txt --log=/tmp/malware_cleaner_log_17626660326994640.txt --progress=/tmp/malware_cleaner_progress_17626660326994422.json --csv_result=/tmp/revisium_csvfile_17626660326994528.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:57:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.117.57.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57172 DPT=8005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27290 SEQ=1 Nov 9 10:57:19 server83 aibolit_wrapper[27112]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660392427046.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660392428158.txt --log=/tmp/malware_cleaner_log_17626660392429208.txt --progress=/tmp/malware_cleaner_progress_17626660392428940.json --csv_result=/tmp/revisium_csvfile_17626660392429058.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:57:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13075 DF PROTO=TCP SPT=62504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17187 SEQ=1 Nov 9 10:57:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55425 PROTO=TCP SPT=46370 DPT=1821 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17187 SEQ=1 Nov 9 10:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2919 SEQ=1 Nov 9 10:57:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.16 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=13669 PROTO=TCP SPT=26200 DPT=9117 WINDOW=32681 RES=0x00 SYN URGP=0 Nov 9 10:57:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.202.118.17 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=56330 PROTO=TCP SPT=53496 DPT=8445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10770 SEQ=1 Nov 9 10:57:26 server83 aibolit_wrapper[27255]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660464073476.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626660464075562.txt --progress=/tmp/malware_cleaner_progress_17626660464075298.json --csv_result=/tmp/revisium_csvfile_17626660464075406.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:57:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13076 DF PROTO=TCP SPT=63124 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:28 server83 dhclient[26587]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x46673a28) Nov 9 10:57:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13077 DF PROTO=TCP SPT=63124 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13078 DF PROTO=TCP SPT=63124 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49553 SEQ=1 Nov 9 10:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13079 DF PROTO=TCP SPT=63124 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31877 SEQ=1 Nov 9 10:57:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.175.220.105 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34554 DPT=2053 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.117.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24751 PROTO=TCP SPT=48593 DPT=8080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:57:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31877 SEQ=1 Nov 9 10:57:37 server83 aibolit_wrapper[27543]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660578332108.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660578333476.txt --log=/tmp/malware_cleaner_log_17626660578335196.txt --progress=/tmp/malware_cleaner_progress_17626660578334786.json --csv_result=/tmp/revisium_csvfile_17626660578334980.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:57:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3677 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:57:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55632 SEQ=1 Nov 9 10:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55632 SEQ=1 Nov 9 10:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52464 SEQ=1 Nov 9 10:57:40 server83 dhclient[26587]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x46673a28) Nov 9 10:57:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.239 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40511 PROTO=TCP SPT=40917 DPT=33467 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:57:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13080 DF PROTO=TCP SPT=63124 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 10:57:44 server83 NetworkManager[922]: <warn> [1762666064.4435] dhcp4 (eth1): request timed out Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4436] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4595] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26587 Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4595] dhcp4 (eth1): state changed timeout -> done Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4597] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:57:44 server83 NetworkManager[922]: <warn> [1762666064.4600] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4601] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4635] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4637] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4638] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4640] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4649] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4651] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:57:44 server83 NetworkManager[922]: <info> [1762666064.4661] dhcp4 (eth1): dhclient started with pid 27657 Nov 9 10:57:44 server83 dhclient[27657]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x88f1db4) Nov 9 10:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.229 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49240 DPT=10256 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 10:57:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:57:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29129 SEQ=1 Nov 9 10:57:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=8568 PROTO=TCP SPT=56956 DPT=8404 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:57:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.52 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50016 DPT=5674 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:57:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4586 SEQ=1 Nov 9 10:57:49 server83 dhclient[27657]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x88f1db4) Nov 9 10:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4586 SEQ=1 Nov 9 10:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50250 SEQ=1 Nov 9 10:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=391 DF PROTO=ICMP TYPE=8 CODE=0 ID=10633 SEQ=9885 Nov 9 10:57:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15312 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:57:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15313 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:57:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15314 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15315 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=12579 PROTO=TCP SPT=59403 DPT=31972 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 10:58:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65289 PROTO=TCP SPT=56036 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16847 SEQ=1 Nov 9 10:58:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=50718 PROTO=TCP SPT=65203 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:00 server83 aibolit_wrapper[27991]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660809767118.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660809768638.txt --log=/tmp/malware_cleaner_log_17626660809769938.txt --progress=/tmp/malware_cleaner_progress_17626660809769550.json --csv_result=/tmp/revisium_csvfile_17626660809769718.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:58:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 10:58:01 server83 systemd: Started Session 310760 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310762 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310761 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310763 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310764 of user root. Nov 9 10:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 10:58:01 server83 systemd: Started Session 310766 of user metalarts. Nov 9 10:58:01 server83 systemd: Started Session 310765 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310768 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310767 of user root. Nov 9 10:58:01 server83 systemd: Started Session 310769 of user root. Nov 9 10:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65290 PROTO=TCP SPT=56036 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42789 SEQ=1 Nov 9 10:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 10:58:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56840 SEQ=1 Nov 9 10:58:01 server83 dhclient[27657]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x88f1db4) Nov 9 10:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=50719 PROTO=TCP SPT=65203 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65292 PROTO=TCP SPT=56036 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=65293 PROTO=TCP SPT=56036 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40722 PROTO=TCP SPT=50293 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=50722 PROTO=TCP SPT=65203 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40723 PROTO=TCP SPT=50293 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:06 server83 aibolit_wrapper[28257]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626660866270928.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626660866272324.txt --log=/tmp/malware_cleaner_log_17626660866274276.txt --progress=/tmp/malware_cleaner_progress_17626660866273742.json --csv_result=/tmp/revisium_csvfile_17626660866273966.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40724 PROTO=TCP SPT=50293 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42116 SEQ=1 Nov 9 10:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56840 SEQ=1 Nov 9 10:58:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41996 SEQ=1 Nov 9 10:58:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=7341 DF PROTO=TCP SPT=33412 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:58:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.82.47.10 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42068 DPT=1003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:58:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.122 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12796 DF PROTO=TCP SPT=33426 DPT=21 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 10:58:16 server83 dhclient[27657]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x88f1db4) Nov 9 10:58:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3683 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:58:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2209 SEQ=1 Nov 9 10:58:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56099 SEQ=1 Nov 9 10:58:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10797 SEQ=1 Nov 9 10:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 10:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 10:58:20 server83 imunify-auditd-log-reader[9638]: log reader failed to send statistics: circuit breaker is open Nov 9 10:58:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=31483 PROTO=TCP SPT=44477 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10216 SEQ=1 Nov 9 10:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2209 SEQ=1 Nov 9 10:58:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=31484 PROTO=TCP SPT=44477 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:23 server83 aibolit_wrapper[28709]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661037574378.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661037575552.txt --log=/tmp/malware_cleaner_log_17626661037576580.txt --progress=/tmp/malware_cleaner_progress_17626661037576316.json --csv_result=/tmp/revisium_csvfile_17626661037576426.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:58:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=6698 PROTO=TCP SPT=44479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=31485 PROTO=TCP SPT=44477 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:24 server83 imunify-auditd-log-reader[9638]: error messages suppressed: 62 Nov 9 10:58:24 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 10:58:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=6699 PROTO=TCP SPT=44479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=31486 PROTO=TCP SPT=44477 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=6701 PROTO=TCP SPT=44479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:58:28 server83 aibolit_wrapper[28865]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661079997920.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661079999366.txt --log=/tmp/malware_cleaner_log_17626661080001002.txt --progress=/tmp/malware_cleaner_progress_17626661080000468.json --csv_result=/tmp/revisium_csvfile_17626661080000722.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:58:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.115 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=17218 DF PROTO=TCP SPT=41348 DPT=32754 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:58:29 server83 NetworkManager[922]: <warn> [1762666109.4404] dhcp4 (eth1): request timed out Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4404] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4564] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27657 Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4564] dhcp4 (eth1): state changed timeout -> done Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4567] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:58:29 server83 NetworkManager[922]: <warn> [1762666109.4573] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4576] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4611] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4616] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4618] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4624] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4635] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4639] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:58:29 server83 NetworkManager[922]: <info> [1762666109.4650] dhcp4 (eth1): dhclient started with pid 28911 Nov 9 10:58:29 server83 dhclient[28911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6da7c0d5) Nov 9 10:58:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.115 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=12876 DF PROTO=TCP SPT=35414 DPT=32754 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5899 SEQ=1 Nov 9 10:58:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5899 SEQ=1 Nov 9 10:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3676 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:58:33 server83 scripts.sh: Sun Nov 9 10:58:33 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 10:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47188 SEQ=1 Nov 9 10:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57707 SEQ=1 Nov 9 10:58:33 server83 dhclient[28911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6da7c0d5) Nov 9 10:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=48.214.144.31 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=15610 PROTO=TCP SPT=47589 DPT=990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:58:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3675 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:58:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34413 SEQ=1 Nov 9 10:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40711 SEQ=1 Nov 9 10:58:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:58:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=23061 PROTO=TCP SPT=51039 DPT=9142 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34413 SEQ=1 Nov 9 10:58:39 server83 imunify-realtime-av[6776]: failed to send stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:58:43 server83 dhclient[28911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x6da7c0d5) Nov 9 10:58:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=43575 PROTO=TCP SPT=38746 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:58:44 server83 pam_imunify_daemon.bin: time="2025-11-09T10:58:44+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 10:58:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:58:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:58:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 10:58:47 server83 aibolit_wrapper[29473]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661276385870.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661276387206.txt --log=/tmp/malware_cleaner_log_17626661276388802.txt --progress=/tmp/malware_cleaner_progress_17626661276388316.json --csv_result=/tmp/revisium_csvfile_17626661276388514.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15984 SEQ=1 Nov 9 10:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15984 SEQ=1 Nov 9 10:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37359 SEQ=1 Nov 9 10:58:54 server83 aibolit_wrapper[29675]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661341843540.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661341844856.txt --log=/tmp/malware_cleaner_log_17626661341846036.txt --progress=/tmp/malware_cleaner_progress_17626661341845732.json --csv_result=/tmp/revisium_csvfile_17626661341845866.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:58:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.11.247 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=6250 DF PROTO=TCP SPT=36933 DPT=30075 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 10:58:56 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 10:58:56 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 10:58:56 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 10:58:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.226.197.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39502 PROTO=TCP SPT=24501 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:58:59 server83 dhclient[28911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6da7c0d5) Nov 9 10:59:01 server83 systemd: Started Session 310770 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310771 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310772 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310773 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310774 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310775 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310777 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310776 of user root. Nov 9 10:59:01 server83 systemd: Started Session 310778 of user root. Nov 9 10:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8253 PROTO=TCP SPT=33540 DPT=1963 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64415 SEQ=1 Nov 9 10:59:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38844 SEQ=1 Nov 9 10:59:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24709 SEQ=1 Nov 9 10:59:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38274 SEQ=1 Nov 9 10:59:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63994 SEQ=1 Nov 9 10:59:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44361 PROTO=TCP SPT=45727 DPT=34617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:59:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57390 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:59:07 server83 dhclient[28911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x6da7c0d5) Nov 9 10:59:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63994 SEQ=1 Nov 9 10:59:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=30208 PROTO=TCP SPT=51716 DPT=1027 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:59:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.216 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53448 DPT=11443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:59:14 server83 NetworkManager[922]: <warn> [1762666154.4502] dhcp4 (eth1): request timed out Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4662] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28911 Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4662] dhcp4 (eth1): state changed timeout -> done Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4664] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:59:14 server83 NetworkManager[922]: <warn> [1762666154.4668] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4699] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4702] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4703] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4705] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4714] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4716] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 10:59:14 server83 NetworkManager[922]: <info> [1762666154.4726] dhcp4 (eth1): dhclient started with pid 30399 Nov 9 10:59:14 server83 dhclient[30399]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7cdab9b0) Nov 9 10:59:16 server83 aibolit_wrapper[30510]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661564574988.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661564576206.txt --log=/tmp/malware_cleaner_log_17626661564577372.txt --progress=/tmp/malware_cleaner_progress_17626661564577100.json --csv_result=/tmp/revisium_csvfile_17626661564577232.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:59:17 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.163.8.119 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=54646 PROTO=UDP SPT=41078 DPT=29139 LEN=520 Nov 9 10:59:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 10:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29529 SEQ=1 Nov 9 10:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61617 SEQ=1 Nov 9 10:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3688 SEQ=1 Nov 9 10:59:21 server83 aibolit_wrapper[30708]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661617725164.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661617726438.txt --log=/tmp/malware_cleaner_log_17626661617727824.txt --progress=/tmp/malware_cleaner_progress_17626661617727438.json --csv_result=/tmp/revisium_csvfile_17626661617727622.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:59:22 server83 dhclient[30399]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7cdab9b0) Nov 9 10:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57304 SEQ=1 Nov 9 10:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6249 SEQ=1 Nov 9 10:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6249 SEQ=1 Nov 9 10:59:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3674 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:59:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.98 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=64172 PROTO=TCP SPT=58914 DPT=7777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 10:59:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13997 PROTO=TCP SPT=47407 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13998 PROTO=TCP SPT=47407 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40001 PROTO=TCP SPT=41479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13999 PROTO=TCP SPT=47407 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40002 PROTO=TCP SPT=41479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14000 PROTO=TCP SPT=47407 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44293 SEQ=1 Nov 9 10:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30240 SEQ=1 Nov 9 10:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62636 SEQ=1 Nov 9 10:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28097 SEQ=1 Nov 9 10:59:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40003 PROTO=TCP SPT=41479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40004 PROTO=TCP SPT=41479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40005 PROTO=TCP SPT=41479 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 10:59:36 server83 dhclient[30399]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x7cdab9b0) Nov 9 10:59:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.26 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=52293 PROTO=TCP SPT=40259 DPT=322 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 10:59:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 10:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20363 SEQ=1 Nov 9 10:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62636 SEQ=1 Nov 9 10:59:43 server83 aibolit_wrapper[31215]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661832954586.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661832958602.txt --log=/tmp/malware_cleaner_log_17626661832960658.txt --progress=/tmp/malware_cleaner_progress_17626661832960072.json --csv_result=/tmp/revisium_csvfile_17626661832960320.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:59:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.lock: ProactiveModel.Host should not be empty Nov 9 10:59:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 10:59:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.requests: ProactiveModel.Host should not be empty Nov 9 10:59:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 10:59:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 10:59:48 server83 aibolit_wrapper[31323]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626661885644570.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626661885646430.txt --log=/tmp/malware_cleaner_log_17626661885647792.txt --progress=/tmp/malware_cleaner_progress_17626661885647506.json --csv_result=/tmp/revisium_csvfile_17626661885647654.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 10:59:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.131 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=41227 DF PROTO=TCP SPT=55648 DPT=10254 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:59:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27862 SEQ=1 Nov 9 10:59:49 server83 dhclient[30399]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7cdab9b0) Nov 9 10:59:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=24077 DF PROTO=TCP SPT=55680 DPT=10254 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:59:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=24078 DF PROTO=TCP SPT=55680 DPT=10254 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:59:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=46560 DF PROTO=TCP SPT=55692 DPT=10254 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:59:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.131 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=46561 DF PROTO=TCP SPT=55692 DPT=10254 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 10:59:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39221 DPT=3050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 10:59:59 server83 NetworkManager[922]: <warn> [1762666199.4503] dhcp4 (eth1): request timed out Nov 9 10:59:59 server83 NetworkManager[922]: <info> [1762666199.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 10:59:59 server83 NetworkManager[922]: <info> [1762666199.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 30399 Nov 9 10:59:59 server83 NetworkManager[922]: <info> [1762666199.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 10:59:59 server83 NetworkManager[922]: <info> [1762666199.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 10:59:59 server83 NetworkManager[922]: <warn> [1762666199.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 10:59:59 server83 NetworkManager[922]: <info> [1762666199.4671] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:00:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51550 DPT=46155 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:01 server83 systemd: Started Session 310780 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310781 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310779 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310782 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310783 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310784 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310785 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310788 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310786 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310789 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310790 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310791 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310787 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310792 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310793 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310794 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310795 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310796 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310797 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310799 of user root. Nov 9 11:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 11:00:01 server83 systemd: Started Session 310798 of user sanatanhinduvahi. Nov 9 11:00:01 server83 systemd: Started Session 310801 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310800 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310802 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310803 of user root. Nov 9 11:00:01 server83 systemd: Started Session 310804 of user root. Nov 9 11:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 11:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39807 SEQ=1 Nov 9 11:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21845 SEQ=1 Nov 9 11:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.125 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=49102 PROTO=TCP SPT=39334 DPT=1294 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:00:02 server83 aibolit_wrapper[31962]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662027931320.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626662027934076.txt --progress=/tmp/malware_cleaner_progress_17626662027933720.json --csv_result=/tmp/revisium_csvfile_17626662027933878.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36172 PROTO=TCP SPT=56432 DPT=5819 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52270 SEQ=1 Nov 9 11:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25945 SEQ=1 Nov 9 11:00:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.188 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=15736 DF PROTO=TCP SPT=24697 DPT=23581 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:00:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53739 SEQ=1 Nov 9 11:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3038 SEQ=1 Nov 9 11:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=24571 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=36370 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=7044 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=36379 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:00:09 server83 aibolit_wrapper[32688]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662089904814.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662089906426.txt --log=/tmp/malware_cleaner_log_17626662089907920.txt --progress=/tmp/malware_cleaner_progress_17626662089907498.json --csv_result=/tmp/revisium_csvfile_17626662089907680.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=30713 PROTO=TCP SPT=56185 DPT=7920 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:00:15 server83 aibolit_wrapper[1084]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662150528408.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626662150531736.txt --progress=/tmp/malware_cleaner_progress_17626662150531204.json --csv_result=/tmp/revisium_csvfile_17626662150531458.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1509 SEQ=1 Nov 9 11:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=28734 DF PROTO=ICMP TYPE=8 CODE=0 ID=18242 SEQ=20254 Nov 9 11:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55721 SEQ=1 Nov 9 11:00:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.148.98.29 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=41 ID=36222 DF PROTO=ICMP TYPE=8 CODE=0 ID=55278 SEQ=27040 Nov 9 11:00:18 server83 pam_imunify_daemon.bin: time="2025-11-09T11:00:18+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 11:00:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38205 SEQ=1 Nov 9 11:00:20 server83 aibolit_wrapper[1876]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662205060998.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662205062480.txt --log=/tmp/malware_cleaner_log_17626662205064470.txt --progress=/tmp/malware_cleaner_progress_17626662205064110.json --csv_result=/tmp/revisium_csvfile_17626662205064272.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57701 SEQ=1 Nov 9 11:00:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40896 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:27 server83 aibolit_wrapper[2748]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662271225862.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662271227472.txt --log=/tmp/malware_cleaner_log_17626662271229252.txt --progress=/tmp/malware_cleaner_progress_17626662271228734.json --csv_result=/tmp/revisium_csvfile_17626662271228960.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.199 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57281 DPT=9087 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59859 SEQ=1 Nov 9 11:00:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51348 PROTO=TCP SPT=49956 DPT=26020 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:00:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.251 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55581 DPT=29017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42248 SEQ=1 Nov 9 11:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27458 SEQ=1 Nov 9 11:00:36 server83 aibolit_wrapper[3815]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662364232312.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662364233776.txt --log=/tmp/malware_cleaner_log_17626662364235020.txt --progress=/tmp/malware_cleaner_progress_17626662364234702.json --csv_result=/tmp/revisium_csvfile_17626662364234832.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:00:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62859 SEQ=1 Nov 9 11:00:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58571 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6939 SEQ=1 Nov 9 11:00:38 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:00:42 server83 systemd: Started Session c2870 of user root. Nov 9 11:00:42 server83 scripts.sh: Load Average: 4.56 , 3.08 Nov 9 11:00:42 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:00:42 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:00:42 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:00:42 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:00:42 server83 scripts.sh: MySQL Status: active Nov 9 11:00:42 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:00:42 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:00:42 server83 scripts.sh: SSHD Status: active Nov 9 11:00:42 server83 scripts.sh: FTP Status: active Nov 9 11:00:42 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:00:42 server83 scripts.sh: Imunify Status: Active Nov 9 11:00:42 server83 scripts.sh: cPanel Status: active Nov 9 11:00:42 server83 scripts.sh: Memory Status: 11/31 GB - 37.22% Nov 9 11:00:42 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:00:42 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:00:42 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:00:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=142.93.157.82 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59128 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38410 PROTO=TCP SPT=45447 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:00:44 server83 aibolit_wrapper[5155]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662449306248.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662449307658.txt --log=/tmp/malware_cleaner_log_17626662449308934.txt --progress=/tmp/malware_cleaner_progress_17626662449308586.json --csv_result=/tmp/revisium_csvfile_17626662449308742.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38411 PROTO=TCP SPT=45447 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=31828 PROTO=TCP SPT=63473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=38412 PROTO=TCP SPT=45447 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:00:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:00:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 11:00:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.config: ProactiveModel.Host should not be empty Nov 9 11:00:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=31829 PROTO=TCP SPT=63473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37649 SEQ=1 Nov 9 11:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46567 SEQ=1 Nov 9 11:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31503 SEQ=1 Nov 9 11:00:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=31830 PROTO=TCP SPT=63473 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10258 SEQ=1 Nov 9 11:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60989 SEQ=1 Nov 9 11:00:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26844 PROTO=TCP SPT=45727 DPT=31171 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10258 SEQ=1 Nov 9 11:00:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11076 PROTO=TCP SPT=41811 DPT=2442 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8440 SEQ=1 Nov 9 11:00:53 server83 aibolit_wrapper[6238]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662535505576.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662535507262.txt --log=/tmp/malware_cleaner_log_17626662535508656.txt --progress=/tmp/malware_cleaner_progress_17626662535508272.json --csv_result=/tmp/revisium_csvfile_17626662535508440.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:57 server83 aibolit_wrapper[6853]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662578211716.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662578213308.txt --log=/tmp/malware_cleaner_log_17626662578214960.txt --progress=/tmp/malware_cleaner_progress_17626662578214492.json --csv_result=/tmp/revisium_csvfile_17626662578214670.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:00:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52782 DF PROTO=TCP SPT=49824 DPT=5010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:01:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52783 DF PROTO=TCP SPT=49824 DPT=5010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:01:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:01:01 server83 systemd: Started Session 310805 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310807 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310806 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310808 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310810 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310811 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310809 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310814 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310812 of user root. Nov 9 11:01:01 server83 systemd: Started Session 310813 of user root. Nov 9 11:01:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52784 DF PROTO=TCP SPT=49824 DPT=5010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:01:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37630 SEQ=1 Nov 9 11:01:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:01:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52785 DF PROTO=TCP SPT=49824 DPT=5010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60608 SEQ=1 Nov 9 11:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=17400 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=17411 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=59058 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=16615 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:01:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13081 DF PROTO=TCP SPT=51037 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:01:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39178 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:01:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.105.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=38985 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:01:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13082 DF PROTO=TCP SPT=51037 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:01:16 server83 aibolit_wrapper[21874]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662761432958.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662761435914.txt --log=/tmp/malware_cleaner_log_17626662761437616.txt --progress=/tmp/malware_cleaner_progress_17626662761437242.json --csv_result=/tmp/revisium_csvfile_17626662761437406.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:01:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57421 SEQ=1 Nov 9 11:01:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63906 SEQ=1 Nov 9 11:01:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21235 SEQ=1 Nov 9 11:01:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5073 SEQ=1 Nov 9 11:01:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13083 DF PROTO=TCP SPT=51037 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:01:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=42891 DF PROTO=TCP SPT=59700 DPT=5010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:01:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.125 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=22540 DF PROTO=TCP SPT=59732 DPT=5010 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30220 SEQ=1 Nov 9 11:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21235 SEQ=1 Nov 9 11:01:21 server83 aibolit_wrapper[22561]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662816288522.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662816289378.txt --log=/tmp/malware_cleaner_log_17626662816290354.txt --progress=/tmp/malware_cleaner_progress_17626662816290130.json --csv_result=/tmp/revisium_csvfile_17626662816290242.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:01:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13084 DF PROTO=TCP SPT=51037 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:01:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.8.182.192 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=46328 DF PROTO=ICMP TYPE=8 CODE=0 ID=13468 SEQ=64669 Nov 9 11:01:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26147 SEQ=1 Nov 9 11:01:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45015 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:01:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28467 PROTO=TCP SPT=37214 DPT=6392 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:01:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.251 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=61798 DF PROTO=TCP SPT=53925 DPT=9639 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:01:27 server83 aibolit_wrapper[23359]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662879455390.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626662879458014.txt --progress=/tmp/malware_cleaner_progress_17626662879457652.json --csv_result=/tmp/revisium_csvfile_17626662879457812.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:01:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13085 DF PROTO=TCP SPT=51037 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15871 SEQ=1 Nov 9 11:01:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14819 SEQ=1 Nov 9 11:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52311 SEQ=1 Nov 9 11:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15871 SEQ=1 Nov 9 11:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24098 SEQ=1 Nov 9 11:01:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59888 SEQ=1 Nov 9 11:01:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43292 SEQ=1 Nov 9 11:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14331 PROTO=TCP SPT=41811 DPT=2613 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:01:39 server83 aibolit_wrapper[24828]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626662994041002.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626662994042236.txt --log=/tmp/malware_cleaner_log_17626662994043424.txt --progress=/tmp/malware_cleaner_progress_17626662994043108.json --csv_result=/tmp/revisium_csvfile_17626662994043242.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:01:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.251 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=15281 DF PROTO=TCP SPT=57952 DPT=8335 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:01:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.145 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=11399 DF PROTO=TCP SPT=33922 DPT=10256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:01:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.145 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=11400 DF PROTO=TCP SPT=33922 DPT=10256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:01:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.145 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=56766 DF PROTO=TCP SPT=33944 DPT=10256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:01:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.145 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=56767 DF PROTO=TCP SPT=33944 DPT=10256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:01:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.145 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=33942 DF PROTO=TCP SPT=34290 DPT=10256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:01:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:01:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 11:01:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54129 SEQ=1 Nov 9 11:01:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3682 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22779 SEQ=1 Nov 9 11:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54129 SEQ=1 Nov 9 11:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20575 SEQ=1 Nov 9 11:01:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64862 PROTO=TCP SPT=34454 DPT=5391 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:01:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4817 SEQ=1 Nov 9 11:01:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52979 PROTO=TCP SPT=46370 DPT=1650 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:02:01 server83 aibolit_wrapper[27391]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663216128802.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663216130252.txt --log=/tmp/malware_cleaner_log_17626663216131510.txt --progress=/tmp/malware_cleaner_progress_17626663216131158.json --csv_result=/tmp/revisium_csvfile_17626663216131322.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:01 server83 systemd: Started Session 310816 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310815 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310818 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310817 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310819 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310820 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310821 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310822 of user root. Nov 9 11:02:01 server83 systemd: Started Session 310823 of user root. Nov 9 11:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54764 SEQ=1 Nov 9 11:02:06 server83 aibolit_wrapper[28162]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663269237542.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663269238680.txt --log=/tmp/malware_cleaner_log_17626663269239504.txt --progress=/tmp/malware_cleaner_progress_17626663269239282.json --csv_result=/tmp/revisium_csvfile_17626663269239370.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63849 SEQ=1 Nov 9 11:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3903 SEQ=1 Nov 9 11:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=23378 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=23384 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42585 SEQ=1 Nov 9 11:02:12 server83 pam_imunify_daemon.bin: time="2025-11-09T11:02:12+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 11:02:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13086 DF PROTO=TCP SPT=52683 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13087 DF PROTO=TCP SPT=52683 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32394 SEQ=1 Nov 9 11:02:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46945 SEQ=1 Nov 9 11:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=4166 DF PROTO=ICMP TYPE=8 CODE=0 ID=2788 SEQ=3286 Nov 9 11:02:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13088 DF PROTO=TCP SPT=52683 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46945 SEQ=1 Nov 9 11:02:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:02:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.121 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=64329 PROTO=TCP SPT=52821 DPT=5061 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52434 SEQ=1 Nov 9 11:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61660 SEQ=1 Nov 9 11:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29 SEQ=1 Nov 9 11:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13089 DF PROTO=TCP SPT=52683 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4659 PROTO=TCP SPT=46370 DPT=1432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.149.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28745 PROTO=TCP SPT=44752 DPT=8265 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:02:27 server83 aibolit_wrapper[30899]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663472308516.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663472310338.txt --log=/tmp/malware_cleaner_log_17626663472312544.txt --progress=/tmp/malware_cleaner_progress_17626663472311938.json --csv_result=/tmp/revisium_csvfile_17626663472312210.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:31 server83 aibolit_wrapper[31565]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663515200410.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663515201306.txt --log=/tmp/malware_cleaner_log_17626663515202298.txt --progress=/tmp/malware_cleaner_progress_17626663515202078.json --csv_result=/tmp/revisium_csvfile_17626663515202184.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62128 SEQ=1 Nov 9 11:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27942 SEQ=1 Nov 9 11:02:32 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=109.236.61.23 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=33056 DPT=1434 LEN=9 Nov 9 11:02:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13090 DF PROTO=TCP SPT=52683 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38923 SEQ=1 Nov 9 11:02:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3681 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38923 SEQ=1 Nov 9 11:02:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13091 DF PROTO=TCP SPT=53236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:02:39 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.238 DST=51.210.113.204 LEN=125 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=51978 DPT=2900 LEN=105 Nov 9 11:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39409 SEQ=1 Nov 9 11:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54608 SEQ=1 Nov 9 11:02:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13092 DF PROTO=TCP SPT=53236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13093 DF PROTO=TCP SPT=53236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.40 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50451 DPT=48104 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:02:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3673 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:02:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29192 PROTO=TCP SPT=52669 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:02:45 server83 aibolit_wrapper[762]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663651258754.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663651260344.txt --log=/tmp/malware_cleaner_log_17626663651261618.txt --progress=/tmp/malware_cleaner_progress_17626663651261262.json --csv_result=/tmp/revisium_csvfile_17626663651261426.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29193 PROTO=TCP SPT=52669 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:02:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13094 DF PROTO=TCP SPT=53236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:02:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:02:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:02:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52873 PROTO=TCP SPT=36727 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:02:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29526 SEQ=1 Nov 9 11:02:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=52875 PROTO=TCP SPT=36727 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:02:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31494 SEQ=1 Nov 9 11:02:50 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.183 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=50626 DPT=44818 LEN=32 Nov 9 11:02:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:02:50 server83 aibolit_wrapper[1603]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663708773242.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663708774040.txt --log=/tmp/malware_cleaner_log_17626663708775014.txt --progress=/tmp/malware_cleaner_progress_17626663708774806.json --csv_result=/tmp/revisium_csvfile_17626663708774908.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=61 TOS=0x00 PREC=0x00 TTL=108 ID=32079 DF PROTO=ICMP TYPE=8 CODE=0 ID=32282 SEQ=64354 Nov 9 11:02:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13095 DF PROTO=TCP SPT=53236 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44378 SEQ=1 Nov 9 11:02:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31494 SEQ=1 Nov 9 11:02:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=22111 DF PROTO=TCP SPT=46386 DPT=9809 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:02:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.187.178.213 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=43 ID=38141 DF PROTO=TCP SPT=12900 DPT=902 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 11:02:57 server83 aibolit_wrapper[2493]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663774305940.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663774307112.txt --log=/tmp/malware_cleaner_log_17626663774308338.txt --progress=/tmp/malware_cleaner_progress_17626663774308038.json --csv_result=/tmp/revisium_csvfile_17626663774308200.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:02:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.152.23 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=62978 DF PROTO=UDP SPT=19300 DPT=19300 LEN=16 Nov 9 11:02:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.162 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53195 DPT=38405 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:03:01 server83 systemd: Started Session 310828 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310827 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310826 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310825 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310829 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310824 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310830 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310831 of user root. Nov 9 11:03:01 server83 systemd: Started Session 310832 of user root. Nov 9 11:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50169 SEQ=1 Nov 9 11:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26368 SEQ=1 Nov 9 11:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19448 SEQ=1 Nov 9 11:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50169 SEQ=1 Nov 9 11:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55192 PROTO=TCP SPT=50060 DPT=9073 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=29570 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25530 SEQ=1 Nov 9 11:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56691 DPT=5567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:03:17 server83 aibolit_wrapper[5116]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626663977171270.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626663977172584.txt --log=/tmp/malware_cleaner_log_17626663977173960.txt --progress=/tmp/malware_cleaner_progress_17626663977173640.json --csv_result=/tmp/revisium_csvfile_17626663977173790.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:03:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27070 SEQ=1 Nov 9 11:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34152 SEQ=1 Nov 9 11:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18494 SEQ=1 Nov 9 11:03:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.86 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52602 DPT=1000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:03:23 server83 aibolit_wrapper[5793]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664029905940.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664029907380.txt --log=/tmp/malware_cleaner_log_17626664029909118.txt --progress=/tmp/malware_cleaner_progress_17626664029908540.json --csv_result=/tmp/revisium_csvfile_17626664029908790.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29048 SEQ=1 Nov 9 11:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36196 SEQ=1 Nov 9 11:03:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48227 SEQ=1 Nov 9 11:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.10.188 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=44 ID=0 DF PROTO=TCP SPT=45118 DPT=6015 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1947 SEQ=1 Nov 9 11:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41392 SEQ=1 Nov 9 11:03:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43710 PROTO=TCP SPT=40975 DPT=4433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:03:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42821 PROTO=TCP SPT=46235 DPT=28071 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:03:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:03:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7688 PROTO=TCP SPT=53120 DPT=2664 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:03:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27012 SEQ=1 Nov 9 11:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36402 SEQ=1 Nov 9 11:03:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52597 SEQ=1 Nov 9 11:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31458 PROTO=TCP SPT=45727 DPT=34871 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:03:41 server83 aibolit_wrapper[8353]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664214282384.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664214284274.txt --log=/tmp/malware_cleaner_log_17626664214286104.txt --progress=/tmp/malware_cleaner_progress_17626664214285688.json --csv_result=/tmp/revisium_csvfile_17626664214285884.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:03:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=37558 PROTO=TCP SPT=50022 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:03:45 server83 aibolit_wrapper[8870]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664257476216.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664257477252.txt --log=/tmp/malware_cleaner_log_17626664257478194.txt --progress=/tmp/malware_cleaner_progress_17626664257477942.json --csv_result=/tmp/revisium_csvfile_17626664257478056.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:03:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 11:03:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.locked: ProactiveModel.Host should not be empty Nov 9 11:03:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 11:03:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:03:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:03:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14551 PROTO=TCP SPT=55975 DPT=7601 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:03:50 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 11:03:50 server83 systemd: Stopped Status Update Service. Nov 9 11:03:50 server83 systemd: Started Status Update Service. Nov 9 11:03:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32909 SEQ=1 Nov 9 11:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57281 SEQ=1 Nov 9 11:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51263 SEQ=1 Nov 9 11:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4582 SEQ=1 Nov 9 11:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43636 SEQ=1 Nov 9 11:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.150.103.155 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=TCP SPT=48637 DPT=6015 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:03:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:03:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:03:55 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:04:01 server83 systemd: Started Session 310834 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310835 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310836 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310837 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310833 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310839 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310840 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310838 of user root. Nov 9 11:04:01 server83 systemd: Started Session 310841 of user root. Nov 9 11:04:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.166 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51299 DPT=2502 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=20306 PROTO=TCP SPT=41187 DPT=389 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:04:05 server83 aibolit_wrapper[11466]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664459033470.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664459035320.txt --log=/tmp/malware_cleaner_log_17626664459036974.txt --progress=/tmp/malware_cleaner_progress_17626664459036526.json --csv_result=/tmp/revisium_csvfile_17626664459036712.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3683 SEQ=1 Nov 9 11:04:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=20288 DF PROTO=ICMP TYPE=8 CODE=0 ID=5359 SEQ=16580 Nov 9 11:04:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3891 SEQ=1 Nov 9 11:04:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58223 SEQ=1 Nov 9 11:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=54219 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:04:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10035 PROTO=TCP SPT=45414 DPT=8404 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46273 SEQ=1 Nov 9 11:04:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3680 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:04:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.135 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=37351 PROTO=TCP SPT=49672 DPT=18245 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:04:11 server83 aibolit_wrapper[12161]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664512551126.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664512552050.txt --log=/tmp/malware_cleaner_log_17626664512552978.txt --progress=/tmp/malware_cleaner_progress_17626664512552750.json --csv_result=/tmp/revisium_csvfile_17626664512552852.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:11 server83 pam_imunify_daemon.bin: time="2025-11-09T11:04:11+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 11:04:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:04:17 server83 aibolit_wrapper[12988]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664570200552.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626664570204478.txt --progress=/tmp/malware_cleaner_progress_17626664570204100.json --csv_result=/tmp/revisium_csvfile_17626664570204288.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30996 SEQ=1 Nov 9 11:04:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58816 SEQ=1 Nov 9 11:04:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58816 SEQ=1 Nov 9 11:04:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53373 SEQ=1 Nov 9 11:04:27 server83 aibolit_wrapper[14282]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664674225590.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664674227186.txt --log=/tmp/malware_cleaner_log_17626664674229776.txt --progress=/tmp/malware_cleaner_progress_17626664674229236.json --csv_result=/tmp/revisium_csvfile_17626664674229496.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62878 PROTO=TCP SPT=59870 DPT=9917 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:04:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3679 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:04:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.244 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50777 DPT=46639 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:04:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44083 SEQ=1 Nov 9 11:04:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49593 SEQ=1 Nov 9 11:04:32 server83 aibolit_wrapper[14864]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664726831502.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664726832878.txt --log=/tmp/malware_cleaner_log_17626664726834038.txt --progress=/tmp/malware_cleaner_progress_17626664726833734.json --csv_result=/tmp/revisium_csvfile_17626664726833860.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.180 DST=145.239.177.179 LEN=63 TOS=0x00 PREC=0x00 TTL=112 ID=5664 DF PROTO=ICMP TYPE=8 CODE=0 ID=59587 SEQ=34768 Nov 9 11:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23384 SEQ=1 Nov 9 11:04:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.155 DST=51.210.113.204 LEN=184 TOS=0x00 PREC=0x00 TTL=35 ID=46059 PROTO=UDP SPT=37621 DPT=34964 LEN=164 Nov 9 11:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44083 SEQ=1 Nov 9 11:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20358 SEQ=1 Nov 9 11:04:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49593 SEQ=1 Nov 9 11:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36273 SEQ=1 Nov 9 11:04:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:04:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:04:44 server83 aibolit_wrapper[16284]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664841698332.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626664841702018.txt --progress=/tmp/malware_cleaner_progress_17626664841701550.json --csv_result=/tmp/revisium_csvfile_17626664841701758.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36336 PROTO=TCP SPT=46235 DPT=12925 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:04:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 11:04:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.internal: ProactiveModel.Host should not be empty Nov 9 11:04:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:04:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65021 SEQ=1 Nov 9 11:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7174 SEQ=1 Nov 9 11:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8400 SEQ=1 Nov 9 11:04:51 server83 aibolit_wrapper[17247]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664917446992.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664917449202.txt --log=/tmp/malware_cleaner_log_17626664917451314.txt --progress=/tmp/malware_cleaner_progress_17626664917450780.json --csv_result=/tmp/revisium_csvfile_17626664917451058.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21601 SEQ=1 Nov 9 11:04:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9285 SEQ=1 Nov 9 11:04:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.121.140 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=50529 DPT=3391 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:04:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.152.23 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=14013 DF PROTO=UDP SPT=19300 DPT=19300 LEN=16 Nov 9 11:04:56 server83 aibolit_wrapper[17927]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626664969581108.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626664969582216.txt --log=/tmp/malware_cleaner_log_17626664969583164.txt --progress=/tmp/malware_cleaner_progress_17626664969582894.json --csv_result=/tmp/revisium_csvfile_17626664969582986.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4674] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4680] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4681] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4686] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4697] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4700] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:04:59 server83 NetworkManager[922]: <info> [1762666499.4711] dhcp4 (eth1): dhclient started with pid 18185 Nov 9 11:04:59 server83 dhclient[18185]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x75c1d7fe) Nov 9 11:05:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13096 DF PROTO=TCP SPT=56667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:05:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13097 DF PROTO=TCP SPT=56667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:05:01 server83 systemd: Started Session 310843 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310842 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310844 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310845 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310848 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310847 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310849 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310850 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310851 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310854 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310846 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310853 of user root. Nov 9 11:05:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62315 SEQ=1 Nov 9 11:05:01 server83 systemd: Started Session 310855 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310856 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310852 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310858 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310857 of user root. Nov 9 11:05:01 server83 systemd: Started Session 310859 of user root. Nov 9 11:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62315 SEQ=1 Nov 9 11:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.123.49 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=27038 DF PROTO=ICMP TYPE=8 CODE=0 ID=62769 SEQ=34746 Nov 9 11:05:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13098 DF PROTO=TCP SPT=56667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:05:03 server83 dhclient[18185]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x75c1d7fe) Nov 9 11:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43471 SEQ=1 Nov 9 11:05:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58416 SEQ=1 Nov 9 11:05:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25764 SEQ=1 Nov 9 11:05:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:05:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:05:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:05:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13099 DF PROTO=TCP SPT=56667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20270 SEQ=1 Nov 9 11:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=8710 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=597 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=607 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19194 SEQ=1 Nov 9 11:05:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.152.23 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=48 ID=15368 DF PROTO=UDP SPT=19300 DPT=19300 LEN=16 Nov 9 11:05:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34023 PROTO=TCP SPT=57143 DPT=8609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:05:13 server83 aibolit_wrapper[20249]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665130939136.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626665130940508.txt --log=/tmp/malware_cleaner_log_17626665130941754.txt --progress=/tmp/malware_cleaner_progress_17626665130941418.json --csv_result=/tmp/revisium_csvfile_17626665130941562.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:05:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63353 PROTO=TCP SPT=58181 DPT=4884 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:05:14 server83 dhclient[18185]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x75c1d7fe) Nov 9 11:05:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.221.137.47 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47226 DPT=5002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:05:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13100 DF PROTO=TCP SPT=56667 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:05:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.14.25 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=53255 PROTO=TCP SPT=39282 DPT=8445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:05:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37123 PROTO=TCP SPT=49956 DPT=28368 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:05:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.90 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49785 DPT=48221 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:05:18 server83 aibolit_wrapper[21068]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665186904132.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626665186905500.txt --log=/tmp/malware_cleaner_log_17626665186906992.txt --progress=/tmp/malware_cleaner_progress_17626665186906636.json --csv_result=/tmp/revisium_csvfile_17626665186906800.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61117 SEQ=1 Nov 9 11:05:21 server83 dhclient[18185]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x75c1d7fe) Nov 9 11:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64291 SEQ=1 Nov 9 11:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25554 SEQ=1 Nov 9 11:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20907 SEQ=1 Nov 9 11:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30428 SEQ=1 Nov 9 11:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22365 SEQ=1 Nov 9 11:05:24 server83 aibolit_wrapper[21812]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665246984962.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626665246988144.txt --progress=/tmp/malware_cleaner_progress_17626665246987652.json --csv_result=/tmp/revisium_csvfile_17626665246987912.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:05:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.80.19 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2021 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:05:28 server83 dhclient[18185]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x75c1d7fe) Nov 9 11:05:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:05:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.50.16.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=48253 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:05:30 server83 aibolit_wrapper[22578]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665300064888.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626665300067100.txt --progress=/tmp/malware_cleaner_progress_17626665300066824.json --csv_result=/tmp/revisium_csvfile_17626665300066952.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:05:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8113 SEQ=1 Nov 9 11:05:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32762 SEQ=1 Nov 9 11:05:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35108 SEQ=1 Nov 9 11:05:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28107 SEQ=1 Nov 9 11:05:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=109.236.61.23 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=33056 DPT=1434 LEN=9 Nov 9 11:05:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62175 SEQ=1 Nov 9 11:05:35 server83 aibolit_wrapper[23176]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665353478322.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626665353479788.txt --log=/tmp/malware_cleaner_log_17626665353481610.txt --progress=/tmp/malware_cleaner_progress_17626665353481050.json --csv_result=/tmp/revisium_csvfile_17626665353481302.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:05:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20108 PROTO=TCP SPT=49956 DPT=28270 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:05:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6544 PROTO=TCP SPT=46370 DPT=3092 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:05:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:05:43 server83 dhclient[18185]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x75c1d7fe) Nov 9 11:05:44 server83 NetworkManager[922]: <warn> [1762666544.4471] dhcp4 (eth1): request timed out Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4471] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4630] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 18185 Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4631] dhcp4 (eth1): state changed timeout -> done Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4633] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:05:44 server83 NetworkManager[922]: <warn> [1762666544.4637] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4639] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4672] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4676] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4677] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4680] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4690] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4692] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:05:44 server83 NetworkManager[922]: <info> [1762666544.4705] dhcp4 (eth1): dhclient started with pid 24368 Nov 9 11:05:44 server83 dhclient[24368]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6c3c0d27) Nov 9 11:05:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.ob_iconv_handle: ProactiveModel.Host should not be empty Nov 9 11:05:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:05:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:05:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.119.75.60 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=52441 PROTO=TCP SPT=38020 DPT=990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:05:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=53389 DF PROTO=ICMP TYPE=8 CODE=0 ID=57793 SEQ=20291 Nov 9 11:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9917 SEQ=1 Nov 9 11:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13966 SEQ=1 Nov 9 11:05:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45762 SEQ=1 Nov 9 11:05:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=9792 DF PROTO=ICMP TYPE=8 CODE=0 ID=8343 SEQ=54013 Nov 9 11:05:51 server83 dhclient[24368]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x6c3c0d27) Nov 9 11:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45762 SEQ=1 Nov 9 11:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39881 SEQ=1 Nov 9 11:05:56 server83 aibolit_wrapper[25698]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665566056312.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626665566058058.txt --log=/tmp/malware_cleaner_log_17626665566059824.txt --progress=/tmp/malware_cleaner_progress_17626665566059256.json --csv_result=/tmp/revisium_csvfile_17626665566059516.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:05:57 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 11:06:01 server83 systemd: Started Session 310860 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310861 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310863 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310864 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310862 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310865 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310867 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310866 of user root. Nov 9 11:06:01 server83 systemd: Started Session 310868 of user root. Nov 9 11:06:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43675 SEQ=1 Nov 9 11:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46863 SEQ=1 Nov 9 11:06:04 server83 dhclient[24368]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x6c3c0d27) Nov 9 11:06:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37281 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13624 SEQ=1 Nov 9 11:06:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=8469 PROTO=TCP SPT=50184 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=54095 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45302 SEQ=1 Nov 9 11:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=14908 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=14916 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:06:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=8470 PROTO=TCP SPT=50184 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41978 SEQ=1 Nov 9 11:06:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14491 PROTO=TCP SPT=54870 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=8471 PROTO=TCP SPT=50184 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14492 PROTO=TCP SPT=54870 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14493 PROTO=TCP SPT=54870 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14495 PROTO=TCP SPT=54870 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:06:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:06:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=53447 PROTO=TCP SPT=46360 DPT=36108 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:06:18 server83 aibolit_wrapper[28387]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626665782963700.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626665782965136.txt --log=/tmp/malware_cleaner_log_17626665782966670.txt --progress=/tmp/malware_cleaner_progress_17626665782966240.json --csv_result=/tmp/revisium_csvfile_17626665782966416.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:06:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3672 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:06:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40923 SEQ=1 Nov 9 11:06:20 server83 dhclient[24368]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x6c3c0d27) Nov 9 11:06:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22830 SEQ=1 Nov 9 11:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25252 SEQ=1 Nov 9 11:06:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40923 SEQ=1 Nov 9 11:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25252 SEQ=1 Nov 9 11:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46803 SEQ=1 Nov 9 11:06:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33105 PROTO=TCP SPT=46235 DPT=39974 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:06:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.38.94.38 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=50 ID=10208 PROTO=UDP SPT=9991 DPT=37410 LEN=520 Nov 9 11:06:29 server83 NetworkManager[922]: <warn> [1762666589.4503] dhcp4 (eth1): request timed out Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24368 Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:06:29 server83 NetworkManager[922]: <warn> [1762666589.4589] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4628] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4629] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4632] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4642] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4644] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:06:29 server83 NetworkManager[922]: <info> [1762666589.4656] dhcp4 (eth1): dhclient started with pid 29630 Nov 9 11:06:29 server83 dhclient[29630]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x66af80fd) Nov 9 11:06:33 server83 dhclient[29630]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x66af80fd) Nov 9 11:06:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10915 SEQ=1 Nov 9 11:06:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.142.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=5365 DF PROTO=TCP SPT=45561 DPT=6118 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:06:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14819 SEQ=1 Nov 9 11:06:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17415 SEQ=1 Nov 9 11:06:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45990 SEQ=1 Nov 9 11:06:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=7427 PROTO=TCP SPT=39341 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:06:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:06:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9313 PROTO=TCP SPT=51004 DPT=5567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46435 SEQ=1 Nov 9 11:06:40 server83 aibolit_wrapper[30986]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666005666728.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666005668158.txt --log=/tmp/malware_cleaner_log_17626666005669396.txt --progress=/tmp/malware_cleaner_progress_17626666005669070.json --csv_result=/tmp/revisium_csvfile_17626666005669218.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:06:43 server83 dhclient[29630]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x66af80fd) Nov 9 11:06:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.ibase_pconnection: ProactiveModel.Host should not be empty Nov 9 11:06:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:06:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59581 SEQ=1 Nov 9 11:06:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28453 SEQ=1 Nov 9 11:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27787 SEQ=1 Nov 9 11:06:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:06:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28453 SEQ=1 Nov 9 11:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15111 SEQ=1 Nov 9 11:06:52 server83 aibolit_wrapper[32383]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666122876616.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666122877702.txt --log=/tmp/malware_cleaner_log_17626666122879620.txt --progress=/tmp/malware_cleaner_progress_17626666122879274.json --csv_result=/tmp/revisium_csvfile_17626666122879434.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:06:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15189 SEQ=1 Nov 9 11:06:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51518 SEQ=1 Nov 9 11:06:57 server83 dhclient[29630]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x66af80fd) Nov 9 11:06:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3671 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:07:01 server83 systemd: Started Session 310869 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310871 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310872 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310870 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310873 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310874 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310877 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310875 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310876 of user root. Nov 9 11:07:01 server83 systemd: Started Session 310878 of user root. Nov 9 11:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42857 SEQ=1 Nov 9 11:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21088 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10317 SEQ=1 Nov 9 11:07:06 server83 aibolit_wrapper[2112]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666265395160.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666265396252.txt --log=/tmp/malware_cleaner_log_17626666265397244.txt --progress=/tmp/malware_cleaner_progress_17626666265397036.json --csv_result=/tmp/revisium_csvfile_17626666265397130.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21089 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36868 SEQ=1 Nov 9 11:07:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36524 SEQ=1 Nov 9 11:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=15749 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=15760 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21090 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:09 server83 dhclient[29630]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x66af80fd) Nov 9 11:07:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31405 PROTO=TCP SPT=49956 DPT=29195 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:07:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.155 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=51131 DF PROTO=TCP SPT=53248 DPT=9044 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21091 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.155 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=51132 DF PROTO=TCP SPT=53248 DPT=9044 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:07:14 server83 NetworkManager[922]: <warn> [1762666634.4439] dhcp4 (eth1): request timed out Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4439] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4760] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29630 Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4761] dhcp4 (eth1): state changed timeout -> done Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4763] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:07:14 server83 NetworkManager[922]: <warn> [1762666634.4768] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4771] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4805] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4810] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4812] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4816] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4827] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4830] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:07:14 server83 NetworkManager[922]: <info> [1762666634.4843] dhcp4 (eth1): dhclient started with pid 3164 Nov 9 11:07:14 server83 dhclient[3164]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x13643277) Nov 9 11:07:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.137.147 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=49 ID=55978 DF PROTO=UDP SPT=19308 DPT=19308 LEN=16 Nov 9 11:07:14 server83 aibolit_wrapper[3225]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666348599268.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666348600960.txt --log=/tmp/malware_cleaner_log_17626666348602890.txt --progress=/tmp/malware_cleaner_progress_17626666348602352.json --csv_result=/tmp/revisium_csvfile_17626666348602598.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:07:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.155 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=65398 DF PROTO=TCP SPT=53250 DPT=9044 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:07:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:07:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.155 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=47056 DF PROTO=TCP SPT=42550 DPT=9044 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:07:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28606 PROTO=TCP SPT=52337 DPT=6915 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:07:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=792 SEQ=1 Nov 9 11:07:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33393 SEQ=1 Nov 9 11:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21092 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:22 server83 dhclient[3164]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x13643277) Nov 9 11:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31210 SEQ=1 Nov 9 11:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33393 SEQ=1 Nov 9 11:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40622 SEQ=1 Nov 9 11:07:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.197 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56351 DPT=9626 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:07:29 server83 pam_imunify_daemon.bin: time="2025-11-09T11:07:29+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 11:07:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34317 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:07:31 server83 aibolit_wrapper[5532]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666514366586.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666514369414.txt --log=/tmp/malware_cleaner_log_17626666514371554.txt --progress=/tmp/malware_cleaner_progress_17626666514370978.json --csv_result=/tmp/revisium_csvfile_17626666514371236.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24867 SEQ=1 Nov 9 11:07:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8388 SEQ=1 Nov 9 11:07:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.130 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60658 PROTO=TCP SPT=49622 DPT=18638 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:07:35 server83 dhclient[3164]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x13643277) Nov 9 11:07:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60163 PROTO=TCP SPT=51970 DPT=4639 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49023 SEQ=1 Nov 9 11:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21093 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1022 SEQ=1 Nov 9 11:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12515 SEQ=1 Nov 9 11:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4031 SEQ=1 Nov 9 11:07:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:07:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59063 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59064 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23334 PROTO=TCP SPT=59428 DPT=24201 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:07:41 server83 aibolit_wrapper[6763]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666616229134.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666616230708.txt --log=/tmp/malware_cleaner_log_17626666616232472.txt --progress=/tmp/malware_cleaner_progress_17626666616232066.json --csv_result=/tmp/revisium_csvfile_17626666616232240.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:07:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.190.146.204 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=3732 DF PROTO=TCP SPT=59809 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59065 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.190.146.204 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=3733 DF PROTO=TCP SPT=59809 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:07:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rfind: ProactiveModel.Host should not be empty Nov 9 11:07:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 11:07:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59066 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52923 SEQ=1 Nov 9 11:07:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54722 SEQ=1 Nov 9 11:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19649 SEQ=1 Nov 9 11:07:51 server83 dhclient[3164]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x13643277) Nov 9 11:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58193 SEQ=1 Nov 9 11:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11336 SEQ=1 Nov 9 11:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59067 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:07:57 server83 aibolit_wrapper[8907]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666778574470.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666778575366.txt --log=/tmp/malware_cleaner_log_17626666778576364.txt --progress=/tmp/malware_cleaner_progress_17626666778576100.json --csv_result=/tmp/revisium_csvfile_17626666778576228.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:07:59 server83 NetworkManager[922]: <warn> [1762666679.4493] dhcp4 (eth1): request timed out Nov 9 11:07:59 server83 NetworkManager[922]: <info> [1762666679.4493] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:07:59 server83 NetworkManager[922]: <info> [1762666679.4653] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3164 Nov 9 11:07:59 server83 NetworkManager[922]: <info> [1762666679.4653] dhcp4 (eth1): state changed timeout -> done Nov 9 11:07:59 server83 NetworkManager[922]: <info> [1762666679.4655] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:07:59 server83 NetworkManager[922]: <warn> [1762666679.4659] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:07:59 server83 NetworkManager[922]: <info> [1762666679.4660] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:07:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.168.101.27 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=233 ID=8459 PROTO=TCP SPT=53439 DPT=8005 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:08:01 server83 systemd: Started Session 310879 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310882 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310881 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310883 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310884 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310885 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310880 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310886 of user root. Nov 9 11:08:01 server83 systemd: Started Session 310887 of user root. Nov 9 11:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39993 SEQ=1 Nov 9 11:08:04 server83 aibolit_wrapper[9723]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666841511138.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626666841514656.txt --progress=/tmp/malware_cleaner_progress_17626666841514198.json --csv_result=/tmp/revisium_csvfile_17626666841514390.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:08:04 server83 scripts.sh: Sun Nov 9 11:08:04 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 11:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=4459 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=13177 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63755 SEQ=1 Nov 9 11:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=29501 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=29512 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:08:09 server83 aibolit_wrapper[10321]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626666895551210.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626666895552458.txt --log=/tmp/malware_cleaner_log_17626666895553870.txt --progress=/tmp/malware_cleaner_progress_17626666895553520.json --csv_result=/tmp/revisium_csvfile_17626666895553680.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:08:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21094 DF PROTO=TCP SPT=48586 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59068 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=58233 PROTO=TCP SPT=56033 DPT=7706 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8631 SEQ=1 Nov 9 11:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36503 SEQ=1 Nov 9 11:08:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33376 SEQ=1 Nov 9 11:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33376 SEQ=1 Nov 9 11:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.236 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55420 PROTO=TCP SPT=36351 DPT=17617 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41499 DF PROTO=TCP SPT=59574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 11:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 11:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41500 DF PROTO=TCP SPT=59574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20539 PROTO=TCP SPT=45278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29074 SEQ=1 Nov 9 11:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41501 DF PROTO=TCP SPT=59574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24272 SEQ=1 Nov 9 11:08:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50127 SEQ=1 Nov 9 11:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20540 PROTO=TCP SPT=45278 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:08:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=63032 PROTO=TCP SPT=33163 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:08:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=63034 PROTO=TCP SPT=33163 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:08:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=6633 DF PROTO=TCP SPT=62747 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:08:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=6634 DF PROTO=TCP SPT=62747 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52375 SEQ=1 Nov 9 11:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9832 SEQ=1 Nov 9 11:08:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3670 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:08:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=6635 DF PROTO=TCP SPT=62747 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:08:35 server83 aibolit_wrapper[12745]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667150122272.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667150123860.txt --log=/tmp/malware_cleaner_log_17626667150125110.txt --progress=/tmp/malware_cleaner_progress_17626667150124814.json --csv_result=/tmp/revisium_csvfile_17626667150124940.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41503 DF PROTO=TCP SPT=59574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31553 SEQ=1 Nov 9 11:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62461 SEQ=1 Nov 9 11:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46085 SEQ=1 Nov 9 11:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33392 SEQ=1 Nov 9 11:08:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=6666 DF PROTO=TCP SPT=63812 DPT=8090 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:08:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=6668 DF PROTO=TCP SPT=63812 DPT=8090 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:08:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59069 DF PROTO=TCP SPT=52932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=6669 DF PROTO=TCP SPT=63812 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:08:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:08:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:08:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33094 SEQ=1 Nov 9 11:08:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20122 SEQ=1 Nov 9 11:08:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33094 SEQ=1 Nov 9 11:08:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39882 SEQ=1 Nov 9 11:08:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39882 SEQ=1 Nov 9 11:08:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3677 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=15.235.145.92 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=6670 DF PROTO=TCP SPT=63812 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58626 SEQ=1 Nov 9 11:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41504 DF PROTO=TCP SPT=59574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:08:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58945 SEQ=1 Nov 9 11:08:52 server83 aibolit_wrapper[14288]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667322043336.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667322045118.txt --log=/tmp/malware_cleaner_log_17626667322047328.txt --progress=/tmp/malware_cleaner_progress_17626667322046714.json --csv_result=/tmp/revisium_csvfile_17626667322046992.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:08:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.12 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52730 DPT=9252 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:08:57 server83 aibolit_wrapper[14797]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667374250906.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667374256978.txt --log=/tmp/malware_cleaner_log_17626667374259716.txt --progress=/tmp/malware_cleaner_progress_17626667374258582.json --csv_result=/tmp/revisium_csvfile_17626667374259506.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:08:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.29 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53200 DPT=48500 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:08:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3669 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:09:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.46 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54218 DPT=1000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:09:01 server83 systemd: Started Session 310888 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310889 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310890 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310891 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310893 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310892 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310894 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310895 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310896 of user root. Nov 9 11:09:01 server83 systemd: Started Session 310897 of user root. Nov 9 11:09:03 server83 aibolit_wrapper[15432]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667430264090.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626667430267784.txt --progress=/tmp/malware_cleaner_progress_17626667430267382.json --csv_result=/tmp/revisium_csvfile_17626667430267560.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3668 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:09:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:09:05 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:09:05 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54503 PROTO=TCP SPT=45597 DPT=4893 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31195 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21356 SEQ=1 Nov 9 11:09:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6950 SEQ=1 Nov 9 11:09:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40786 SEQ=1 Nov 9 11:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17693 SEQ=1 Nov 9 11:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31196 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17693 SEQ=1 Nov 9 11:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14995 PROTO=TCP SPT=42332 DPT=8233 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31197 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:13 server83 aibolit_wrapper[16629]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667535035812.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667535036802.txt --log=/tmp/malware_cleaner_log_17626667535037722.txt --progress=/tmp/malware_cleaner_progress_17626667535037466.json --csv_result=/tmp/revisium_csvfile_17626667535037572.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31198 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9514 PROTO=TCP SPT=34279 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26928 SEQ=1 Nov 9 11:09:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9515 PROTO=TCP SPT=34279 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8192 PROTO=TCP SPT=39581 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54372 PROTO=TCP SPT=49466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9516 PROTO=TCP SPT=34279 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40948 SEQ=1 Nov 9 11:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2816 SEQ=1 Nov 9 11:09:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54374 PROTO=TCP SPT=49466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:22 server83 aibolit_wrapper[17530]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667621354046.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667621355400.txt --log=/tmp/malware_cleaner_log_17626667621356570.txt --progress=/tmp/malware_cleaner_progress_17626667621356242.json --csv_result=/tmp/revisium_csvfile_17626667621356380.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54376 PROTO=TCP SPT=49466 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:09:23 server83 PAM-hulk[17564]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 11:09:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41473 SEQ=1 Nov 9 11:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41505 DF PROTO=TCP SPT=59574 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.128 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=7572 PROTO=TCP SPT=48136 DPT=20184 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:09:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.57 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50947 DPT=47885 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:09:31 server83 aibolit_wrapper[18451]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667716429694.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667716431056.txt --log=/tmp/malware_cleaner_log_17626667716432032.txt --progress=/tmp/malware_cleaner_progress_17626667716431778.json --csv_result=/tmp/revisium_csvfile_17626667716431890.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:36 server83 aibolit_wrapper[18947]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667768045082.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667768046902.txt --log=/tmp/malware_cleaner_log_17626667768048502.txt --progress=/tmp/malware_cleaner_progress_17626667768048076.json --csv_result=/tmp/revisium_csvfile_17626667768048258.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35260 SEQ=1 Nov 9 11:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42774 SEQ=1 Nov 9 11:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31200 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19109 SEQ=1 Nov 9 11:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.89 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=48985 DF PROTO=TCP SPT=29064 DPT=8015 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42774 SEQ=1 Nov 9 11:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34836 SEQ=1 Nov 9 11:09:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54315 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:41 server83 aibolit_wrapper[19394]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667811390664.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667811392068.txt --log=/tmp/malware_cleaner_log_17626667811393792.txt --progress=/tmp/malware_cleaner_progress_17626667811393392.json --csv_result=/tmp/revisium_csvfile_17626667811393606.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54316 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54317 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3676 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:09:44 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 11:09:45 server83 aibolit_wrapper[19816]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667854373978.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667854375028.txt --log=/tmp/malware_cleaner_log_17626667854376050.txt --progress=/tmp/malware_cleaner_progress_17626667854375772.json --csv_result=/tmp/revisium_csvfile_17626667854375902.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 11:09:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:09:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.center: ProactiveModel.Host should not be empty Nov 9 11:09:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:09:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3675 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:09:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26567 SEQ=1 Nov 9 11:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54318 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37023 SEQ=1 Nov 9 11:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17087 SEQ=1 Nov 9 11:09:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41125 SEQ=1 Nov 9 11:09:49 server83 aibolit_wrapper[20245]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667898090640.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667898093420.txt --log=/tmp/malware_cleaner_log_17626667898095786.txt --progress=/tmp/malware_cleaner_progress_17626667898095344.json --csv_result=/tmp/revisium_csvfile_17626667898095560.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9026 SEQ=1 Nov 9 11:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3653 SEQ=1 Nov 9 11:09:55 server83 aibolit_wrapper[20719]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626667950724562.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626667950725396.txt --log=/tmp/malware_cleaner_log_17626667950726388.txt --progress=/tmp/malware_cleaner_progress_17626667950726190.json --csv_result=/tmp/revisium_csvfile_17626667950726294.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:09:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.124 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=46622 DPT=2600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54319 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:09:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.82.77.139 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=115 ID=64361 PROTO=TCP SPT=18438 DPT=1023 WINDOW=50527 RES=0x00 SYN URGP=0 Nov 9 11:09:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:10:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.193 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=31191 PROTO=TCP SPT=53904 DPT=34431 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:10:01 server83 aibolit_wrapper[21268]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668010264084.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626668010266500.txt --progress=/tmp/malware_cleaner_progress_17626668010266204.json --csv_result=/tmp/revisium_csvfile_17626668010266344.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4245 SEQ=1 Nov 9 11:10:01 server83 systemd: Started Session 310901 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310898 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310902 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310900 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310899 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310903 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310904 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310905 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310906 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310907 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310908 of user root. Nov 9 11:10:01 server83 systemd: Started Session 310909 of user root. Nov 9 11:10:02 server83 systemd: Started Session 310910 of user root. Nov 9 11:10:02 server83 systemd: Started Session 310912 of user root. Nov 9 11:10:02 server83 systemd: Started Session 310913 of user root. Nov 9 11:10:02 server83 systemd: Started Session 310911 of user root. Nov 9 11:10:02 server83 systemd: Started Session 310915 of user root. Nov 9 11:10:02 server83 systemd: Started Session 310914 of user root. Nov 9 11:10:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57527 PROTO=TCP SPT=45940 DPT=9087 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17746 SEQ=1 Nov 9 11:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9985 SEQ=1 Nov 9 11:10:06 server83 aibolit_wrapper[21997]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668064023536.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668064024930.txt --log=/tmp/malware_cleaner_log_17626668064027024.txt --progress=/tmp/malware_cleaner_progress_17626668064026464.json --csv_result=/tmp/revisium_csvfile_17626668064026742.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=72 SEQ=1 Nov 9 11:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=6036 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=30221 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=6043 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:10:10 server83 aibolit_wrapper[22400]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668105875702.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668105876880.txt --log=/tmp/malware_cleaner_log_17626668105878100.txt --progress=/tmp/malware_cleaner_progress_17626668105877790.json --csv_result=/tmp/revisium_csvfile_17626668105877932.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=31201 DF PROTO=TCP SPT=44346 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54320 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43585 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:10:12 server83 systemd: Started Session c2871 of user root. Nov 9 11:10:13 server83 scripts.sh: Load Average: 3.73 , 3.60 Nov 9 11:10:13 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:10:13 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:10:13 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:10:13 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:10:13 server83 scripts.sh: MySQL Status: active Nov 9 11:10:13 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:10:13 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:10:13 server83 scripts.sh: SSHD Status: active Nov 9 11:10:13 server83 scripts.sh: FTP Status: active Nov 9 11:10:13 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:10:13 server83 scripts.sh: Imunify Status: Active Nov 9 11:10:13 server83 scripts.sh: cPanel Status: active Nov 9 11:10:13 server83 scripts.sh: Memory Status: 12/31 GB - 38.44% Nov 9 11:10:13 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:10:13 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:10:13 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:10:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.157 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=43533 PROTO=TCP SPT=11271 DPT=1801 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:10:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13101 DF PROTO=TCP SPT=62639 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:10:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13102 DF PROTO=TCP SPT=62639 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:10:16 server83 aibolit_wrapper[23048]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668168449214.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626668168450844.txt --progress=/tmp/malware_cleaner_progress_17626668168450630.json --csv_result=/tmp/revisium_csvfile_17626668168450728.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.219 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=33468 DF PROTO=TCP SPT=39716 DPT=32400 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=208 SEQ=1 Nov 9 11:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30966 SEQ=1 Nov 9 11:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64757 SEQ=1 Nov 9 11:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61145 SEQ=1 Nov 9 11:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53653 DF PROTO=TCP SPT=57234 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13104 DF PROTO=TCP SPT=62639 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53654 DF PROTO=TCP SPT=57234 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5361 SEQ=1 Nov 9 11:10:22 server83 aibolit_wrapper[23607]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668223109006.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668223110524.txt --log=/tmp/malware_cleaner_log_17626668223112304.txt --progress=/tmp/malware_cleaner_progress_17626668223111834.json --csv_result=/tmp/revisium_csvfile_17626668223112066.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13106 DF PROTO=TCP SPT=62899 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:10:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.61 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=UDP SPT=51708 DPT=11434 LEN=9 Nov 9 11:10:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13107 DF PROTO=TCP SPT=62899 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:10:26 server83 aibolit_wrapper[24044]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668265965094.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668265966304.txt --log=/tmp/malware_cleaner_log_17626668265967540.txt --progress=/tmp/malware_cleaner_progress_17626668265967234.json --csv_result=/tmp/revisium_csvfile_17626668265967386.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=31.57.147.52 DST=145.239.177.179 LEN=299 TOS=0x00 PREC=0x00 TTL=113 ID=58775 PROTO=UDP SPT=58579 DPT=5060 LEN=279 Nov 9 11:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53656 DF PROTO=TCP SPT=57234 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10011 PROTO=TCP SPT=56949 DPT=8514 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:10:30 server83 aibolit_wrapper[24447]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668307490972.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668307491892.txt --log=/tmp/malware_cleaner_log_17626668307492960.txt --progress=/tmp/malware_cleaner_progress_17626668307492752.json --csv_result=/tmp/revisium_csvfile_17626668307492840.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6489 SEQ=1 Nov 9 11:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26982 SEQ=1 Nov 9 11:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26588 SEQ=1 Nov 9 11:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26588 SEQ=1 Nov 9 11:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51601 SEQ=1 Nov 9 11:10:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3674 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53657 DF PROTO=TCP SPT=57234 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42933 SEQ=1 Nov 9 11:10:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13110 DF PROTO=TCP SPT=62899 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33039 SEQ=1 Nov 9 11:10:39 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:10:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17969 PROTO=TCP SPT=49956 DPT=26105 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:10:45 server83 aibolit_wrapper[25874]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668458392358.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668458394042.txt --log=/tmp/malware_cleaner_log_17626668458395540.txt --progress=/tmp/malware_cleaner_progress_17626668458395152.json --csv_result=/tmp/revisium_csvfile_17626668458395338.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:10:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54321 DF PROTO=TCP SPT=44674 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:10:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.internal: ProactiveModel.Host should not be empty Nov 9 11:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:10:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35035 SEQ=1 Nov 9 11:10:51 server83 aibolit_wrapper[26515]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668515121788.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668515122870.txt --log=/tmp/malware_cleaner_log_17626668515124084.txt --progress=/tmp/malware_cleaner_progress_17626668515123776.json --csv_result=/tmp/revisium_csvfile_17626668515123926.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=42.231.78.245 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=14275 DF PROTO=TCP SPT=44232 DPT=8181 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 11:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53658 DF PROTO=TCP SPT=57234 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=42.231.78.245 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=14276 DF PROTO=TCP SPT=44232 DPT=8181 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 11:10:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64167 SEQ=1 Nov 9 11:10:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64878 SEQ=1 Nov 9 11:10:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24955 SEQ=1 Nov 9 11:10:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52321 PROTO=TCP SPT=60108 DPT=7032 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:10:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64878 SEQ=1 Nov 9 11:10:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=42.231.78.245 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=14277 DF PROTO=TCP SPT=44232 DPT=8181 WINDOW=29040 RES=0x00 SYN URGP=0 Nov 9 11:10:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20433 PROTO=TCP SPT=46370 DPT=3214 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13111 DF PROTO=TCP SPT=63839 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:01 server83 systemd: Started Session 310917 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310919 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310918 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310916 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310920 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310921 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310923 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310922 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310924 of user root. Nov 9 11:11:01 server83 systemd: Started Session 310925 of user root. Nov 9 11:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:11:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13112 DF PROTO=TCP SPT=63839 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.94 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50837 DPT=427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13113 DF PROTO=TCP SPT=63839 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19604 PROTO=TCP SPT=35888 DPT=9279 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46084 SEQ=1 Nov 9 11:11:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:11:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:11:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:11:05 server83 aibolit_wrapper[28295]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668657669876.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668657673692.txt --log=/tmp/malware_cleaner_log_17626668657675708.txt --progress=/tmp/malware_cleaner_progress_17626668657675232.json --csv_result=/tmp/revisium_csvfile_17626668657675454.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23924 SEQ=1 Nov 9 11:11:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.94.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=44139 DPT=1718 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13114 DF PROTO=TCP SPT=63839 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23924 SEQ=1 Nov 9 11:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6963 SEQ=1 Nov 9 11:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=63501 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=63510 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61908 DF PROTO=TCP SPT=51174 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13115 DF PROTO=TCP SPT=64054 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61909 DF PROTO=TCP SPT=51174 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13116 DF PROTO=TCP SPT=64054 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:11 server83 aibolit_wrapper[28944]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668713666750.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668713667880.txt --log=/tmp/malware_cleaner_log_17626668713669138.txt --progress=/tmp/malware_cleaner_progress_17626668713668768.json --csv_result=/tmp/revisium_csvfile_17626668713668944.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61910 DF PROTO=TCP SPT=51174 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13118 DF PROTO=TCP SPT=63839 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34917 PROTO=TCP SPT=42111 DPT=2555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.29.56.247 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=55107 DPT=10443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35144 SEQ=1 Nov 9 11:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35144 SEQ=1 Nov 9 11:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8430 SEQ=1 Nov 9 11:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21981 SEQ=1 Nov 9 11:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21981 SEQ=1 Nov 9 11:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=10322 DF PROTO=ICMP TYPE=8 CODE=0 ID=3209 SEQ=61321 Nov 9 11:11:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5555 SEQ=1 Nov 9 11:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13120 DF PROTO=TCP SPT=64054 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61912 DF PROTO=TCP SPT=51174 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:25 server83 aibolit_wrapper[29687]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668851930398.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668851931534.txt --log=/tmp/malware_cleaner_log_17626668851932766.txt --progress=/tmp/malware_cleaner_progress_17626668851932494.json --csv_result=/tmp/revisium_csvfile_17626668851932618.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53659 DF PROTO=TCP SPT=57234 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9295 PROTO=TCP SPT=46235 DPT=44526 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:25 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:11:25 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:11:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59628 PROTO=TCP SPT=46370 DPT=1713 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:11:31 server83 aibolit_wrapper[29894]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668914461852.txt --input-fn-b64-encoded --username=maars --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668914463404.txt --log=/tmp/malware_cleaner_log_17626668914464930.txt --progress=/tmp/malware_cleaner_progress_17626668914464538.json --csv_result=/tmp/revisium_csvfile_17626668914464744.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:32 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.92 DST=145.239.177.179 LEN=46 TOS=0x00 PREC=0x00 TTL=34 ID=56348 PROTO=UDP SPT=6781 DPT=10001 LEN=26 Nov 9 11:11:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=63503 PROTO=TCP SPT=46360 DPT=16526 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:11:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.110 DST=51.210.113.204 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=14442 PROTO=UDP SPT=52415 DPT=7785 LEN=17 Nov 9 11:11:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17526 PROTO=TCP SPT=45727 DPT=31729 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:36 server83 aibolit_wrapper[30040]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626668969227690.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626668969228994.txt --log=/tmp/malware_cleaner_log_17626668969230394.txt --progress=/tmp/malware_cleaner_progress_17626668969230028.json --csv_result=/tmp/revisium_csvfile_17626668969230194.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65145 PROTO=TCP SPT=45727 DPT=32887 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.90 DST=145.239.177.179 LEN=49 TOS=0x00 PREC=0x00 TTL=45 ID=4095 DF PROTO=UDP SPT=63642 DPT=5683 LEN=29 Nov 9 11:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56629 SEQ=1 Nov 9 11:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25491 SEQ=1 Nov 9 11:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36316 SEQ=1 Nov 9 11:11:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29521 SEQ=1 Nov 9 11:11:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61913 DF PROTO=TCP SPT=51174 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.94 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51195 DPT=45846 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43362 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:43 server83 aibolit_wrapper[30217]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669031508582.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669031509774.txt --log=/tmp/malware_cleaner_log_17626669031510620.txt --progress=/tmp/malware_cleaner_progress_17626669031510384.json --csv_result=/tmp/revisium_csvfile_17626669031510482.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22869 PROTO=TCP SPT=33251 DPT=5703 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43363 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43364 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.ibase_pconnection: ProactiveModel.Host should not be empty Nov 9 11:11:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 11:11:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:11:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:11:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57502 DPT=1 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:47 server83 pam_imunify_daemon.bin: time="2025-11-09T11:11:47+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 11:11:49 server83 aibolit_wrapper[30398]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669094603408.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669094604714.txt --log=/tmp/malware_cleaner_log_17626669094605744.txt --progress=/tmp/malware_cleaner_progress_17626669094605460.json --csv_result=/tmp/revisium_csvfile_17626669094605596.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:11:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.133 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55254 DPT=19090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43365 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:11:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23534 SEQ=1 Nov 9 11:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16806 SEQ=1 Nov 9 11:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16806 SEQ=1 Nov 9 11:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53359 SEQ=1 Nov 9 11:11:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14593 SEQ=1 Nov 9 11:11:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46062 SEQ=1 Nov 9 11:11:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=3546 PROTO=TCP SPT=46854 DPT=8181 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:11:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.133 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=27322 PROTO=TCP SPT=47297 DPT=8023 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43366 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:01 server83 systemd: Started Session 310928 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310927 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310926 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310929 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310930 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310931 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310933 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310932 of user root. Nov 9 11:12:01 server83 systemd: Started Session 310934 of user root. Nov 9 11:12:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2806 SEQ=1 Nov 9 11:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48526 SEQ=1 Nov 9 11:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6320 SEQ=1 Nov 9 11:12:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15778 SEQ=1 Nov 9 11:12:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6320 SEQ=1 Nov 9 11:12:07 server83 aibolit_wrapper[30889]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669270489276.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669270490432.txt --log=/tmp/malware_cleaner_log_17626669270491434.txt --progress=/tmp/malware_cleaner_progress_17626669270491186.json --csv_result=/tmp/revisium_csvfile_17626669270491294.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20932 SEQ=1 Nov 9 11:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3859 SEQ=1 Nov 9 11:12:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43598 PROTO=TCP SPT=53498 DPT=8642 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43367 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=61914 DF PROTO=TCP SPT=51174 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42810 PROTO=TCP SPT=46370 DPT=2521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:12:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.235.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=34354 DPT=3443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:12:18 server83 aibolit_wrapper[31123]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669382199162.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669382200398.txt --log=/tmp/malware_cleaner_log_17626669382201398.txt --progress=/tmp/malware_cleaner_progress_17626669382201152.json --csv_result=/tmp/revisium_csvfile_17626669382201254.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.24.237.173 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28996 PROTO=TCP SPT=42901 DPT=14588 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14321 SEQ=1 Nov 9 11:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8035 SEQ=1 Nov 9 11:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7431 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9808 SEQ=1 Nov 9 11:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3803 SEQ=1 Nov 9 11:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13401 SEQ=1 Nov 9 11:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7432 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:24 server83 aibolit_wrapper[31263]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669444825260.txt --input-fn-b64-encoded --username=maars --report-hashes --log=/tmp/malware_cleaner_log_17626669444828610.txt --progress=/tmp/malware_cleaner_progress_17626669444828158.json --csv_result=/tmp/revisium_csvfile_17626669444828346.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7433 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:12:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.229 DST=145.239.177.179 LEN=113 TOS=0x00 PREC=0x00 TTL=45 ID=44504 DF PROTO=UDP SPT=58402 DPT=161 LEN=93 Nov 9 11:12:30 server83 aibolit_wrapper[31480]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669500612380.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669500613220.txt --log=/tmp/malware_cleaner_log_17626669500614360.txt --progress=/tmp/malware_cleaner_progress_17626669500613976.json --csv_result=/tmp/revisium_csvfile_17626669500614140.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33920 PROTO=TCP SPT=56251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7434 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33921 PROTO=TCP SPT=56251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34464 PROTO=TCP SPT=46902 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33922 PROTO=TCP SPT=56251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34465 PROTO=TCP SPT=46902 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34466 PROTO=TCP SPT=46902 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33924 PROTO=TCP SPT=56251 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.55 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54903 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=34357 PROTO=TCP SPT=60552 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34467 PROTO=TCP SPT=46902 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:35 server83 aibolit_wrapper[31754]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669558599252.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669558600214.txt --log=/tmp/malware_cleaner_log_17626669558601350.txt --progress=/tmp/malware_cleaner_progress_17626669558601046.json --csv_result=/tmp/revisium_csvfile_17626669558601186.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34468 PROTO=TCP SPT=46902 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6509 SEQ=1 Nov 9 11:12:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24457 SEQ=1 Nov 9 11:12:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35484 SEQ=1 Nov 9 11:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7435 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63497 SEQ=1 Nov 9 11:12:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45618 SEQ=1 Nov 9 11:12:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:12:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=9098 PROTO=TCP SPT=49405 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:12:41 server83 aibolit_wrapper[31931]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669614196608.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669614197698.txt --log=/tmp/malware_cleaner_log_17626669614198844.txt --progress=/tmp/malware_cleaner_progress_17626669614198542.json --csv_result=/tmp/revisium_csvfile_17626669614198688.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.ob_iconv_handle: ProactiveModel.Host should not be empty Nov 9 11:12:46 server83 imunify360-php-daemon[734]: /home2/maars/public_html/wp-content/plugins/empik-for-woocommerce/src/Offer/Settings.php: ProactiveModel.Host should not be empty Nov 9 11:12:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.center: ProactiveModel.Host should not be empty Nov 9 11:12:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43368 DF PROTO=TCP SPT=57904 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25046 SEQ=1 Nov 9 11:12:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.29 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52276 DPT=7998 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:12:50 server83 aibolit_wrapper[32175]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669707708992.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669707710590.txt --log=/tmp/malware_cleaner_log_17626669707711980.txt --progress=/tmp/malware_cleaner_progress_17626669707711614.json --csv_result=/tmp/revisium_csvfile_17626669707711776.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23805 SEQ=1 Nov 9 11:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25046 SEQ=1 Nov 9 11:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64612 SEQ=1 Nov 9 11:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62801 SEQ=1 Nov 9 11:12:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7442 SEQ=1 Nov 9 11:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.16 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=61784 PROTO=TCP SPT=26200 DPT=9116 WINDOW=64265 RES=0x00 SYN URGP=0 Nov 9 11:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7436 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:12:57 server83 aibolit_wrapper[32374]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669770875422.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669770877026.txt --log=/tmp/malware_cleaner_log_17626669770878484.txt --progress=/tmp/malware_cleaner_progress_17626669770878084.json --csv_result=/tmp/revisium_csvfile_17626669770878258.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:12:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4377] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4381] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4382] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4385] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4395] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4397] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:12:59 server83 NetworkManager[922]: <info> [1762666979.4410] dhcp4 (eth1): dhclient started with pid 32449 Nov 9 11:12:59 server83 dhclient[32449]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x4c1e83c9) Nov 9 11:13:01 server83 systemd: Started Session 310935 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310938 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310937 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310936 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310939 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310941 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310940 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310942 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310943 of user root. Nov 9 11:13:01 server83 systemd: Started Session 310944 of user root. Nov 9 11:13:01 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 11:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=53766 PROTO=TCP SPT=27741 DPT=40079 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:13:03 server83 dhclient[32449]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4c1e83c9) Nov 9 11:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35437 SEQ=1 Nov 9 11:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14771 SEQ=1 Nov 9 11:13:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.4 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=58735 PROTO=TCP SPT=26200 DPT=4080 WINDOW=36102 RES=0x00 SYN URGP=0 Nov 9 11:13:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=58208 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:13:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=53193 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:13:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=53196 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:13:08 server83 dhclient[32449]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x4c1e83c9) Nov 9 11:13:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16967 SEQ=1 Nov 9 11:13:09 server83 aibolit_wrapper[453]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669894386994.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669894388042.txt --log=/tmp/malware_cleaner_log_17626669894388966.txt --progress=/tmp/malware_cleaner_progress_17626669894388712.json --csv_result=/tmp/revisium_csvfile_17626669894388826.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.167 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=33955 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3667 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27026 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27027 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27028 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:16 server83 aibolit_wrapper[724]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626669961417280.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626669961418356.txt --log=/tmp/malware_cleaner_log_17626669961419224.txt --progress=/tmp/malware_cleaner_progress_17626669961418984.json --csv_result=/tmp/revisium_csvfile_17626669961419094.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:13:16 server83 dhclient[32449]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x4c1e83c9) Nov 9 11:13:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27029 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44901 SEQ=1 Nov 9 11:13:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2462 SEQ=1 Nov 9 11:13:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24114 SEQ=1 Nov 9 11:13:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59351 PROTO=TCP SPT=49956 DPT=28705 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:13:20 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 11:13:20 server83 systemd: Stopped Status Update Service. Nov 9 11:13:20 server83 systemd: Started Status Update Service. Nov 9 11:13:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9783 SEQ=1 Nov 9 11:13:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.67 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53898 DPT=10071 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:23 server83 aibolit_wrapper[946]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670032093418.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --log=/tmp/malware_cleaner_log_17626670032097092.txt --progress=/tmp/malware_cleaner_progress_17626670032096530.json --csv_result=/tmp/revisium_csvfile_17626670032096818.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2528 SEQ=1 Nov 9 11:13:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7051 SEQ=1 Nov 9 11:13:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2528 SEQ=1 Nov 9 11:13:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47025 PROTO=TCP SPT=53120 DPT=2446 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27030 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.92 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52742 DPT=5903 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7437 DF PROTO=TCP SPT=46506 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:28 server83 aibolit_wrapper[1151]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670085037236.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670085038700.txt --log=/tmp/malware_cleaner_log_17626670085040546.txt --progress=/tmp/malware_cleaner_progress_17626670085040036.json --csv_result=/tmp/revisium_csvfile_17626670085040262.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5795 SEQ=1 Nov 9 11:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58870 SEQ=1 Nov 9 11:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9426 SEQ=1 Nov 9 11:13:37 server83 dhclient[32449]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x4c1e83c9) Nov 9 11:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32151 SEQ=1 Nov 9 11:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58870 SEQ=1 Nov 9 11:13:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60561 DPT=3127 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63945 SEQ=1 Nov 9 11:13:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:13:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:13:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.92.27.179 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39126 DPT=3080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27031 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3093 PROTO=TCP SPT=45727 DPT=33190 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:13:44 server83 NetworkManager[922]: <warn> [1762667024.4503] dhcp4 (eth1): request timed out Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4662] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32449 Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4662] dhcp4 (eth1): state changed timeout -> done Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4664] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:13:44 server83 NetworkManager[922]: <warn> [1762667024.4666] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4667] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4694] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4696] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4697] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4698] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4707] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4708] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:13:44 server83 NetworkManager[922]: <info> [1762667024.4717] dhcp4 (eth1): dhclient started with pid 1713 Nov 9 11:13:44 server83 dhclient[1713]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x40642bec) Nov 9 11:13:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.89 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50211 DPT=6262 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:45 server83 aibolit_wrapper[1747]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670256885574.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670256887774.txt --log=/tmp/malware_cleaner_log_17626670256890126.txt --progress=/tmp/malware_cleaner_progress_17626670256889444.json --csv_result=/tmp/revisium_csvfile_17626670256889736.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:13:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10476 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:46 server83 imunify360-php-daemon[734]: /home2/loadingramp/public_html/wp-content/plugins/b-social-share/assets/css/.accept: ProactiveModel.Host should not be empty Nov 9 11:13:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.db2_convert: ProactiveModel.Host should not be empty Nov 9 11:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10477 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=26275 PROTO=TCP SPT=46854 DPT=8181 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10478 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4699 SEQ=1 Nov 9 11:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44337 SEQ=1 Nov 9 11:13:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43520 SEQ=1 Nov 9 11:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43520 SEQ=1 Nov 9 11:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25117 SEQ=1 Nov 9 11:13:52 server83 dhclient[1713]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x40642bec) Nov 9 11:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10479 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:13:53 server83 aibolit_wrapper[1863]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670333031482.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670333032752.txt --log=/tmp/malware_cleaner_log_17626670333034368.txt --progress=/tmp/malware_cleaner_progress_17626670333033984.json --csv_result=/tmp/revisium_csvfile_17626670333034148.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3673 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:13:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40652 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:13:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.34 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=31858 PROTO=TCP SPT=13174 DPT=16189 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10480 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:14:01 server83 systemd: Started Session 310945 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310946 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310947 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310948 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310949 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310950 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310951 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310953 of user root. Nov 9 11:14:01 server83 systemd: Started Session 310952 of user root. Nov 9 11:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:14:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41231 SEQ=1 Nov 9 11:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61184 SEQ=1 Nov 9 11:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41231 SEQ=1 Nov 9 11:14:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.20.92 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=41876 DPT=830 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:14:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56828 DPT=9072 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:14:05 server83 aibolit_wrapper[2209]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670455178956.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670455180226.txt --log=/tmp/malware_cleaner_log_17626670455181190.txt --progress=/tmp/malware_cleaner_progress_17626670455180962.json --csv_result=/tmp/revisium_csvfile_17626670455181058.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:14:06 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:14:06 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:14:06 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:14:06 server83 dhclient[1713]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x40642bec) Nov 9 11:14:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55935 SEQ=1 Nov 9 11:14:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56326 SEQ=1 Nov 9 11:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=18842 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=64157 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=18847 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:14:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.7.10 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=41946 DPT=4545 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:14:10 server83 aibolit_wrapper[2410]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670507057152.txt --input-fn-b64-encoded --username=loadingramp --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670507058644.txt --log=/tmp/malware_cleaner_log_17626670507059974.txt --progress=/tmp/malware_cleaner_progress_17626670507059662.json --csv_result=/tmp/revisium_csvfile_17626670507059782.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:14:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3665 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:14:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.120 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4462 DF PROTO=TCP SPT=37572 DPT=2888 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3666 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.174 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=36229 PROTO=TCP SPT=55691 DPT=593 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27032 DF PROTO=TCP SPT=42064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10481 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.7 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=1317 DF PROTO=TCP SPT=7237 DPT=9469 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:14:18 server83 dhclient[1713]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x40642bec) Nov 9 11:14:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.66.5 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=23978 PROTO=TCP SPT=46783 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:14:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17506 SEQ=1 Nov 9 11:14:20 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.144.234.132 DST=51.210.113.204 LEN=54 TOS=0x08 PREC=0x20 TTL=46 ID=32843 DF PROTO=UDP SPT=8701 DPT=1027 LEN=34 Nov 9 11:14:21 server83 pam_imunify_daemon.bin: time="2025-11-09T11:14:21+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 11:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46376 SEQ=1 Nov 9 11:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=116.204.46.67 DST=51.210.113.204 LEN=54 TOS=0x00 PREC=0x00 TTL=41 ID=37551 DF PROTO=ICMP TYPE=8 CODE=0 ID=3219 SEQ=61150 Nov 9 11:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23621 SEQ=1 Nov 9 11:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46376 SEQ=1 Nov 9 11:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29565 SEQ=1 Nov 9 11:14:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=37.221.215.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=26492 PROTO=TCP SPT=45875 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:14:25 server83 aibolit_wrapper[2657]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670653400600.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670653402066.txt --log=/tmp/malware_cleaner_log_17626670653403750.txt --progress=/tmp/malware_cleaner_progress_17626670653403320.json --csv_result=/tmp/revisium_csvfile_17626670653403494.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8329 DF PROTO=TCP SPT=60090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:26 server83 dhclient[1713]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x40642bec) Nov 9 11:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8330 DF PROTO=TCP SPT=60090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8331 DF PROTO=TCP SPT=60090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.32 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=24812 PROTO=TCP SPT=41878 DPT=3080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:14:29 server83 NetworkManager[922]: <warn> [1762667069.4514] dhcp4 (eth1): request timed out Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1713 Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:14:29 server83 NetworkManager[922]: <warn> [1762667069.4598] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4600] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4631] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4635] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4636] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4640] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4650] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4652] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:14:29 server83 NetworkManager[922]: <info> [1762667069.4664] dhcp4 (eth1): dhclient started with pid 2732 Nov 9 11:14:29 server83 dhclient[2732]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x14ba90cb) Nov 9 11:14:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56476 PROTO=TCP SPT=45727 DPT=32693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=47167 PROTO=TCP SPT=33504 DPT=3080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:14:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18856 SEQ=1 Nov 9 11:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43529 SEQ=1 Nov 9 11:14:36 server83 dhclient[2732]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x14ba90cb) Nov 9 11:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31697 SEQ=1 Nov 9 11:14:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32970 SEQ=1 Nov 9 11:14:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1978 PROTO=TCP SPT=45727 DPT=33645 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4406 SEQ=1 Nov 9 11:14:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8333 DF PROTO=TCP SPT=60090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:43 server83 aibolit_wrapper[3042]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670834735920.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626670834737768.txt --log=/tmp/malware_cleaner_log_17626670834739872.txt --progress=/tmp/malware_cleaner_progress_17626670834739328.json --csv_result=/tmp/revisium_csvfile_17626670834739568.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:14:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.127.14 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=13958 PROTO=TCP SPT=49420 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:14:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:14:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.uconvert: ProactiveModel.Host should not be empty Nov 9 11:14:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 11:14:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40578 SEQ=1 Nov 9 11:14:49 server83 aibolit_wrapper[3232]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626670897487206.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626670897490228.txt --progress=/tmp/malware_cleaner_progress_17626670897489844.json --csv_result=/tmp/revisium_csvfile_17626670897490024.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:14:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58670 SEQ=1 Nov 9 11:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10482 DF PROTO=TCP SPT=33720 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:14:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51995 SEQ=1 Nov 9 11:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51995 SEQ=1 Nov 9 11:14:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24222 SEQ=1 Nov 9 11:14:55 server83 dhclient[2732]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x14ba90cb) Nov 9 11:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8334 DF PROTO=TCP SPT=60090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=36371 PROTO=TCP SPT=45672 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39145 SEQ=1 Nov 9 11:15:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=36372 PROTO=TCP SPT=45672 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:01 server83 systemd: Started Session 310955 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310956 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310954 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310957 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310958 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310959 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310960 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310961 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310965 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310964 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310966 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310962 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310967 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310963 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310968 of user root. Nov 9 11:15:01 server83 systemd: Started Session 310969 of user root. Nov 9 11:15:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 11:15:01 server83 systemd: Started Session 310970 of user sanatanhinduvahi. Nov 9 11:15:01 server83 systemd: Started Session 310971 of user root. Nov 9 11:15:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44448 SEQ=1 Nov 9 11:15:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 11:15:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3664 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:15:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33313 PROTO=TCP SPT=38002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=36373 PROTO=TCP SPT=45672 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33314 PROTO=TCP SPT=38002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33315 PROTO=TCP SPT=38002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=36375 PROTO=TCP SPT=45672 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33316 PROTO=TCP SPT=38002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33317 PROTO=TCP SPT=38002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2161 SEQ=1 Nov 9 11:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50327 SEQ=1 Nov 9 11:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43084 SEQ=1 Nov 9 11:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=37752 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=37756 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:15:11 server83 dhclient[2732]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x14ba90cb) Nov 9 11:15:14 server83 NetworkManager[922]: <warn> [1762667114.4403] dhcp4 (eth1): request timed out Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4403] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4482] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2732 Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4482] dhcp4 (eth1): state changed timeout -> done Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4484] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:15:14 server83 NetworkManager[922]: <warn> [1762667114.4487] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4488] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4517] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4519] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4520] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4522] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4530] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4531] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:15:14 server83 NetworkManager[922]: <info> [1762667114.4543] dhcp4 (eth1): dhclient started with pid 4283 Nov 9 11:15:14 server83 dhclient[4283]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x7f28beda) Nov 9 11:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20737 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20738 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14434 SEQ=1 Nov 9 11:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=24210 PROTO=TCP SPT=55917 DPT=7519 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:15:17 server83 dhclient[4283]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7f28beda) Nov 9 11:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20739 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=38107 DPT=3080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:15:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61263 SEQ=1 Nov 9 11:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63921 SEQ=1 Nov 9 11:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13982 SEQ=1 Nov 9 11:15:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13982 SEQ=1 Nov 9 11:15:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7331 PROTO=TCP SPT=53120 DPT=2649 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20740 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.180 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=53777 PROTO=TCP SPT=52503 DPT=6001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:15:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37998 PROTO=TCP SPT=57257 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:15:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61109 SEQ=1 Nov 9 11:15:25 server83 dhclient[4283]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x7f28beda) Nov 9 11:15:28 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 11:15:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=16996 PROTO=TCP SPT=48273 DPT=427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8335 DF PROTO=TCP SPT=60090 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20741 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26168 SEQ=1 Nov 9 11:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43753 SEQ=1 Nov 9 11:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1078 SEQ=1 Nov 9 11:15:36 server83 dhclient[4283]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x7f28beda) Nov 9 11:15:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24478 SEQ=1 Nov 9 11:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56436 SEQ=1 Nov 9 11:15:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.16.39.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41751 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:15:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61911 SEQ=1 Nov 9 11:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9335 SEQ=1 Nov 9 11:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26953 SEQ=1 Nov 9 11:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20742 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16184 SEQ=1 Nov 9 11:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21509 SEQ=1 Nov 9 11:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34966 SEQ=1 Nov 9 11:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43382 DF PROTO=TCP SPT=58508 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43383 DF PROTO=TCP SPT=58508 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43384 DF PROTO=TCP SPT=58508 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:55 server83 dhclient[4283]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x7f28beda) Nov 9 11:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.180.136.250 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=49118 PROTO=TCP SPT=47224 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43385 DF PROTO=TCP SPT=58508 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:15:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:15:59 server83 NetworkManager[922]: <warn> [1762667159.4383] dhcp4 (eth1): request timed out Nov 9 11:15:59 server83 NetworkManager[922]: <info> [1762667159.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:15:59 server83 NetworkManager[922]: <info> [1762667159.4543] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4283 Nov 9 11:15:59 server83 NetworkManager[922]: <info> [1762667159.4543] dhcp4 (eth1): state changed timeout -> done Nov 9 11:15:59 server83 NetworkManager[922]: <info> [1762667159.4544] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:15:59 server83 NetworkManager[922]: <warn> [1762667159.4547] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:15:59 server83 NetworkManager[922]: <info> [1762667159.4548] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:16:00 server83 aibolit_wrapper[5335]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626671600566488.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626671600568166.txt --log=/tmp/malware_cleaner_log_17626671600569628.txt --progress=/tmp/malware_cleaner_progress_17626671600569256.json --csv_result=/tmp/revisium_csvfile_17626671600569422.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:16:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 11:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:16:01 server83 systemd: Started Session 310972 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310973 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310974 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310976 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310975 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310977 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310979 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310980 of user root. Nov 9 11:16:01 server83 systemd: Started Session 310978 of user root. Nov 9 11:16:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24267 PROTO=TCP SPT=53120 DPT=2439 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43386 DF PROTO=TCP SPT=58508 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43831 SEQ=1 Nov 9 11:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.48 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=47619 DF PROTO=ICMP TYPE=8 CODE=0 ID=30090 SEQ=45491 Nov 9 11:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16203 SEQ=1 Nov 9 11:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=19325 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16467 SEQ=1 Nov 9 11:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45953 SEQ=1 Nov 9 11:16:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5347 PROTO=TCP SPT=37137 DPT=8220 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:16:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6107 PROTO=TCP SPT=48756 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6108 PROTO=TCP SPT=48756 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37108 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:16:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22161 PROTO=TCP SPT=53625 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6109 PROTO=TCP SPT=48756 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5626 PROTO=TCP SPT=36794 DPT=4538 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:16:17 server83 aibolit_wrapper[5850]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626671772865478.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626671772867076.txt --log=/tmp/malware_cleaner_log_17626671772868536.txt --progress=/tmp/malware_cleaner_progress_17626671772868144.json --csv_result=/tmp/revisium_csvfile_17626671772868310.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:16:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22164 PROTO=TCP SPT=53625 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37963 SEQ=1 Nov 9 11:16:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20743 DF PROTO=TCP SPT=58062 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:16:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49146 SEQ=1 Nov 9 11:16:21 server83 aibolit_wrapper[5985]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626671815891538.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626671815892546.txt --log=/tmp/malware_cleaner_log_17626671815893548.txt --progress=/tmp/malware_cleaner_progress_17626671815893318.json --csv_result=/tmp/revisium_csvfile_17626671815893436.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22447 SEQ=1 Nov 9 11:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16967 SEQ=1 Nov 9 11:16:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.83 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=56227 PROTO=TCP SPT=24989 DPT=9599 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43270 PROTO=TCP SPT=57334 DPT=8433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53909 DF PROTO=TCP SPT=43454 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53910 DF PROTO=TCP SPT=43454 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=109.200.209.201 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=43021 DF PROTO=TCP SPT=41593 DPT=853 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:16:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7950 PROTO=TCP SPT=59440 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:34 server83 aibolit_wrapper[6315]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626671940850180.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626671940851126.txt --log=/tmp/malware_cleaner_log_17626671940852256.txt --progress=/tmp/malware_cleaner_progress_17626671940851918.json --csv_result=/tmp/revisium_csvfile_17626671940852072.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43619 PROTO=TCP SPT=61548 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7952 PROTO=TCP SPT=59440 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43620 PROTO=TCP SPT=61548 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7953 PROTO=TCP SPT=59440 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43621 PROTO=TCP SPT=61548 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7954 PROTO=TCP SPT=59440 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53922 SEQ=1 Nov 9 11:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64197 SEQ=1 Nov 9 11:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52649 SEQ=1 Nov 9 11:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37304 SEQ=1 Nov 9 11:16:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43623 PROTO=TCP SPT=61548 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:16:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7398 SEQ=1 Nov 9 11:16:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:16:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13121 DF PROTO=TCP SPT=53818 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:16:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13122 DF PROTO=TCP SPT=53818 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13123 DF PROTO=TCP SPT=53818 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:16:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34691 SEQ=1 Nov 9 11:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20459 SEQ=1 Nov 9 11:16:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13124 DF PROTO=TCP SPT=53818 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36105 SEQ=1 Nov 9 11:16:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3346 SEQ=1 Nov 9 11:16:54 server83 aibolit_wrapper[6869]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626672143254762.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626672143256392.txt --log=/tmp/malware_cleaner_log_17626672143258174.txt --progress=/tmp/malware_cleaner_progress_17626672143257628.json --csv_result=/tmp/revisium_csvfile_17626672143257882.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3346 SEQ=1 Nov 9 11:16:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43388 DF PROTO=TCP SPT=58508 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:16:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.33 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=16897 PROTO=TCP SPT=54338 DPT=9659 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13125 DF PROTO=TCP SPT=53818 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:16:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:17:01 server83 systemd: Started Session 310982 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310983 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310981 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310985 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310984 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310986 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310987 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310988 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310990 of user root. Nov 9 11:17:01 server83 systemd: Started Session 310989 of user root. Nov 9 11:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53914 DF PROTO=TCP SPT=43454 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44011 SEQ=1 Nov 9 11:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36015 SEQ=1 Nov 9 11:17:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22825 SEQ=1 Nov 9 11:17:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55936 SEQ=1 Nov 9 11:17:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36015 SEQ=1 Nov 9 11:17:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34306 DPT=5000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=20294 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=37199 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=20305 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:17:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.191 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=19455 PROTO=TCP SPT=52166 DPT=102 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:17:12 server83 aibolit_wrapper[7474]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626672327502858.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626672327504718.txt --log=/tmp/malware_cleaner_log_17626672327506544.txt --progress=/tmp/malware_cleaner_progress_17626672327506028.json --csv_result=/tmp/revisium_csvfile_17626672327506222.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43691 SEQ=1 Nov 9 11:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55906 SEQ=1 Nov 9 11:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42910 SEQ=1 Nov 9 11:17:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29989 SEQ=1 Nov 9 11:17:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42910 SEQ=1 Nov 9 11:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24700 SEQ=1 Nov 9 11:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38507 SEQ=1 Nov 9 11:17:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.127.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=59307 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:17:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3672 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:17:31 server83 aibolit_wrapper[7963]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626672511294810.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626672511296328.txt --log=/tmp/malware_cleaner_log_17626672511297600.txt --progress=/tmp/malware_cleaner_progress_17626672511297228.json --csv_result=/tmp/revisium_csvfile_17626672511297414.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27724 SEQ=1 Nov 9 11:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41413 SEQ=1 Nov 9 11:17:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53915 DF PROTO=TCP SPT=43454 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:17:35 server83 scripts.sh: Sun Nov 9 11:17:35 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 11:17:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14624 SEQ=1 Nov 9 11:17:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11555 SEQ=1 Nov 9 11:17:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28862 SEQ=1 Nov 9 11:17:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.145 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=29842 PROTO=TCP SPT=49228 DPT=2121 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:17:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2082 SEQ=1 Nov 9 11:17:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45620 PROTO=TCP SPT=45727 DPT=31278 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11555 SEQ=1 Nov 9 11:17:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20603 PROTO=TCP SPT=46376 DPT=13671 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:17:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:17:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53051 PROTO=TCP SPT=54383 DPT=5212 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:17:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:17:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19189 PROTO=TCP SPT=46370 DPT=2321 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:17:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.locked: ProactiveModel.Host should not be empty Nov 9 11:17:47 server83 aibolit_wrapper[8650]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626672676741868.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626672676743350.txt --log=/tmp/malware_cleaner_log_17626672676744948.txt --progress=/tmp/malware_cleaner_progress_17626672676744492.json --csv_result=/tmp/revisium_csvfile_17626672676744688.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:17:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27721 SEQ=1 Nov 9 11:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56904 SEQ=1 Nov 9 11:17:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13126 DF PROTO=TCP SPT=55397 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13127 DF PROTO=TCP SPT=55397 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:17:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36892 PROTO=TCP SPT=46235 DPT=13539 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:17:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13128 DF PROTO=TCP SPT=55397 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45607 SEQ=1 Nov 9 11:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45607 SEQ=1 Nov 9 11:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23470 SEQ=1 Nov 9 11:17:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13129 DF PROTO=TCP SPT=55397 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:17:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.47 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=34815 PROTO=TCP SPT=1211 DPT=14159 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:18:01 server83 systemd: Started Session 310993 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310992 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310994 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310991 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310995 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310996 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310997 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310998 of user root. Nov 9 11:18:01 server83 systemd: Started Session 310999 of user root. Nov 9 11:18:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32427 SEQ=1 Nov 9 11:18:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=261 SEQ=1 Nov 9 11:18:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3290 SEQ=1 Nov 9 11:18:02 server83 aibolit_wrapper[9009]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626672820444818.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626672820446822.txt --log=/tmp/malware_cleaner_log_17626672820448458.txt --progress=/tmp/malware_cleaner_progress_17626672820448008.json --csv_result=/tmp/revisium_csvfile_17626672820448206.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24853 SEQ=1 Nov 9 11:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32570 SEQ=1 Nov 9 11:18:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13130 DF PROTO=TCP SPT=55397 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:18:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23724 SEQ=1 Nov 9 11:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=62026 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=62031 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24853 SEQ=1 Nov 9 11:18:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20262 PROTO=TCP SPT=49956 DPT=29871 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:18:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3671 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:18:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.29.21.25 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=UDP SPT=50401 DPT=1434 LEN=9 Nov 9 11:18:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13111 PROTO=TCP SPT=41811 DPT=2658 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:18:19 server83 aibolit_wrapper[9406]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626672993482624.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626672993483848.txt --log=/tmp/malware_cleaner_log_17626672993485384.txt --progress=/tmp/malware_cleaner_progress_17626672993485004.json --csv_result=/tmp/revisium_csvfile_17626672993485178.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:18:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3663 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:18:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36403 SEQ=1 Nov 9 11:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 11:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 11:18:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36403 SEQ=1 Nov 9 11:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40089 SEQ=1 Nov 9 11:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57995 SEQ=1 Nov 9 11:18:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56568 DPT=4643 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:18:26 server83 aibolit_wrapper[9541]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626673063848304.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626673063851644.txt --progress=/tmp/malware_cleaner_progress_17626673063851200.json --csv_result=/tmp/revisium_csvfile_17626673063851440.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:18:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63677 PROTO=TCP SPT=34757 DPT=7057 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:18:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24474 PROTO=TCP SPT=46008 DPT=9245 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:18:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.94.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=60662 DPT=427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:18:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.132 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=63711 PROTO=TCP SPT=59016 DPT=6161 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:18:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13131 DF PROTO=TCP SPT=56477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:18:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13132 DF PROTO=TCP SPT=56477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:18:34 server83 pam_imunify_daemon.bin: time="2025-11-09T11:18:34+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 11:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13133 DF PROTO=TCP SPT=56477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:18:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.16.39.79 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48027 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:18:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57392 SEQ=1 Nov 9 11:18:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59297 SEQ=1 Nov 9 11:18:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22060 SEQ=1 Nov 9 11:18:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36072 SEQ=1 Nov 9 11:18:38 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10704 SEQ=1 Nov 9 11:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13134 DF PROTO=TCP SPT=56477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:18:40 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=21824 DF PROTO=ICMP TYPE=8 CODE=0 ID=28149 SEQ=15140 Nov 9 11:18:40 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:18:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.22 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52550 PROTO=TCP SPT=2825 DPT=88 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:18:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56966 PROTO=TCP SPT=49956 DPT=25216 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:18:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30422 PROTO=TCP SPT=46376 DPT=12229 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:18:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 11:18:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.classes: ProactiveModel.Host should not be empty Nov 9 11:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13135 DF PROTO=TCP SPT=56477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:18:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20906 PROTO=TCP SPT=46235 DPT=12925 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45365 SEQ=1 Nov 9 11:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18780 SEQ=1 Nov 9 11:18:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41748 PROTO=TCP SPT=52174 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45493 SEQ=1 Nov 9 11:18:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41749 PROTO=TCP SPT=52174 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38531 SEQ=1 Nov 9 11:18:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38531 SEQ=1 Nov 9 11:18:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54386 PROTO=TCP SPT=53080 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:18:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41750 PROTO=TCP SPT=52174 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:18:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54387 PROTO=TCP SPT=53080 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:18:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41751 PROTO=TCP SPT=52174 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:18:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3517 SEQ=1 Nov 9 11:18:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18742 SEQ=1 Nov 9 11:18:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54389 PROTO=TCP SPT=53080 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:19:01 server83 systemd: Started Session 311000 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311002 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311001 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311003 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311004 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311005 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311006 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311007 of user root. Nov 9 11:19:01 server83 systemd: Started Session 311008 of user root. Nov 9 11:19:02 server83 aibolit_wrapper[10623]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626673427004512.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626673427005780.txt --log=/tmp/malware_cleaner_log_17626673427006956.txt --progress=/tmp/malware_cleaner_progress_17626673427006642.json --csv_result=/tmp/revisium_csvfile_17626673427006798.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:19:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18593 PROTO=TCP SPT=53993 DPT=9583 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:19:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.86 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49268 DPT=9622 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10868 SEQ=1 Nov 9 11:19:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.162 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=27793 DF PROTO=TCP SPT=51738 DPT=1025 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=39039 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=39046 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17252 Nov 9 11:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=62313 DF PROTO=ICMP TYPE=8 CODE=0 ID=17 SEQ=17026 Nov 9 11:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53634 SEQ=1 Nov 9 11:19:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.162 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=27794 DF PROTO=TCP SPT=51738 DPT=1025 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:19:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.162 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=39285 DF PROTO=TCP SPT=51750 DPT=1025 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.162 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=39286 DF PROTO=TCP SPT=51750 DPT=1025 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.162 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=24679 DF PROTO=TCP SPT=51754 DPT=1025 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:19:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.162 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=24680 DF PROTO=TCP SPT=51754 DPT=1025 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:19:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56051 PROTO=TCP SPT=42175 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:19:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=56052 PROTO=TCP SPT=42175 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:19:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13136 DF PROTO=TCP SPT=57480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:19:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10165 PROTO=TCP SPT=54872 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:19:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10167 PROTO=TCP SPT=54872 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:19:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26146 SEQ=1 Nov 9 11:19:20 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:19:20 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:19:20 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7478 SEQ=1 Nov 9 11:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8934 SEQ=1 Nov 9 11:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34718 SEQ=1 Nov 9 11:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26301 SEQ=1 Nov 9 11:19:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10169 PROTO=TCP SPT=54872 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:19:22 server83 aibolit_wrapper[11161]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626673629447456.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626673629449056.txt --log=/tmp/malware_cleaner_log_17626673629450872.txt --progress=/tmp/malware_cleaner_progress_17626673629450330.json --csv_result=/tmp/revisium_csvfile_17626673629450554.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:19:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.159 DST=51.210.113.204 LEN=42 TOS=0x00 PREC=0x00 TTL=51 ID=23769 DF PROTO=UDP SPT=23537 DPT=26735 LEN=22 Nov 9 11:19:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13139 DF PROTO=TCP SPT=57480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:19:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:19:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13140 DF PROTO=TCP SPT=57480 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59669 SEQ=1 Nov 9 11:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62715 SEQ=1 Nov 9 11:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55774 SEQ=1 Nov 9 11:19:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=46640 DPT=427 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14749 SEQ=1 Nov 9 11:19:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59669 SEQ=1 Nov 9 11:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22794 SEQ=1 Nov 9 11:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=392 SEQ=1 Nov 9 11:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=35092 DF PROTO=ICMP TYPE=8 CODE=0 ID=63662 SEQ=53833 Nov 9 11:19:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36907 PROTO=TCP SPT=46235 DPT=16516 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:19:40 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.8.183.130 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=9053 DF PROTO=ICMP TYPE=8 CODE=0 ID=24684 SEQ=312 Nov 9 11:19:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:19:41 server83 aibolit_wrapper[11511]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626673814236918.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626673814238506.txt --log=/tmp/malware_cleaner_log_17626673814240920.txt --progress=/tmp/malware_cleaner_progress_17626673814240466.json --csv_result=/tmp/revisium_csvfile_17626673814240704.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:19:43 server83 systemd: Started Session c2872 of user root. Nov 9 11:19:44 server83 scripts.sh: Load Average: 1.57 , 2.28 Nov 9 11:19:44 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:19:44 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:19:44 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:19:44 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:19:44 server83 scripts.sh: MySQL Status: active Nov 9 11:19:44 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:19:44 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:19:44 server83 scripts.sh: SSHD Status: active Nov 9 11:19:44 server83 scripts.sh: FTP Status: active Nov 9 11:19:44 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:19:44 server83 scripts.sh: Imunify Status: Active Nov 9 11:19:44 server83 scripts.sh: cPanel Status: active Nov 9 11:19:44 server83 scripts.sh: Memory Status: 11/31 GB - 37.87% Nov 9 11:19:44 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:19:44 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:19:44 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:19:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3670 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:19:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:19:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29751 PROTO=TCP SPT=49956 DPT=29158 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16663 SEQ=1 Nov 9 11:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14907 SEQ=1 Nov 9 11:19:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41435 SEQ=1 Nov 9 11:19:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58515 SEQ=1 Nov 9 11:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16663 SEQ=1 Nov 9 11:19:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2629 PROTO=TCP SPT=42111 DPT=2750 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:19:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12685 PROTO=TCP SPT=37970 DPT=8563 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:19:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10517 PROTO=TCP SPT=46235 DPT=23080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:20:01 server83 systemd: Started Session 311009 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311011 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311012 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311013 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311014 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311015 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311020 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311018 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311017 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311016 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311010 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311019 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311021 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311023 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311024 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311025 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311022 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311026 of user root. Nov 9 11:20:01 server83 systemd: Started Session 311027 of user root. Nov 9 11:20:01 server83 aibolit_wrapper[12216]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674016269694.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674016271074.txt --log=/tmp/malware_cleaner_log_17626674016272232.txt --progress=/tmp/malware_cleaner_progress_17626674016271942.json --csv_result=/tmp/revisium_csvfile_17626674016272066.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10581 SEQ=1 Nov 9 11:20:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37794 DPT=1604 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:20:07 server83 aibolit_wrapper[12385]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674071401858.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674071402584.txt --log=/tmp/malware_cleaner_log_17626674071403502.txt --progress=/tmp/malware_cleaner_progress_17626674071403276.json --csv_result=/tmp/revisium_csvfile_17626674071403398.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50685 SEQ=1 Nov 9 11:20:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.23 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54511 DPT=45364 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=2292 DF PROTO=ICMP TYPE=8 CODE=0 ID=28423 SEQ=48058 Nov 9 11:20:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.230 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34095 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10581 SEQ=1 Nov 9 11:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63306 SEQ=1 Nov 9 11:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33201 SEQ=1 Nov 9 11:20:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3669 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:11 server83 aibolit_wrapper[12511]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674113537024.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674113538280.txt --log=/tmp/malware_cleaner_log_17626674113539590.txt --progress=/tmp/malware_cleaner_progress_17626674113539260.json --csv_result=/tmp/revisium_csvfile_17626674113539414.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22474 PROTO=TCP SPT=47430 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22475 PROTO=TCP SPT=47430 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37506 PROTO=TCP SPT=48897 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3668 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22476 PROTO=TCP SPT=47430 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37507 PROTO=TCP SPT=48897 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37509 PROTO=TCP SPT=48897 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13646 SEQ=1 Nov 9 11:20:19 server83 aibolit_wrapper[12708]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674197027256.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674197028342.txt --log=/tmp/malware_cleaner_log_17626674197029156.txt --progress=/tmp/malware_cleaner_progress_17626674197028944.json --csv_result=/tmp/revisium_csvfile_17626674197029030.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37352 SEQ=1 Nov 9 11:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37318 SEQ=1 Nov 9 11:20:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9925 SEQ=1 Nov 9 11:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32022 SEQ=1 Nov 9 11:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40307 SEQ=1 Nov 9 11:20:24 server83 aibolit_wrapper[12830]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674249158420.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674249160238.txt --log=/tmp/malware_cleaner_log_17626674249161840.txt --progress=/tmp/malware_cleaner_progress_17626674249161412.json --csv_result=/tmp/revisium_csvfile_17626674249161590.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3900 PROTO=TCP SPT=60635 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3901 PROTO=TCP SPT=60635 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35866 PROTO=TCP SPT=55963 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3902 PROTO=TCP SPT=60635 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35867 PROTO=TCP SPT=55963 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3903 PROTO=TCP SPT=60635 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:31 server83 aibolit_wrapper[12985]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674310625008.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626674310634210.txt --progress=/tmp/malware_cleaner_progress_17626674310633604.json --csv_result=/tmp/revisium_csvfile_17626674310633884.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35868 PROTO=TCP SPT=55963 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35870 PROTO=TCP SPT=55963 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28926 SEQ=1 Nov 9 11:20:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60315 PROTO=TCP SPT=46235 DPT=23080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50456 SEQ=1 Nov 9 11:20:36 server83 aibolit_wrapper[13113]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674362470794.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674362471614.txt --log=/tmp/malware_cleaner_log_17626674362472398.txt --progress=/tmp/malware_cleaner_progress_17626674362472212.json --csv_result=/tmp/revisium_csvfile_17626674362472300.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57786 SEQ=1 Nov 9 11:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53777 SEQ=1 Nov 9 11:20:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44950 SEQ=1 Nov 9 11:20:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=655 SEQ=1 Nov 9 11:20:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.43 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51329 DPT=9122 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:20:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:20:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:20:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.18.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40593 DPT=1604 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:20:45 server83 aibolit_wrapper[13335]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674458123462.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674458125608.txt --log=/tmp/malware_cleaner_log_17626674458127546.txt --progress=/tmp/malware_cleaner_progress_17626674458127082.json --csv_result=/tmp/revisium_csvfile_17626674458127282.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accept: ProactiveModel.Host should not be empty Nov 9 11:20:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.cache: ProactiveModel.Host should not be empty Nov 9 11:20:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=13715 PROTO=TCP SPT=45301 DPT=8553 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=39414 PROTO=TCP SPT=45301 DPT=36505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54048 PROTO=TCP SPT=45301 DPT=37531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=42329 PROTO=TCP SPT=45301 DPT=9981 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=40450 PROTO=TCP SPT=45301 DPT=30006 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=40443 DF PROTO=ICMP TYPE=8 CODE=0 ID=41906 SEQ=58098 Nov 9 11:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22194 SEQ=1 Nov 9 11:20:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=26707 PROTO=TCP SPT=45301 DPT=5513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21771 SEQ=1 Nov 9 11:20:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54091 PROTO=TCP SPT=50015 DPT=7437 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:20:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=35695 PROTO=TCP SPT=45301 DPT=1155 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29898 PROTO=TCP SPT=45301 DPT=88 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:20:59 server83 aibolit_wrapper[13607]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674591420842.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674591422688.txt --log=/tmp/malware_cleaner_log_17626674591424856.txt --progress=/tmp/malware_cleaner_progress_17626674591424430.json --csv_result=/tmp/revisium_csvfile_17626674591424622.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4502] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4507] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4508] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4512] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4523] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4526] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:20:59 server83 NetworkManager[922]: <info> [1762667459.4538] dhcp4 (eth1): dhclient started with pid 13634 Nov 9 11:20:59 server83 dhclient[13634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x674b974) Nov 9 11:20:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=49622 PROTO=TCP SPT=45301 DPT=16582 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4845 SEQ=1 Nov 9 11:21:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=11367 PROTO=TCP SPT=46383 DPT=3022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:21:01 server83 systemd: Started Session 311028 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311030 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311032 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311029 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311031 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311034 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311033 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311035 of user root. Nov 9 11:21:01 server83 systemd: Started Session 311036 of user root. Nov 9 11:21:02 server83 dhclient[13634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x674b974) Nov 9 11:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2782 SEQ=1 Nov 9 11:21:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=34314 PROTO=TCP SPT=45301 DPT=30501 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28805 SEQ=1 Nov 9 11:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35058 SEQ=1 Nov 9 11:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35057 SEQ=1 Nov 9 11:21:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=16615 PROTO=TCP SPT=45301 DPT=6347 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=11558 PROTO=TCP SPT=45301 DPT=30013 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=48216 PROTO=TCP SPT=45301 DPT=1488 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=17781 PROTO=TCP SPT=45301 DPT=9900 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=46612 PROTO=TCP SPT=45301 DPT=8206 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26748 SEQ=1 Nov 9 11:21:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=8917 PROTO=TCP SPT=45301 DPT=35531 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2620 SEQ=1 Nov 9 11:21:07 server83 dhclient[13634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x674b974) Nov 9 11:21:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=29955 PROTO=TCP SPT=45301 DPT=30025 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=58466 PROTO=TCP SPT=45301 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=18472 PROTO=TCP SPT=45301 DPT=6620 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=39850 PROTO=TCP SPT=45301 DPT=30004 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=32216 PROTO=TCP SPT=45301 DPT=30700 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=25073 PROTO=TCP SPT=45301 DPT=7411 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=18219 PROTO=TCP SPT=45301 DPT=8788 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:13 server83 aibolit_wrapper[14024]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674734426128.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674734427738.txt --log=/tmp/malware_cleaner_log_17626674734428954.txt --progress=/tmp/malware_cleaner_progress_17626674734428628.json --csv_result=/tmp/revisium_csvfile_17626674734428764.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:21:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=64763 PROTO=TCP SPT=45301 DPT=5067 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=20337 PROTO=TCP SPT=45301 DPT=9909 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=12380 PROTO=TCP SPT=45301 DPT=8444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:19 server83 dhclient[13634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x674b974) Nov 9 11:21:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13601 SEQ=1 Nov 9 11:21:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18374 SEQ=1 Nov 9 11:21:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62749 SEQ=1 Nov 9 11:21:20 server83 aibolit_wrapper[14189]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674804794922.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626674804798420.txt --progress=/tmp/malware_cleaner_progress_17626674804797962.json --csv_result=/tmp/revisium_csvfile_17626674804798200.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:21:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=64296 PROTO=TCP SPT=45301 DPT=6524 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16973 SEQ=1 Nov 9 11:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.157.82.161 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=50141 SEQ=22645 Nov 9 11:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20720 SEQ=1 Nov 9 11:21:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.28.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=34183 PROTO=TCP SPT=45301 DPT=2939 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:21:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16693 SEQ=1 Nov 9 11:21:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48584 SEQ=1 Nov 9 11:21:34 server83 aibolit_wrapper[14719]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626674948542654.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626674948544326.txt --log=/tmp/malware_cleaner_log_17626674948546076.txt --progress=/tmp/malware_cleaner_progress_17626674948545584.json --csv_result=/tmp/revisium_csvfile_17626674948545832.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53939 SEQ=1 Nov 9 11:21:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17778 SEQ=1 Nov 9 11:21:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36174 PROTO=TCP SPT=39678 DPT=5006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:21:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42810 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54602 SEQ=1 Nov 9 11:21:38 server83 dhclient[13634]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x674b974) Nov 9 11:21:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6533 PROTO=TCP SPT=49956 DPT=28087 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:21:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:21:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.118 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53135 DPT=9208 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:21:44 server83 NetworkManager[922]: <warn> [1762667504.4461] dhcp4 (eth1): request timed out Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4461] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4540] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13634 Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4540] dhcp4 (eth1): state changed timeout -> done Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4542] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:21:44 server83 NetworkManager[922]: <warn> [1762667504.4547] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4549] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4582] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4587] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4588] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4591] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4601] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4604] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:21:44 server83 NetworkManager[922]: <info> [1762667504.4616] dhcp4 (eth1): dhclient started with pid 15091 Nov 9 11:21:44 server83 dhclient[15091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x329c3a01) Nov 9 11:21:46 server83 aibolit_wrapper[15143]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675060074496.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675060079252.txt --log=/tmp/malware_cleaner_log_17626675060082768.txt --progress=/tmp/malware_cleaner_progress_17626675060082280.json --csv_result=/tmp/revisium_csvfile_17626675060082500.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:21:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.221.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58072 DPT=37215 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:21:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 11:21:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:21:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48597 SEQ=1 Nov 9 11:21:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41304 SEQ=1 Nov 9 11:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17153 SEQ=1 Nov 9 11:21:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.131 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=20835 PROTO=TCP SPT=7020 DPT=42317 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:21:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10476 PROTO=TCP SPT=51538 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17153 SEQ=1 Nov 9 11:21:50 server83 dhclient[15091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x329c3a01) Nov 9 11:21:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10477 PROTO=TCP SPT=51538 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13004 PROTO=TCP SPT=40393 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=10478 PROTO=TCP SPT=51538 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13005 PROTO=TCP SPT=40393 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13006 PROTO=TCP SPT=40393 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24166 SEQ=1 Nov 9 11:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7627 SEQ=1 Nov 9 11:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7627 SEQ=1 Nov 9 11:21:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13008 PROTO=TCP SPT=40393 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:21:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.19 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=60691 PROTO=TCP SPT=63488 DPT=5432 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:21:58 server83 aibolit_wrapper[15348]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675182135332.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675182137144.txt --log=/tmp/malware_cleaner_log_17626675182138876.txt --progress=/tmp/malware_cleaner_progress_17626675182138432.json --csv_result=/tmp/revisium_csvfile_17626675182138640.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:01 server83 systemd: Started Session 311037 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311038 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311039 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311040 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311041 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311043 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311044 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311045 of user root. Nov 9 11:22:01 server83 systemd: Started Session 311042 of user root. Nov 9 11:22:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3662 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:22:02 server83 dhclient[15091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x329c3a01) Nov 9 11:22:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.93 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=33346 DPT=7900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62428 SEQ=1 Nov 9 11:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6695 SEQ=1 Nov 9 11:22:08 server83 aibolit_wrapper[15614]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675284195938.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675284197480.txt --log=/tmp/malware_cleaner_log_17626675284199496.txt --progress=/tmp/malware_cleaner_progress_17626675284198950.json --csv_result=/tmp/revisium_csvfile_17626675284199212.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8901 SEQ=1 Nov 9 11:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6695 SEQ=1 Nov 9 11:22:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=12551 PROTO=TCP SPT=33164 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=12552 PROTO=TCP SPT=33164 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.140.140.15 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=22457 PROTO=TCP SPT=48148 DPT=2375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:22:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=49411 PROTO=TCP SPT=48499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=12553 PROTO=TCP SPT=33164 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=49412 PROTO=TCP SPT=48499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=49413 PROTO=TCP SPT=48499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:17 server83 aibolit_wrapper[15858]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675375596910.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675375598182.txt --log=/tmp/malware_cleaner_log_17626675375599274.txt --progress=/tmp/malware_cleaner_progress_17626675375598960.json --csv_result=/tmp/revisium_csvfile_17626675375599094.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.33.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=49415 PROTO=TCP SPT=48499 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:22:18 server83 dhclient[15091]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x329c3a01) Nov 9 11:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1791 SEQ=1 Nov 9 11:22:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12325 SEQ=1 Nov 9 11:22:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.242.69 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=31532 DF PROTO=TCP SPT=59971 DPT=2222 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 11:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15937 SEQ=1 Nov 9 11:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7940 SEQ=1 Nov 9 11:22:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37164 PROTO=TCP SPT=41811 DPT=2425 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:22:27 server83 aibolit_wrapper[16212]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675478432036.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675478434202.txt --log=/tmp/malware_cleaner_log_17626675478436224.txt --progress=/tmp/malware_cleaner_progress_17626675478435746.json --csv_result=/tmp/revisium_csvfile_17626675478435974.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33386 DPT=37215 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:22:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.92.27.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60501 DPT=684 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:22:29 server83 NetworkManager[922]: <warn> [1762667549.4383] dhcp4 (eth1): request timed out Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4462] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15091 Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4462] dhcp4 (eth1): state changed timeout -> done Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4464] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:22:29 server83 NetworkManager[922]: <warn> [1762667549.4468] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4470] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4502] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4506] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4507] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4510] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4520] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4523] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:22:29 server83 NetworkManager[922]: <info> [1762667549.4534] dhcp4 (eth1): dhclient started with pid 16262 Nov 9 11:22:29 server83 dhclient[16262]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1a172fea) Nov 9 11:22:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8795 PROTO=TCP SPT=46235 DPT=28071 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:22:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11927 SEQ=1 Nov 9 11:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=17773 SEQ=20627 Nov 9 11:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=37459 SEQ=20551 Nov 9 11:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=61286 SEQ=20702 Nov 9 11:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=10355 SEQ=20771 Nov 9 11:22:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3661 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42714 SEQ=1 Nov 9 11:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.210 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=10359 SEQ=23600 Nov 9 11:22:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=35653 DPT=33434 LEN=48 Nov 9 11:22:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=30263 DPT=33434 LEN=48 Nov 9 11:22:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=47825 DPT=33434 LEN=48 Nov 9 11:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53120 SEQ=1 Nov 9 11:22:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=56015 DPT=33434 LEN=48 Nov 9 11:22:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=18764 DPT=33434 LEN=48 Nov 9 11:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59136 SEQ=1 Nov 9 11:22:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=6712 DPT=33434 LEN=48 Nov 9 11:22:36 server83 dhclient[16262]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x1a172fea) Nov 9 11:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=34103 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:22:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=46039 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:22:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=20629 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:22:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.155.50.87 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=40 ID=50488 DF PROTO=TCP SPT=51021 DPT=8081 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 11:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53125 SEQ=1 Nov 9 11:22:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6211 SEQ=1 Nov 9 11:22:38 server83 aibolit_wrapper[16561]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675583332072.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675583333518.txt --log=/tmp/malware_cleaner_log_17626675583334786.txt --progress=/tmp/malware_cleaner_progress_17626675583334442.json --csv_result=/tmp/revisium_csvfile_17626675583334612.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=42701 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:22:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=36122 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28335 SEQ=1 Nov 9 11:22:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.223 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=55293 DF PROTO=TCP SPT=46670 DPT=8055 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:22:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:22:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.223 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=59803 DF PROTO=TCP SPT=51980 DPT=8055 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:22:46 server83 aibolit_wrapper[16820]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675665970514.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675665971666.txt --log=/tmp/malware_cleaner_log_17626675665972588.txt --progress=/tmp/malware_cleaner_progress_17626675665972288.json --csv_result=/tmp/revisium_csvfile_17626675665972414.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.include: ProactiveModel.Host should not be empty Nov 9 11:22:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.center: ProactiveModel.Host should not be empty Nov 9 11:22:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.request: ProactiveModel.Host should not be empty Nov 9 11:22:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51185 SEQ=1 Nov 9 11:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17268 SEQ=1 Nov 9 11:22:51 server83 dhclient[16262]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x1a172fea) Nov 9 11:22:51 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 11:22:51 server83 systemd: Stopped Status Update Service. Nov 9 11:22:51 server83 systemd: Started Status Update Service. Nov 9 11:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19526 SEQ=1 Nov 9 11:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51185 SEQ=1 Nov 9 11:22:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58436 PROTO=TCP SPT=34410 DPT=5005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10330 SEQ=1 Nov 9 11:22:56 server83 aibolit_wrapper[17156]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675768029372.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675768031426.txt --log=/tmp/malware_cleaner_log_17626675768033658.txt --progress=/tmp/malware_cleaner_progress_17626675768032966.json --csv_result=/tmp/revisium_csvfile_17626675768033318.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:22:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2218 PROTO=TCP SPT=45727 DPT=32145 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:23:01 server83 systemd: Started Session 311046 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311047 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311049 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311050 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311051 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311052 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311053 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311048 of user root. Nov 9 11:23:01 server83 systemd: Started Session 311054 of user root. Nov 9 11:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:23:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=24593 PROTO=TCP SPT=56185 DPT=7918 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6906 SEQ=1 Nov 9 11:23:02 server83 aibolit_wrapper[17449]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675828910618.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626675828914490.txt --progress=/tmp/malware_cleaner_progress_17626675828914182.json --csv_result=/tmp/revisium_csvfile_17626675828914328.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19852 SEQ=1 Nov 9 11:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34663 SEQ=1 Nov 9 11:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23696 SEQ=1 Nov 9 11:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24099 SEQ=1 Nov 9 11:23:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:23:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.57 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49559 DPT=7170 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:23:12 server83 dhclient[16262]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x1a172fea) Nov 9 11:23:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49404 PROTO=TCP SPT=46235 DPT=41764 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:23:14 server83 NetworkManager[922]: <warn> [1762667594.4455] dhcp4 (eth1): request timed out Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4456] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4535] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16262 Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4535] dhcp4 (eth1): state changed timeout -> done Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4537] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:23:14 server83 NetworkManager[922]: <warn> [1762667594.4542] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4544] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4577] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4581] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4582] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4586] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4597] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4599] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:23:14 server83 NetworkManager[922]: <info> [1762667594.4611] dhcp4 (eth1): dhclient started with pid 17972 Nov 9 11:23:14 server83 dhclient[17972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x542d5500) Nov 9 11:23:17 server83 dhclient[17972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x542d5500) Nov 9 11:23:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56557 SEQ=1 Nov 9 11:23:19 server83 aibolit_wrapper[18137]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626675991962516.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626675991963620.txt --log=/tmp/malware_cleaner_log_17626675991964498.txt --progress=/tmp/malware_cleaner_progress_17626675991964254.json --csv_result=/tmp/revisium_csvfile_17626675991964352.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.138.21.99 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=58564 DF PROTO=ICMP TYPE=8 CODE=0 ID=26083 SEQ=2109 Nov 9 11:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=33126 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62738 SEQ=1 Nov 9 11:23:22 server83 dhclient[17972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x542d5500) Nov 9 11:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2160 SEQ=1 Nov 9 11:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28075 SEQ=1 Nov 9 11:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7942 PROTO=TCP SPT=44900 DPT=9523 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16766 SEQ=1 Nov 9 11:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10088 SEQ=1 Nov 9 11:23:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.186 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=45562 PROTO=TCP SPT=40123 DPT=888 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:23:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.141.176 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=7720 DF PROTO=TCP SPT=37455 DPT=10941 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:23:27 server83 dhclient[17972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x542d5500) Nov 9 11:23:29 server83 aibolit_wrapper[18519]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676094052562.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676094054250.txt --log=/tmp/malware_cleaner_log_17626676094056104.txt --progress=/tmp/malware_cleaner_progress_17626676094055632.json --csv_result=/tmp/revisium_csvfile_17626676094055876.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:23:31 server83 pam_imunify_daemon.bin: time="2025-11-09T11:23:31+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 11:23:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2701 SEQ=1 Nov 9 11:23:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2701 SEQ=1 Nov 9 11:23:36 server83 dhclient[17972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x542d5500) Nov 9 11:23:37 server83 aibolit_wrapper[18862]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676179714362.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676179715848.txt --log=/tmp/malware_cleaner_log_17626676179717304.txt --progress=/tmp/malware_cleaner_progress_17626676179716874.json --csv_result=/tmp/revisium_csvfile_17626676179717080.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35735 SEQ=1 Nov 9 11:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=880 SEQ=1 Nov 9 11:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4817 SEQ=1 Nov 9 11:23:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:23:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:23:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2050 PROTO=TCP SPT=56949 DPT=8511 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:23:49 server83 aibolit_wrapper[19265]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676291500166.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676291501816.txt --log=/tmp/malware_cleaner_log_17626676291503748.txt --progress=/tmp/malware_cleaner_progress_17626676291503214.json --csv_result=/tmp/revisium_csvfile_17626676291503446.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26046 SEQ=1 Nov 9 11:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46047 SEQ=1 Nov 9 11:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14992 SEQ=1 Nov 9 11:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50145 SEQ=1 Nov 9 11:23:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56208 SEQ=1 Nov 9 11:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56208 SEQ=1 Nov 9 11:23:56 server83 dhclient[17972]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x542d5500) Nov 9 11:23:58 server83 aibolit_wrapper[19525]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676387201102.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676387202766.txt --log=/tmp/malware_cleaner_log_17626676387204420.txt --progress=/tmp/malware_cleaner_progress_17626676387204052.json --csv_result=/tmp/revisium_csvfile_17626676387204208.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:23:59 server83 NetworkManager[922]: <warn> [1762667639.4503] dhcp4 (eth1): request timed out Nov 9 11:23:59 server83 NetworkManager[922]: <info> [1762667639.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:23:59 server83 NetworkManager[922]: <info> [1762667639.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17972 Nov 9 11:23:59 server83 NetworkManager[922]: <info> [1762667639.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 11:23:59 server83 NetworkManager[922]: <info> [1762667639.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:23:59 server83 NetworkManager[922]: <warn> [1762667639.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:23:59 server83 NetworkManager[922]: <info> [1762667639.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:24:01 server83 systemd: Started Session 311055 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311057 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311056 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311058 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311060 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311061 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311059 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311062 of user root. Nov 9 11:24:01 server83 systemd: Started Session 311063 of user root. Nov 9 11:24:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=16767 PROTO=TCP SPT=56114 DPT=7816 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1812 SEQ=1 Nov 9 11:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23131 SEQ=1 Nov 9 11:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23131 SEQ=1 Nov 9 11:24:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16009 PROTO=TCP SPT=59444 DPT=43110 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1812 SEQ=1 Nov 9 11:24:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3660 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20800 SEQ=1 Nov 9 11:24:09 server83 aibolit_wrapper[19893]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676490651092.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676490652690.txt --log=/tmp/malware_cleaner_log_17626676490654492.txt --progress=/tmp/malware_cleaner_progress_17626676490653916.json --csv_result=/tmp/revisium_csvfile_17626676490654146.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:24:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19285 SEQ=1 Nov 9 11:24:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=59352 PROTO=TCP SPT=56753 DPT=8124 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:24:17 server83 aibolit_wrapper[20160]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676577107694.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676577109118.txt --log=/tmp/malware_cleaner_log_17626676577110394.txt --progress=/tmp/malware_cleaner_progress_17626676577110076.json --csv_result=/tmp/revisium_csvfile_17626676577110220.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:24:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44305 SEQ=1 Nov 9 11:24:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15067 SEQ=1 Nov 9 11:24:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3667 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:24:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41692 SEQ=1 Nov 9 11:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46371 SEQ=1 Nov 9 11:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8107 SEQ=1 Nov 9 11:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8428 SEQ=1 Nov 9 11:24:27 server83 aibolit_wrapper[20395]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676671725740.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676671727426.txt --log=/tmp/malware_cleaner_log_17626676671728818.txt --progress=/tmp/malware_cleaner_progress_17626676671728452.json --csv_result=/tmp/revisium_csvfile_17626676671728620.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:24:35 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:24:35 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:24:35 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:24:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.37 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56178 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:24:36 server83 aibolit_wrapper[20757]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676763803330.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676763805008.txt --log=/tmp/malware_cleaner_log_17626676763806524.txt --progress=/tmp/malware_cleaner_progress_17626676763806146.json --csv_result=/tmp/revisium_csvfile_17626676763806324.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:24:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17546 SEQ=1 Nov 9 11:24:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3659 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:24:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3658 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25088 SEQ=1 Nov 9 11:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8714 SEQ=1 Nov 9 11:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8714 SEQ=1 Nov 9 11:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10759 SEQ=1 Nov 9 11:24:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:24:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 11:24:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.db2_convert: ProactiveModel.Host should not be empty Nov 9 11:24:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.include: ProactiveModel.Host should not be empty Nov 9 11:24:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54994 SEQ=1 Nov 9 11:24:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.110 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=56048 PROTO=TCP SPT=45515 DPT=15672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50085 SEQ=1 Nov 9 11:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64203 SEQ=1 Nov 9 11:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64692 SEQ=1 Nov 9 11:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14744 SEQ=1 Nov 9 11:24:54 server83 aibolit_wrapper[21174]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626676944002488.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626676944004170.txt --log=/tmp/malware_cleaner_log_17626676944005618.txt --progress=/tmp/malware_cleaner_progress_17626676944005248.json --csv_result=/tmp/revisium_csvfile_17626676944005406.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54994 SEQ=1 Nov 9 11:24:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38669 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:24:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15644 PROTO=TCP SPT=44718 DPT=4629 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:24:58 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 11:25:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=59116 PROTO=TCP SPT=56185 DPT=7914 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:25:01 server83 systemd: Started Session 311064 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311065 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311067 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311069 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311070 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311066 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311071 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311068 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311075 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311072 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311076 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311078 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311074 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311079 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311077 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311073 of user root. Nov 9 11:25:01 server83 systemd: Started Session 311080 of user root. Nov 9 11:25:02 server83 aibolit_wrapper[21522]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677029542428.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677029544460.txt --log=/tmp/malware_cleaner_log_17626677029546330.txt --progress=/tmp/malware_cleaner_progress_17626677029545908.json --csv_result=/tmp/revisium_csvfile_17626677029546090.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10328 SEQ=1 Nov 9 11:25:07 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 11:25:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45264 SEQ=1 Nov 9 11:25:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55854 SEQ=1 Nov 9 11:25:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22996 PROTO=TCP SPT=46370 DPT=2859 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=24.199.112.228 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=12955 PROTO=TCP SPT=46293 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:12 server83 aibolit_wrapper[21741]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677123848962.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677123850668.txt --log=/tmp/malware_cleaner_log_17626677123852062.txt --progress=/tmp/malware_cleaner_progress_17626677123851698.json --csv_result=/tmp/revisium_csvfile_17626677123851854.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:25:19 server83 aibolit_wrapper[22037]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677197766324.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677197767928.txt --log=/tmp/malware_cleaner_log_17626677197770572.txt --progress=/tmp/malware_cleaner_progress_17626677197769096.json --csv_result=/tmp/revisium_csvfile_17626677197770290.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9817 SEQ=1 Nov 9 11:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14211 SEQ=1 Nov 9 11:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53328 SEQ=1 Nov 9 11:25:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56676 DPT=4117 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:25:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3665 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28907 SEQ=1 Nov 9 11:25:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14084 PROTO=TCP SPT=49956 DPT=25474 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26215 SEQ=1 Nov 9 11:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9285 SEQ=1 Nov 9 11:25:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.144.212.221 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12762 PROTO=TCP SPT=41955 DPT=10022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:25 server83 aibolit_wrapper[22244]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677253913646.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677253915198.txt --log=/tmp/malware_cleaner_log_17626677253916932.txt --progress=/tmp/malware_cleaner_progress_17626677253916514.json --csv_result=/tmp/revisium_csvfile_17626677253916738.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3666 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35954 PROTO=TCP SPT=49956 DPT=25300 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.182 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38169 DPT=15672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:25:29 server83 aibolit_wrapper[22345]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677295168896.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677295170236.txt --log=/tmp/malware_cleaner_log_17626677295171574.txt --progress=/tmp/malware_cleaner_progress_17626677295171220.json --csv_result=/tmp/revisium_csvfile_17626677295171392.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:33 server83 aibolit_wrapper[22462]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677337608466.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677337609444.txt --log=/tmp/malware_cleaner_log_17626677337610654.txt --progress=/tmp/malware_cleaner_progress_17626677337610342.json --csv_result=/tmp/revisium_csvfile_17626677337610480.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40746 SEQ=1 Nov 9 11:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24089 SEQ=1 Nov 9 11:25:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=32969 PROTO=TCP SPT=46360 DPT=16526 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52278 SEQ=1 Nov 9 11:25:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41175 SEQ=1 Nov 9 11:25:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46026 PROTO=TCP SPT=58603 DPT=6666 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33584 SEQ=1 Nov 9 11:25:38 server83 aibolit_wrapper[22593]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677389669432.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677389671336.txt --log=/tmp/malware_cleaner_log_17626677389672830.txt --progress=/tmp/malware_cleaner_progress_17626677389672478.json --csv_result=/tmp/revisium_csvfile_17626677389672640.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61349 SEQ=1 Nov 9 11:25:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:25:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32730 PROTO=TCP SPT=39381 DPT=4914 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:25:44 server83 aibolit_wrapper[22724]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677442660714.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677442661570.txt --log=/tmp/malware_cleaner_log_17626677442662702.txt --progress=/tmp/malware_cleaner_progress_17626677442662372.json --csv_result=/tmp/revisium_csvfile_17626677442662532.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 11:25:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 11:25:49 server83 aibolit_wrapper[22898]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677494778524.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677494779908.txt --log=/tmp/malware_cleaner_log_17626677494781352.txt --progress=/tmp/malware_cleaner_progress_17626677494780958.json --csv_result=/tmp/revisium_csvfile_17626677494781146.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17851 SEQ=1 Nov 9 11:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62344 SEQ=1 Nov 9 11:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32460 SEQ=1 Nov 9 11:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18654 SEQ=1 Nov 9 11:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42257 SEQ=1 Nov 9 11:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62344 SEQ=1 Nov 9 11:25:54 server83 aibolit_wrapper[23003]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677547527254.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626677547530264.txt --progress=/tmp/malware_cleaner_progress_17626677547529826.json --csv_result=/tmp/revisium_csvfile_17626677547530016.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:25:57 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=109.151.72.87 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=56433 PROTO=UDP SPT=17040 DPT=25249 LEN=520 Nov 9 11:25:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13141 DF PROTO=TCP SPT=49182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:25:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13142 DF PROTO=TCP SPT=49182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:00 server83 aibolit_wrapper[23158]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677600595458.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677600596238.txt --log=/tmp/malware_cleaner_log_17626677600596992.txt --progress=/tmp/malware_cleaner_progress_17626677600596776.json --csv_result=/tmp/revisium_csvfile_17626677600596878.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:26:01 server83 systemd: Started Session 311081 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311083 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311084 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311082 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311086 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311085 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311087 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311088 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311089 of user root. Nov 9 11:26:01 server83 systemd: Started Session 311090 of user root. Nov 9 11:26:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13143 DF PROTO=TCP SPT=49182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:04 server83 aibolit_wrapper[23371]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677643468180.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677643469546.txt --log=/tmp/malware_cleaner_log_17626677643471336.txt --progress=/tmp/malware_cleaner_progress_17626677643470802.json --csv_result=/tmp/revisium_csvfile_17626677643471044.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13144 DF PROTO=TCP SPT=49182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20427 SEQ=1 Nov 9 11:26:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45923 SEQ=1 Nov 9 11:26:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.111.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=53606 DPT=15672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45851 SEQ=1 Nov 9 11:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45851 SEQ=1 Nov 9 11:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13542 SEQ=1 Nov 9 11:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40330 SEQ=1 Nov 9 11:26:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.39 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51845 DPT=41386 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:10 server83 aibolit_wrapper[23488]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677699876524.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677699877316.txt --log=/tmp/malware_cleaner_log_17626677699878132.txt --progress=/tmp/malware_cleaner_progress_17626677699877940.json --csv_result=/tmp/revisium_csvfile_17626677699878034.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33486 PROTO=TCP SPT=49956 DPT=29193 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:26:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13145 DF PROTO=TCP SPT=49182 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20620 PROTO=TCP SPT=46360 DPT=40502 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:26:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3664 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:26:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:26:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43772 SEQ=1 Nov 9 11:26:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9944 SEQ=1 Nov 9 11:26:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48171 SEQ=1 Nov 9 11:26:16 server83 aibolit_wrapper[23687]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677763315456.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626677763317862.txt --progress=/tmp/malware_cleaner_progress_17626677763317532.json --csv_result=/tmp/revisium_csvfile_17626677763317678.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46501 PROTO=TCP SPT=41811 DPT=2605 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62222 SEQ=1 Nov 9 11:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48171 SEQ=1 Nov 9 11:26:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52589 DPT=3199 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.162 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50980 DPT=28082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12919 SEQ=1 Nov 9 11:26:23 server83 aibolit_wrapper[23916]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677837292562.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677837294496.txt --log=/tmp/malware_cleaner_log_17626677837296458.txt --progress=/tmp/malware_cleaner_progress_17626677837295926.json --csv_result=/tmp/revisium_csvfile_17626677837296148.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9944 SEQ=1 Nov 9 11:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43772 SEQ=1 Nov 9 11:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12904 SEQ=1 Nov 9 11:26:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56525 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.115 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2022 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:26:32 server83 aibolit_wrapper[24107]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626677929540474.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626677929542236.txt --log=/tmp/malware_cleaner_log_17626677929544354.txt --progress=/tmp/malware_cleaner_progress_17626677929543802.json --csv_result=/tmp/revisium_csvfile_17626677929544054.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60780 SEQ=1 Nov 9 11:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44649 SEQ=1 Nov 9 11:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16360 SEQ=1 Nov 9 11:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14825 SEQ=1 Nov 9 11:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52740 SEQ=1 Nov 9 11:26:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:26:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52534 DPT=46246 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:43 server83 aibolit_wrapper[24357]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678031991302.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678031992486.txt --log=/tmp/malware_cleaner_log_17626678031993752.txt --progress=/tmp/malware_cleaner_progress_17626678031993442.json --csv_result=/tmp/revisium_csvfile_17626678031993576.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.40.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38386 DPT=7171 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:26:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.lock: ProactiveModel.Host should not be empty Nov 9 11:26:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42445 SEQ=1 Nov 9 11:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11109 SEQ=1 Nov 9 11:26:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35309 SEQ=1 Nov 9 11:26:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37875 SEQ=1 Nov 9 11:26:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25030 SEQ=1 Nov 9 11:26:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13146 DF PROTO=TCP SPT=50477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:51 server83 aibolit_wrapper[24574]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678113782370.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678113784202.txt --log=/tmp/malware_cleaner_log_17626678113786258.txt --progress=/tmp/malware_cleaner_progress_17626678113785666.json --csv_result=/tmp/revisium_csvfile_17626678113785920.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18257 SEQ=1 Nov 9 11:26:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.92.32 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=33332 DF PROTO=TCP SPT=34356 DPT=4911 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 11:26:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13147 DF PROTO=TCP SPT=50477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13148 DF PROTO=TCP SPT=50477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:26:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13149 DF PROTO=TCP SPT=50477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:27:01 server83 aibolit_wrapper[24805]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678210602634.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678210604302.txt --log=/tmp/malware_cleaner_log_17626678210605720.txt --progress=/tmp/malware_cleaner_progress_17626678210605380.json --csv_result=/tmp/revisium_csvfile_17626678210605542.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:27:01 server83 systemd: Started Session 311092 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311093 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311095 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311094 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311096 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311097 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311091 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311098 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311099 of user root. Nov 9 11:27:01 server83 systemd: Started Session 311100 of user root. Nov 9 11:27:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13150 DF PROTO=TCP SPT=50777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37784 SEQ=1 Nov 9 11:27:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37784 SEQ=1 Nov 9 11:27:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59061 SEQ=1 Nov 9 11:27:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64321 SEQ=1 Nov 9 11:27:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13151 DF PROTO=TCP SPT=50777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13152 DF PROTO=TCP SPT=50777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:06 server83 scripts.sh: Sun Nov 9 11:27:06 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 11:27:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13153 DF PROTO=TCP SPT=50477 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12054 PROTO=TCP SPT=49956 DPT=28266 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17988 SEQ=1 Nov 9 11:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60746 SEQ=1 Nov 9 11:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64321 SEQ=1 Nov 9 11:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17988 SEQ=1 Nov 9 11:27:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13154 DF PROTO=TCP SPT=50777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:11 server83 aibolit_wrapper[25211]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678314146928.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678314148450.txt --log=/tmp/malware_cleaner_log_17626678314150064.txt --progress=/tmp/malware_cleaner_progress_17626678314149584.json --csv_result=/tmp/revisium_csvfile_17626678314149818.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:27:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13155 DF PROTO=TCP SPT=50777 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:27:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58860 SEQ=1 Nov 9 11:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8907 SEQ=1 Nov 9 11:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23114 SEQ=1 Nov 9 11:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=270 SEQ=1 Nov 9 11:27:20 server83 aibolit_wrapper[25526]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678405842502.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678405844236.txt --log=/tmp/malware_cleaner_log_17626678405845754.txt --progress=/tmp/malware_cleaner_progress_17626678405845360.json --csv_result=/tmp/revisium_csvfile_17626678405845542.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:27:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3697 SEQ=1 Nov 9 11:27:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32515 PROTO=TCP SPT=41811 DPT=2505 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52601 SEQ=1 Nov 9 11:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15931 SEQ=1 Nov 9 11:27:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55259 SEQ=1 Nov 9 11:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5917 SEQ=1 Nov 9 11:27:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=47941 DF PROTO=ICMP TYPE=8 CODE=0 ID=25844 SEQ=27461 Nov 9 11:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15931 SEQ=1 Nov 9 11:27:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3794 PROTO=TCP SPT=49196 DPT=4573 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:27:40 server83 aibolit_wrapper[26154]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678608187608.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678608188958.txt --log=/tmp/malware_cleaner_log_17626678608190272.txt --progress=/tmp/malware_cleaner_progress_17626678608189922.json --csv_result=/tmp/revisium_csvfile_17626678608190084.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:27:41 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:27:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.classes: ProactiveModel.Host should not be empty Nov 9 11:27:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 11:27:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 11:27:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63738 SEQ=1 Nov 9 11:27:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65242 SEQ=1 Nov 9 11:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59731 SEQ=1 Nov 9 11:27:51 server83 aibolit_wrapper[26492]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678709905136.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678709906790.txt --log=/tmp/malware_cleaner_log_17626678709908274.txt --progress=/tmp/malware_cleaner_progress_17626678709907868.json --csv_result=/tmp/revisium_csvfile_17626678709908038.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26173 SEQ=1 Nov 9 11:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28009 SEQ=1 Nov 9 11:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8350 SEQ=1 Nov 9 11:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18910 SEQ=1 Nov 9 11:27:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=201.140.123.130 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=24088 PROTO=TCP SPT=60000 DPT=31922 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:27:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36835 PROTO=TCP SPT=46370 DPT=1630 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:27:59 server83 aibolit_wrapper[26703]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678794722732.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678794724328.txt --log=/tmp/malware_cleaner_log_17626678794725890.txt --progress=/tmp/malware_cleaner_progress_17626678794725488.json --csv_result=/tmp/revisium_csvfile_17626678794725670.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56855 SEQ=1 Nov 9 11:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:28:01 server83 systemd: Started Session 311101 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311103 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311104 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311105 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311102 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311106 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311107 of user root. Nov 9 11:28:01 server83 systemd: Started Session 311108 of user root. Nov 9 11:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 11:28:01 server83 systemd: Started Session 311109 of user metalarts. Nov 9 11:28:01 server83 systemd: Started Session 311110 of user root. Nov 9 11:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 11:28:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15546 SEQ=1 Nov 9 11:28:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56317 SEQ=1 Nov 9 11:28:06 server83 aibolit_wrapper[26986]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678867759034.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678867760560.txt --log=/tmp/malware_cleaner_log_17626678867762622.txt --progress=/tmp/malware_cleaner_progress_17626678867762042.json --csv_result=/tmp/revisium_csvfile_17626678867762306.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15011 SEQ=1 Nov 9 11:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15109 SEQ=1 Nov 9 11:28:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50296 PROTO=TCP SPT=41811 DPT=2590 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:28:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.42.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50390 DPT=5910 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:28:15 server83 aibolit_wrapper[27224]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626678959288578.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626678959290282.txt --log=/tmp/malware_cleaner_log_17626678959291502.txt --progress=/tmp/malware_cleaner_progress_17626678959291188.json --csv_result=/tmp/revisium_csvfile_17626678959291336.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26564 SEQ=1 Nov 9 11:28:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1670 SEQ=1 Nov 9 11:28:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26564 SEQ=1 Nov 9 11:28:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52530 SEQ=1 Nov 9 11:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 11:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 11:28:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.64.105.19 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=11110 PROTO=TCP SPT=56887 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49576 SEQ=1 Nov 9 11:28:25 server83 aibolit_wrapper[27480]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679050671536.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679050673680.txt --log=/tmp/malware_cleaner_log_17626679050675704.txt --progress=/tmp/malware_cleaner_progress_17626679050675258.json --csv_result=/tmp/revisium_csvfile_17626679050675470.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50226 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:28:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50525 DPT=9827 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:28:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=62783 PROTO=TCP SPT=53857 DPT=44354 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:28:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.188.206.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5379 PROTO=TCP SPT=40590 DPT=31000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:28:32 server83 aibolit_wrapper[27697]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679123287742.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679123289328.txt --log=/tmp/malware_cleaner_log_17626679123291028.txt --progress=/tmp/malware_cleaner_progress_17626679123290588.json --csv_result=/tmp/revisium_csvfile_17626679123290760.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22473 SEQ=1 Nov 9 11:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10041 SEQ=1 Nov 9 11:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37010 SEQ=1 Nov 9 11:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37799 SEQ=1 Nov 9 11:28:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9994 SEQ=1 Nov 9 11:28:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:28:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=56608 PROTO=TCP SPT=56185 DPT=7922 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11918 SEQ=1 Nov 9 11:28:40 server83 aibolit_wrapper[27997]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679206439340.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679206440704.txt --log=/tmp/malware_cleaner_log_17626679206441826.txt --progress=/tmp/malware_cleaner_progress_17626679206441498.json --csv_result=/tmp/revisium_csvfile_17626679206441648.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13156 DF PROTO=TCP SPT=53203 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:28:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13157 DF PROTO=TCP SPT=53203 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13158 DF PROTO=TCP SPT=53203 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:28:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3657 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:28:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 11:28:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.lock: ProactiveModel.Host should not be empty Nov 9 11:28:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.created: ProactiveModel.Host should not be empty Nov 9 11:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:28:47 server83 aibolit_wrapper[28219]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679278869600.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679278870712.txt --log=/tmp/malware_cleaner_log_17626679278871898.txt --progress=/tmp/malware_cleaner_progress_17626679278871546.json --csv_result=/tmp/revisium_csvfile_17626679278871706.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13159 DF PROTO=TCP SPT=53203 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:28:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=680 SEQ=1 Nov 9 11:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63942 SEQ=1 Nov 9 11:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55432 SEQ=1 Nov 9 11:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=680 SEQ=1 Nov 9 11:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55432 SEQ=1 Nov 9 11:28:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28921 PROTO=TCP SPT=46360 DPT=13671 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:28:55 server83 aibolit_wrapper[28408]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679351416316.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626679351420324.txt --progress=/tmp/malware_cleaner_progress_17626679351419662.json --csv_result=/tmp/revisium_csvfile_17626679351419986.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:28:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13160 DF PROTO=TCP SPT=53203 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:28:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=57527 PROTO=TCP SPT=38642 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4489] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4494] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4496] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4500] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4511] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4515] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:28:59 server83 NetworkManager[922]: <info> [1762667939.4529] dhcp4 (eth1): dhclient started with pid 28535 Nov 9 11:28:59 server83 dhclient[28535]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x49103643) Nov 9 11:29:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=57528 PROTO=TCP SPT=38642 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51882 PROTO=TCP SPT=36399 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=57529 PROTO=TCP SPT=38642 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:29:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.171 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42841 DPT=20000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:29:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 11:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:29:01 server83 systemd: Started Session 311111 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311112 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311113 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311114 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311115 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311117 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311116 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311118 of user root. Nov 9 11:29:01 server83 systemd: Started Session 311119 of user root. Nov 9 11:29:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16398 SEQ=1 Nov 9 11:29:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51883 PROTO=TCP SPT=36399 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:02 server83 dhclient[28535]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x49103643) Nov 9 11:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16398 SEQ=1 Nov 9 11:29:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51884 PROTO=TCP SPT=36399 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36511 SEQ=1 Nov 9 11:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64350 SEQ=1 Nov 9 11:29:03 server83 aibolit_wrapper[28746]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679436397056.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679436398866.txt --log=/tmp/malware_cleaner_log_17626679436400690.txt --progress=/tmp/malware_cleaner_progress_17626679436400296.json --csv_result=/tmp/revisium_csvfile_17626679436400476.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43734 SEQ=1 Nov 9 11:29:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51885 PROTO=TCP SPT=36399 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=51886 PROTO=TCP SPT=36399 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:29:10 server83 dhclient[28535]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x49103643) Nov 9 11:29:11 server83 aibolit_wrapper[28995]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679518834960.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679518836662.txt --log=/tmp/malware_cleaner_log_17626679518838560.txt --progress=/tmp/malware_cleaner_progress_17626679518838136.json --csv_result=/tmp/revisium_csvfile_17626679518838332.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:14 server83 systemd: Started Session c2873 of user root. Nov 9 11:29:14 server83 scripts.sh: Load Average: 2.29 , 2.18 Nov 9 11:29:14 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:29:14 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:29:14 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:29:14 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:29:14 server83 scripts.sh: MySQL Status: active Nov 9 11:29:14 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:29:14 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:29:14 server83 scripts.sh: SSHD Status: active Nov 9 11:29:14 server83 scripts.sh: FTP Status: active Nov 9 11:29:14 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:29:14 server83 scripts.sh: Imunify Status: Active Nov 9 11:29:14 server83 scripts.sh: cPanel Status: active Nov 9 11:29:14 server83 scripts.sh: Memory Status: 11/31 GB - 38.28% Nov 9 11:29:14 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:29:14 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:29:14 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:29:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.190.163.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33265 DPT=8092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21364 SEQ=1 Nov 9 11:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57504 SEQ=1 Nov 9 11:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22866 SEQ=1 Nov 9 11:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4134 SEQ=1 Nov 9 11:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56261 SEQ=1 Nov 9 11:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9523 SEQ=1 Nov 9 11:29:20 server83 aibolit_wrapper[29386]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679605471546.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679605473102.txt --log=/tmp/malware_cleaner_log_17626679605474556.txt --progress=/tmp/malware_cleaner_progress_17626679605474124.json --csv_result=/tmp/revisium_csvfile_17626679605474350.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19979 SEQ=1 Nov 9 11:29:23 server83 dhclient[28535]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x49103643) Nov 9 11:29:27 server83 aibolit_wrapper[29579]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679677063446.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679677065188.txt --log=/tmp/malware_cleaner_log_17626679677066660.txt --progress=/tmp/malware_cleaner_progress_17626679677066256.json --csv_result=/tmp/revisium_csvfile_17626679677066416.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3663 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.92.46 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=45 ID=53342 DF PROTO=TCP SPT=54366 DPT=8847 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 11:29:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:29:36 server83 dhclient[28535]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x49103643) Nov 9 11:29:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.199 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53135 DPT=4911 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:29:36 server83 aibolit_wrapper[29854]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679763529816.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679763530794.txt --log=/tmp/malware_cleaner_log_17626679763531728.txt --progress=/tmp/malware_cleaner_progress_17626679763531470.json --csv_result=/tmp/revisium_csvfile_17626679763531588.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65423 SEQ=1 Nov 9 11:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=783 SEQ=1 Nov 9 11:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65423 SEQ=1 Nov 9 11:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47750 SEQ=1 Nov 9 11:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17447 SEQ=1 Nov 9 11:29:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:29:42 server83 aibolit_wrapper[30036]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679825165132.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679825166414.txt --log=/tmp/malware_cleaner_log_17626679825167654.txt --progress=/tmp/malware_cleaner_progress_17626679825167308.json --csv_result=/tmp/revisium_csvfile_17626679825167466.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:44 server83 NetworkManager[922]: <warn> [1762667984.4503] dhcp4 (eth1): request timed out Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28535 Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:29:44 server83 NetworkManager[922]: <warn> [1762667984.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4716] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4726] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4729] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:29:44 server83 NetworkManager[922]: <info> [1762667984.4742] dhcp4 (eth1): dhclient started with pid 30088 Nov 9 11:29:44 server83 dhclient[30088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4cf34c49) Nov 9 11:29:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3655 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:29:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 11:29:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:29:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5065 SEQ=1 Nov 9 11:29:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42310 SEQ=1 Nov 9 11:29:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5065 SEQ=1 Nov 9 11:29:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:29:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:29:48 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:29:49 server83 dhclient[30088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x4cf34c49) Nov 9 11:29:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.219.185.154 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=25686 DF PROTO=TCP SPT=50216 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:29:50 server83 aibolit_wrapper[30387]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679900533654.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679900535106.txt --log=/tmp/malware_cleaner_log_17626679900536442.txt --progress=/tmp/malware_cleaner_progress_17626679900536120.json --csv_result=/tmp/revisium_csvfile_17626679900536260.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16442 SEQ=1 Nov 9 11:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25394 SEQ=1 Nov 9 11:29:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.124 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=44578 PROTO=TCP SPT=37415 DPT=8889 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:29:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.219.185.154 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=25687 DF PROTO=TCP SPT=50216 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 11:29:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26567 SEQ=1 Nov 9 11:29:57 server83 aibolit_wrapper[30608]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626679974355596.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626679974357266.txt --log=/tmp/malware_cleaner_log_17626679974358868.txt --progress=/tmp/malware_cleaner_progress_17626679974358448.json --csv_result=/tmp/revisium_csvfile_17626679974358626.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:29:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.219.185.154 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=25688 DF PROTO=TCP SPT=50216 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 11:29:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3656 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42094 SEQ=1 Nov 9 11:30:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54108 SEQ=1 Nov 9 11:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:30:01 server83 systemd: Started Session 311120 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311122 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311125 of user root. Nov 9 11:30:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 11:30:01 server83 systemd: Started Session 311126 of user sanatanhinduvahi. Nov 9 11:30:01 server83 systemd: Started Session 311121 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311127 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311124 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311123 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311130 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311128 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311129 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311132 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311133 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311131 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311134 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311135 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311136 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311137 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311138 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311140 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311139 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311141 of user root. Nov 9 11:30:01 server83 systemd: Started Session 311142 of user root. Nov 9 11:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5045 SEQ=1 Nov 9 11:30:02 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 11:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1235 SEQ=1 Nov 9 11:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52313 SEQ=1 Nov 9 11:30:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49880 DPT=9833 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:03 server83 dhclient[30088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4cf34c49) Nov 9 11:30:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60356 SEQ=1 Nov 9 11:30:04 server83 aibolit_wrapper[31310]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680046685560.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680046686608.txt --log=/tmp/malware_cleaner_log_17626680046687432.txt --progress=/tmp/malware_cleaner_progress_17626680046687210.json --csv_result=/tmp/revisium_csvfile_17626680046687314.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27568 PROTO=TCP SPT=32980 DPT=8190 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.238 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56910 DPT=20121 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.94.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33875 DPT=8889 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54887 SEQ=1 Nov 9 11:30:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54887 SEQ=1 Nov 9 11:30:11 server83 aibolit_wrapper[32152]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680111235958.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626680111238324.txt --progress=/tmp/malware_cleaner_progress_17626680111237986.json --csv_result=/tmp/revisium_csvfile_17626680111238144.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:16 server83 aibolit_wrapper[367]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680164515674.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680164516518.txt --log=/tmp/malware_cleaner_log_17626680164517536.txt --progress=/tmp/malware_cleaner_progress_17626680164517254.json --csv_result=/tmp/revisium_csvfile_17626680164517388.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53544 PROTO=TCP SPT=46340 DPT=5106 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:18 server83 dhclient[30088]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4cf34c49) Nov 9 11:30:20 server83 aibolit_wrapper[1012]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680205513206.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680205514038.txt --log=/tmp/malware_cleaner_log_17626680205514792.txt --progress=/tmp/malware_cleaner_progress_17626680205514590.json --csv_result=/tmp/revisium_csvfile_17626680205514694.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=12297 PROTO=TCP SPT=36559 DPT=4518 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57900 SEQ=1 Nov 9 11:30:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27250 SEQ=1 Nov 9 11:30:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=545 SEQ=1 Nov 9 11:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43502 SEQ=1 Nov 9 11:30:29 server83 NetworkManager[922]: <warn> [1762668029.4503] dhcp4 (eth1): request timed out Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4824] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 30088 Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4824] dhcp4 (eth1): state changed timeout -> done Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4826] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:30:29 server83 NetworkManager[922]: <warn> [1762668029.4831] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4833] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4865] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4869] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4870] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4873] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4882] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4885] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:30:29 server83 NetworkManager[922]: <info> [1762668029.4897] dhcp4 (eth1): dhclient started with pid 2087 Nov 9 11:30:29 server83 dhclient[2087]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x4e77b895) Nov 9 11:30:30 server83 aibolit_wrapper[2210]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680302588272.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680302589558.txt --log=/tmp/malware_cleaner_log_17626680302590808.txt --progress=/tmp/malware_cleaner_progress_17626680302590476.json --csv_result=/tmp/revisium_csvfile_17626680302590626.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29354 SEQ=1 Nov 9 11:30:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7954 SEQ=1 Nov 9 11:30:35 server83 dhclient[2087]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4e77b895) Nov 9 11:30:36 server83 aibolit_wrapper[2984]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680363276840.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680363277872.txt --log=/tmp/malware_cleaner_log_17626680363278962.txt --progress=/tmp/malware_cleaner_progress_17626680363278656.json --csv_result=/tmp/revisium_csvfile_17626680363278788.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=222.186.13.133 DST=145.239.177.179 LEN=92 TOS=0x00 PREC=0x00 TTL=43 ID=27186 PROTO=UDP SPT=35807 DPT=17185 LEN=72 Nov 9 11:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27733 SEQ=1 Nov 9 11:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12008 SEQ=1 Nov 9 11:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12103 SEQ=1 Nov 9 11:30:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:30:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:30:42 server83 aibolit_wrapper[3746]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680428271698.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680428273410.txt --log=/tmp/malware_cleaner_log_17626680428274944.txt --progress=/tmp/malware_cleaner_progress_17626680428274498.json --csv_result=/tmp/revisium_csvfile_17626680428274704.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=97.107.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=44448 DPT=5222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3654 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:30:46 server83 dhclient[2087]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4e77b895) Nov 9 11:30:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.internal: ProactiveModel.Host should not be empty Nov 9 11:30:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 11:30:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:30:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:30:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.189 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=31309 PROTO=TCP SPT=63497 DPT=88 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4421 SEQ=1 Nov 9 11:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21933 SEQ=1 Nov 9 11:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47002 SEQ=1 Nov 9 11:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19289 SEQ=1 Nov 9 11:30:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42959 SEQ=1 Nov 9 11:30:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53514 SEQ=1 Nov 9 11:30:54 server83 aibolit_wrapper[5470]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680541804132.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680541806066.txt --log=/tmp/malware_cleaner_log_17626680541808972.txt --progress=/tmp/malware_cleaner_progress_17626680541808216.json --csv_result=/tmp/revisium_csvfile_17626680541808486.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:30:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.143 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=12127 PROTO=TCP SPT=44665 DPT=36641 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:30:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55110 PROTO=TCP SPT=50003 DPT=6166 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:30:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:30:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:30:57 server83 dhclient[2087]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x4e77b895) Nov 9 11:31:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:31:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:31:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.36 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=59950 DF PROTO=TCP SPT=55945 DPT=23080 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:31:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29861 PROTO=TCP SPT=44148 DPT=8760 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:01 server83 systemd: Started Session 311143 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311144 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311145 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311146 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311147 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311148 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311149 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311150 of user root. Nov 9 11:31:01 server83 systemd: Started Session 311151 of user root. Nov 9 11:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51011 SEQ=1 Nov 9 11:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11370 SEQ=1 Nov 9 11:31:02 server83 aibolit_wrapper[6774]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680628129508.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680628131036.txt --log=/tmp/malware_cleaner_log_17626680628132216.txt --progress=/tmp/malware_cleaner_progress_17626680628131910.json --csv_result=/tmp/revisium_csvfile_17626680628132052.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45870 SEQ=1 Nov 9 11:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47650 SEQ=1 Nov 9 11:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24140 SEQ=1 Nov 9 11:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45671 PROTO=TCP SPT=41811 DPT=2409 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:31:12 server83 aibolit_wrapper[8005]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680720969608.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680720970626.txt --log=/tmp/malware_cleaner_log_17626680720971590.txt --progress=/tmp/malware_cleaner_progress_17626680720971272.json --csv_result=/tmp/revisium_csvfile_17626680720971394.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:14 server83 NetworkManager[922]: <warn> [1762668074.4383] dhcp4 (eth1): request timed out Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4543] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2087 Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4543] dhcp4 (eth1): state changed timeout -> done Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4545] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:31:14 server83 NetworkManager[922]: <warn> [1762668074.4549] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4550] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4577] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4579] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4580] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4582] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4590] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4591] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:31:14 server83 NetworkManager[922]: <info> [1762668074.4602] dhcp4 (eth1): dhclient started with pid 8284 Nov 9 11:31:14 server83 dhclient[8284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6af8272b) Nov 9 11:31:18 server83 dhclient[8284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6af8272b) Nov 9 11:31:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=10346 PROTO=TCP SPT=46360 DPT=43673 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:31:21 server83 aibolit_wrapper[9233]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680815997936.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680815999038.txt --log=/tmp/malware_cleaner_log_17626680816000078.txt --progress=/tmp/malware_cleaner_progress_17626680815999834.json --csv_result=/tmp/revisium_csvfile_17626680815999948.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3898 PROTO=TCP SPT=32826 DPT=4005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2175 SEQ=1 Nov 9 11:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58880 SEQ=1 Nov 9 11:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37625 SEQ=1 Nov 9 11:31:26 server83 dhclient[8284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6af8272b) Nov 9 11:31:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.255 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52370 DF PROTO=TCP SPT=64678 DPT=8441 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:31:30 server83 aibolit_wrapper[10290]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680900430028.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680900431202.txt --log=/tmp/malware_cleaner_log_17626680900432062.txt --progress=/tmp/malware_cleaner_progress_17626680900431864.json --csv_result=/tmp/revisium_csvfile_17626680900431946.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30529 PROTO=TCP SPT=45727 DPT=32044 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31735 SEQ=1 Nov 9 11:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31735 SEQ=1 Nov 9 11:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8397 SEQ=1 Nov 9 11:31:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:31:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54538 DPT=9478 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:36 server83 dhclient[8284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x6af8272b) Nov 9 11:31:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46515 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6135 SEQ=1 Nov 9 11:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58517 SEQ=1 Nov 9 11:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55873 SEQ=1 Nov 9 11:31:39 server83 aibolit_wrapper[11584]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626680992583808.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626680992585786.txt --log=/tmp/malware_cleaner_log_17626680992587908.txt --progress=/tmp/malware_cleaner_progress_17626680992587486.json --csv_result=/tmp/revisium_csvfile_17626680992587678.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:31:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.134 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=48848 DPT=5222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:45 server83 aibolit_wrapper[12425]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681054741952.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626681054743742.txt --progress=/tmp/malware_cleaner_progress_17626681054743560.json --csv_result=/tmp/revisium_csvfile_17626681054743648.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:31:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:31:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.include: ProactiveModel.Host should not be empty Nov 9 11:31:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.post: ProactiveModel.Host should not be empty Nov 9 11:31:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:31:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41532 PROTO=TCP SPT=45727 DPT=31055 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:31:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41058 SEQ=1 Nov 9 11:31:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39118 PROTO=TCP SPT=53789 DPT=37443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36817 SEQ=1 Nov 9 11:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63140 SEQ=1 Nov 9 11:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40483 SEQ=1 Nov 9 11:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63140 SEQ=1 Nov 9 11:31:55 server83 dhclient[8284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x6af8272b) Nov 9 11:31:57 server83 aibolit_wrapper[14040]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681179307712.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681179309042.txt --log=/tmp/malware_cleaner_log_17626681179310332.txt --progress=/tmp/malware_cleaner_progress_17626681179310066.json --csv_result=/tmp/revisium_csvfile_17626681179310184.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:31:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.174 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49173 DPT=9604 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59079 DPT=990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:31:59 server83 NetworkManager[922]: <warn> [1762668119.4413] dhcp4 (eth1): request timed out Nov 9 11:31:59 server83 NetworkManager[922]: <info> [1762668119.4414] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:31:59 server83 NetworkManager[922]: <info> [1762668119.4492] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8284 Nov 9 11:31:59 server83 NetworkManager[922]: <info> [1762668119.4492] dhcp4 (eth1): state changed timeout -> done Nov 9 11:31:59 server83 NetworkManager[922]: <info> [1762668119.4494] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:31:59 server83 NetworkManager[922]: <warn> [1762668119.4497] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:31:59 server83 NetworkManager[922]: <info> [1762668119.4499] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:32:01 server83 systemd: Started Session 311155 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311153 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311154 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311157 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311152 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311156 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311159 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311160 of user root. Nov 9 11:32:01 server83 systemd: Started Session 311158 of user root. Nov 9 11:32:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34686 SEQ=1 Nov 9 11:32:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53190 SEQ=1 Nov 9 11:32:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34686 SEQ=1 Nov 9 11:32:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27749 SEQ=1 Nov 9 11:32:07 server83 aibolit_wrapper[15228]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681271438410.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681271439424.txt --log=/tmp/malware_cleaner_log_17626681271440260.txt --progress=/tmp/malware_cleaner_progress_17626681271440050.json --csv_result=/tmp/revisium_csvfile_17626681271440142.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36552 PROTO=TCP SPT=53077 DPT=4901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:32:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=240 PROTO=TCP SPT=56884 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47373 PROTO=TCP SPT=50121 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.65.183.152 DST=51.210.113.204 LEN=44 TOS=0x0E PREC=0x20 TTL=238 ID=26437 PROTO=TCP SPT=80 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=241 PROTO=TCP SPT=56884 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:32:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=47374 PROTO=TCP SPT=50121 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:32:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23542 PROTO=TCP SPT=43816 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:32:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23544 PROTO=TCP SPT=43816 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13298 SEQ=1 Nov 9 11:32:17 server83 aibolit_wrapper[16531]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681377674000.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681377675424.txt --log=/tmp/malware_cleaner_log_17626681377676692.txt --progress=/tmp/malware_cleaner_progress_17626681377676352.json --csv_result=/tmp/revisium_csvfile_17626681377676504.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2435 SEQ=1 Nov 9 11:32:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53769 SEQ=1 Nov 9 11:32:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13298 SEQ=1 Nov 9 11:32:22 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 11:32:22 server83 systemd: Stopped Status Update Service. Nov 9 11:32:22 server83 systemd: Started Status Update Service. Nov 9 11:32:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:32:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49342 PROTO=TCP SPT=34841 DPT=8706 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:32:26 server83 aibolit_wrapper[17598]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681460268478.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681460269958.txt --log=/tmp/malware_cleaner_log_17626681460271894.txt --progress=/tmp/malware_cleaner_progress_17626681460271310.json --csv_result=/tmp/revisium_csvfile_17626681460271584.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:31 server83 aibolit_wrapper[18385]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681517438776.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681517439608.txt --log=/tmp/malware_cleaner_log_17626681517440402.txt --progress=/tmp/malware_cleaner_progress_17626681517440188.json --csv_result=/tmp/revisium_csvfile_17626681517440292.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59272 SEQ=1 Nov 9 11:32:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=64506 PROTO=TCP SPT=59148 DPT=8083 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64648 SEQ=1 Nov 9 11:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20436 SEQ=1 Nov 9 11:32:37 server83 aibolit_wrapper[19219]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681575172704.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681575174244.txt --log=/tmp/malware_cleaner_log_17626681575176070.txt --progress=/tmp/malware_cleaner_progress_17626681575175586.json --csv_result=/tmp/revisium_csvfile_17626681575175798.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64648 SEQ=1 Nov 9 11:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23392 SEQ=1 Nov 9 11:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59272 SEQ=1 Nov 9 11:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23392 SEQ=1 Nov 9 11:32:41 server83 aibolit_wrapper[19685]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681616573842.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681616575094.txt --log=/tmp/malware_cleaner_log_17626681616576316.txt --progress=/tmp/malware_cleaner_progress_17626681616575990.json --csv_result=/tmp/revisium_csvfile_17626681616576142.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:32:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rfind: ProactiveModel.Host should not be empty Nov 9 11:32:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 11:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:32:47 server83 aibolit_wrapper[20436]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681672888878.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681672890444.txt --log=/tmp/malware_cleaner_log_17626681672892432.txt --progress=/tmp/malware_cleaner_progress_17626681672891908.json --csv_result=/tmp/revisium_csvfile_17626681672892132.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.134 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45430 PROTO=TCP SPT=49508 DPT=591 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35911 SEQ=1 Nov 9 11:32:51 server83 aibolit_wrapper[20920]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681715419816.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681715422034.txt --log=/tmp/malware_cleaner_log_17626681715423972.txt --progress=/tmp/malware_cleaner_progress_17626681715423472.json --csv_result=/tmp/revisium_csvfile_17626681715423708.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24161 SEQ=1 Nov 9 11:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24161 SEQ=1 Nov 9 11:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60891 SEQ=1 Nov 9 11:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60891 SEQ=1 Nov 9 11:32:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13161 DF PROTO=TCP SPT=57533 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:32:55 server83 aibolit_wrapper[21398]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681757096018.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681757096796.txt --log=/tmp/malware_cleaner_log_17626681757097574.txt --progress=/tmp/malware_cleaner_progress_17626681757097354.json --csv_result=/tmp/revisium_csvfile_17626681757097444.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13162 DF PROTO=TCP SPT=57533 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:32:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16898 PROTO=TCP SPT=58299 DPT=8624 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:32:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13163 DF PROTO=TCP SPT=57533 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:32:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=65448 PROTO=TCP SPT=55975 DPT=7612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.144 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=35168 PROTO=TCP SPT=44971 DPT=6003 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:33:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61991 SEQ=1 Nov 9 11:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:33:01 server83 systemd: Started Session 311161 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311162 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311163 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311165 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311164 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311166 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311167 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311168 of user root. Nov 9 11:33:01 server83 systemd: Started Session 311169 of user root. Nov 9 11:33:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13164 DF PROTO=TCP SPT=57533 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:33:01 server83 aibolit_wrapper[22303]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681819578784.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681819579746.txt --log=/tmp/malware_cleaner_log_17626681819580744.txt --progress=/tmp/malware_cleaner_progress_17626681819580452.json --csv_result=/tmp/revisium_csvfile_17626681819580578.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46489 SEQ=1 Nov 9 11:33:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63164 SEQ=1 Nov 9 11:33:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53597 SEQ=1 Nov 9 11:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53597 SEQ=1 Nov 9 11:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37919 SEQ=1 Nov 9 11:33:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.167 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52536 DPT=20256 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:09 server83 aibolit_wrapper[23304]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681894275038.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626681894277528.txt --progress=/tmp/malware_cleaner_progress_17626681894277254.json --csv_result=/tmp/revisium_csvfile_17626681894277366.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13165 DF PROTO=TCP SPT=57533 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:33:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3662 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:14 server83 aibolit_wrapper[23941]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626681946707454.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626681946708568.txt --log=/tmp/malware_cleaner_log_17626681946709736.txt --progress=/tmp/malware_cleaner_progress_17626681946709440.json --csv_result=/tmp/revisium_csvfile_17626681946709574.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:20 server83 aibolit_wrapper[24798]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682009083666.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682009085388.txt --log=/tmp/malware_cleaner_log_17626682009087040.txt --progress=/tmp/malware_cleaner_progress_17626682009086570.json --csv_result=/tmp/revisium_csvfile_17626682009086788.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.114.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49368 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45567 SEQ=1 Nov 9 11:33:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48783 PROTO=TCP SPT=56698 DPT=8203 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.165 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56918 DPT=9986 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:26 server83 aibolit_wrapper[25489]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682064211752.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682064212546.txt --log=/tmp/malware_cleaner_log_17626682064213422.txt --progress=/tmp/malware_cleaner_progress_17626682064213202.json --csv_result=/tmp/revisium_csvfile_17626682064213312.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.249 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52931 DPT=9449 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32848 PROTO=TCP SPT=46370 DPT=2897 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=14001 PROTO=TCP SPT=56448 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:32 server83 aibolit_wrapper[26315]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682127113436.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682127114942.txt --log=/tmp/malware_cleaner_log_17626682127116386.txt --progress=/tmp/malware_cleaner_progress_17626682127116024.json --csv_result=/tmp/revisium_csvfile_17626682127116172.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=69.87.207.135 DST=51.210.113.204 LEN=71 TOS=0x08 PREC=0x20 TTL=44 ID=9320 DF PROTO=UDP SPT=8000 DPT=8080 LEN=51 Nov 9 11:33:38 server83 aibolit_wrapper[27157]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682184204726.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682184206508.txt --log=/tmp/malware_cleaner_log_17626682184207572.txt --progress=/tmp/malware_cleaner_progress_17626682184207306.json --csv_result=/tmp/revisium_csvfile_17626682184207434.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7983 SEQ=1 Nov 9 11:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36888 SEQ=1 Nov 9 11:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47206 SEQ=1 Nov 9 11:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36888 SEQ=1 Nov 9 11:33:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=100.29.192.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=40333 DPT=5061 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:40 server83 pam_imunify_daemon.bin: time="2025-11-09T11:33:40+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 11:33:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33628 PROTO=TCP SPT=44926 DPT=8580 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:33:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.180 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55550 DPT=24100 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3661 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13166 DF PROTO=TCP SPT=58739 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:33:44 server83 aibolit_wrapper[27942]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682246500158.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682246501804.txt --log=/tmp/malware_cleaner_log_17626682246503490.txt --progress=/tmp/malware_cleaner_progress_17626682246502982.json --csv_result=/tmp/revisium_csvfile_17626682246503252.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13167 DF PROTO=TCP SPT=58739 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:33:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 11:33:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 11:33:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13925 SEQ=1 Nov 9 11:33:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13168 DF PROTO=TCP SPT=58739 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:33:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55346 SEQ=1 Nov 9 11:33:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.84.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36089 DPT=119 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50377 PROTO=TCP SPT=56949 DPT=8507 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9757 SEQ=1 Nov 9 11:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43199 SEQ=1 Nov 9 11:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33433 SEQ=1 Nov 9 11:33:51 server83 aibolit_wrapper[28848]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682310932736.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682310934468.txt --log=/tmp/malware_cleaner_log_17626682310936208.txt --progress=/tmp/malware_cleaner_progress_17626682310935822.json --csv_result=/tmp/revisium_csvfile_17626682310935998.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13169 DF PROTO=TCP SPT=58739 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43199 SEQ=1 Nov 9 11:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2010 SEQ=1 Nov 9 11:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55346 SEQ=1 Nov 9 11:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3653 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56847 DPT=46307 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:33:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53738 PROTO=TCP SPT=45727 DPT=30452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:33:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:33:57 server83 aibolit_wrapper[29697]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682374602604.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682374604478.txt --log=/tmp/malware_cleaner_log_17626682374606394.txt --progress=/tmp/malware_cleaner_progress_17626682374605848.json --csv_result=/tmp/revisium_csvfile_17626682374606070.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:33:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13170 DF PROTO=TCP SPT=58739 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:34:01 server83 systemd: Started Session 311170 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311171 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311172 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311173 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311174 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311175 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311176 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311177 of user root. Nov 9 11:34:01 server83 systemd: Started Session 311178 of user root. Nov 9 11:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:34:01 server83 aibolit_wrapper[30321]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682416300986.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682416301784.txt --log=/tmp/malware_cleaner_log_17626682416302564.txt --progress=/tmp/malware_cleaner_progress_17626682416302354.json --csv_result=/tmp/revisium_csvfile_17626682416302444.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45983 SEQ=1 Nov 9 11:34:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64359 SEQ=1 Nov 9 11:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16751 SEQ=1 Nov 9 11:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45983 SEQ=1 Nov 9 11:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45215 SEQ=1 Nov 9 11:34:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=58330 PROTO=TCP SPT=60214 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=58331 PROTO=TCP SPT=60214 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=58332 PROTO=TCP SPT=60214 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=58333 PROTO=TCP SPT=60214 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=55205 PROTO=TCP SPT=55975 DPT=7608 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:34:13 server83 aibolit_wrapper[31799]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682533665616.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682533667182.txt --log=/tmp/malware_cleaner_log_17626682533669214.txt --progress=/tmp/malware_cleaner_progress_17626682533668606.json --csv_result=/tmp/revisium_csvfile_17626682533668868.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=58334 PROTO=TCP SPT=60214 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13171 DF PROTO=TCP SPT=59498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:34:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=63701 PROTO=TCP SPT=55975 DPT=7606 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:34:18 server83 aibolit_wrapper[32363]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682587017824.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682587019272.txt --log=/tmp/malware_cleaner_log_17626682587020374.txt --progress=/tmp/malware_cleaner_progress_17626682587020082.json --csv_result=/tmp/revisium_csvfile_17626682587020208.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13172 DF PROTO=TCP SPT=59498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:34:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13173 DF PROTO=TCP SPT=59498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:34:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47714 SEQ=1 Nov 9 11:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60108 SEQ=1 Nov 9 11:34:24 server83 aibolit_wrapper[841]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682644827624.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682644829386.txt --log=/tmp/malware_cleaner_log_17626682644830924.txt --progress=/tmp/malware_cleaner_progress_17626682644830616.json --csv_result=/tmp/revisium_csvfile_17626682644830764.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13174 DF PROTO=TCP SPT=59498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:34:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.163.6.104 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=56245 PROTO=TCP SPT=49322 DPT=8040 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:29 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 11:34:29 server83 aibolit_wrapper[1584]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682696695976.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682696697762.txt --log=/tmp/malware_cleaner_log_17626682696699358.txt --progress=/tmp/malware_cleaner_progress_17626682696698926.json --csv_result=/tmp/revisium_csvfile_17626682696699092.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65495 SEQ=1 Nov 9 11:34:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28214 SEQ=1 Nov 9 11:34:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:34:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65495 SEQ=1 Nov 9 11:34:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.194.231.192 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=0 DF PROTO=TCP SPT=43863 DPT=6016 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:34:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13175 DF PROTO=TCP SPT=59498 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:34:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36051 PROTO=TCP SPT=53782 DPT=9237 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=164.92.87.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=26437 PROTO=TCP SPT=80 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:35 server83 aibolit_wrapper[2277]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682750018390.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682750020382.txt --log=/tmp/malware_cleaner_log_17626682750022104.txt --progress=/tmp/malware_cleaner_progress_17626682750021662.json --csv_result=/tmp/revisium_csvfile_17626682750021872.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.12 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=31495 PROTO=TCP SPT=26200 DPT=12392 WINDOW=13005 RES=0x00 SYN URGP=0 Nov 9 11:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25081 SEQ=1 Nov 9 11:34:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.246 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50705 DPT=1443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38803 SEQ=1 Nov 9 11:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31553 SEQ=1 Nov 9 11:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32389 SEQ=1 Nov 9 11:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38803 SEQ=1 Nov 9 11:34:40 server83 aibolit_wrapper[2924]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682804049186.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682804050530.txt --log=/tmp/malware_cleaner_log_17626682804051760.txt --progress=/tmp/malware_cleaner_progress_17626682804051404.json --csv_result=/tmp/revisium_csvfile_17626682804051556.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27085 PROTO=TCP SPT=34425 DPT=4776 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:34:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=18308 PROTO=TCP SPT=56185 DPT=7910 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:34:44 server83 aibolit_wrapper[3433]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682845648846.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682845649952.txt --log=/tmp/malware_cleaner_log_17626682845651342.txt --progress=/tmp/malware_cleaner_progress_17626682845650936.json --csv_result=/tmp/revisium_csvfile_17626682845651114.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.45 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=2022 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:34:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60575 PROTO=TCP SPT=61023 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.ob_iconv_handle: ProactiveModel.Host should not be empty Nov 9 11:34:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 11:34:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.cache: ProactiveModel.Host should not be empty Nov 9 11:34:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:34:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60576 PROTO=TCP SPT=61023 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29208 SEQ=1 Nov 9 11:34:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28104 PROTO=TCP SPT=39928 DPT=5383 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21785 PROTO=TCP SPT=58292 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60577 PROTO=TCP SPT=61023 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:34:48 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:34:48 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:34:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=1430 PROTO=TCP SPT=64102 DPT=31377 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:34:51 server83 aibolit_wrapper[4405]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682910017498.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682910019044.txt --log=/tmp/malware_cleaner_log_17626682910020702.txt --progress=/tmp/malware_cleaner_progress_17626682910020110.json --csv_result=/tmp/revisium_csvfile_17626682910020364.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21789 PROTO=TCP SPT=58292 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:34:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61327 SEQ=1 Nov 9 11:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17797 SEQ=1 Nov 9 11:34:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47896 SEQ=1 Nov 9 11:34:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5555 PROTO=TCP SPT=47657 DPT=8336 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:34:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:34:57 server83 aibolit_wrapper[5391]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626682973478474.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626682973479802.txt --log=/tmp/malware_cleaner_log_17626682973481304.txt --progress=/tmp/malware_cleaner_progress_17626682973480852.json --csv_result=/tmp/revisium_csvfile_17626682973481054.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:34:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.9 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=911 PROTO=TCP SPT=38755 DPT=9595 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:35:01 server83 systemd: Started Session 311181 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311180 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311182 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311184 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311183 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311179 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311185 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311186 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311188 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311189 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311190 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311191 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311187 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311192 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311193 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311194 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311195 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311196 of user root. Nov 9 11:35:01 server83 systemd: Started Session 311197 of user root. Nov 9 11:35:03 server83 aibolit_wrapper[6357]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683034798558.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626683034800516.txt --progress=/tmp/malware_cleaner_progress_17626683034800276.json --csv_result=/tmp/revisium_csvfile_17626683034800406.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62502 SEQ=1 Nov 9 11:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39661 PROTO=TCP SPT=49417 DPT=5887 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.124.152 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=35796 DPT=5601 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30146 SEQ=1 Nov 9 11:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48065 SEQ=1 Nov 9 11:35:08 server83 aibolit_wrapper[7115]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683087379546.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626683087381124.txt --log=/tmp/malware_cleaner_log_17626683087382848.txt --progress=/tmp/malware_cleaner_progress_17626683087382386.json --csv_result=/tmp/revisium_csvfile_17626683087382566.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31407 SEQ=1 Nov 9 11:35:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.67.107 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35768 DPT=8003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:12 server83 aibolit_wrapper[7692]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683129077320.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626683129078572.txt --log=/tmp/malware_cleaner_log_17626683129079800.txt --progress=/tmp/malware_cleaner_progress_17626683129079482.json --csv_result=/tmp/revisium_csvfile_17626683129079628.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48085 SEQ=1 Nov 9 11:35:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33041 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.127.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=57977 DPT=8091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3660 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7844 SEQ=1 Nov 9 11:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26065 SEQ=1 Nov 9 11:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7218 SEQ=1 Nov 9 11:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52310 SEQ=1 Nov 9 11:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34847 SEQ=1 Nov 9 11:35:22 server83 aibolit_wrapper[8867]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683222145408.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626683222147260.txt --log=/tmp/malware_cleaner_log_17626683222149546.txt --progress=/tmp/malware_cleaner_progress_17626683222148908.json --csv_result=/tmp/revisium_csvfile_17626683222149176.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.124 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=15270 PROTO=TCP SPT=46243 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.70.133 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=45586 PROTO=TCP SPT=60000 DPT=27017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.174.244.22 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=33476 DPT=8091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=11012 PROTO=TCP SPT=26956 DPT=20548 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:35:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:35:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=2902 PROTO=TCP SPT=37220 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.18.113 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42466 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24034 SEQ=1 Nov 9 11:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56937 SEQ=1 Nov 9 11:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41831 SEQ=1 Nov 9 11:35:34 server83 aibolit_wrapper[10407]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683343852668.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626683343854184.txt --log=/tmp/malware_cleaner_log_17626683343855464.txt --progress=/tmp/malware_cleaner_progress_17626683343855116.json --csv_result=/tmp/revisium_csvfile_17626683343855278.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50829 SEQ=1 Nov 9 11:35:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41831 SEQ=1 Nov 9 11:35:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23695 PROTO=TCP SPT=41811 DPT=2538 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:40 server83 aibolit_wrapper[11137]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683407048630.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626683407052516.txt --progress=/tmp/malware_cleaner_progress_17626683407051992.json --csv_result=/tmp/revisium_csvfile_17626683407052228.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:35:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.210 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=24075 PROTO=TCP SPT=56337 DPT=1100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rfind: ProactiveModel.Host should not be empty Nov 9 11:35:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:35:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:35:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=9079 PROTO=TCP SPT=40280 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60367 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3658 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3659 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63208 SEQ=1 Nov 9 11:35:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=16554 PROTO=TCP SPT=50302 DPT=2323 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63711 SEQ=1 Nov 9 11:35:53 server83 aibolit_wrapper[12858]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626683531195932.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626683531197238.txt --log=/tmp/malware_cleaner_log_17626683531198450.txt --progress=/tmp/malware_cleaner_progress_17626683531198110.json --csv_result=/tmp/revisium_csvfile_17626683531198270.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57708 SEQ=1 Nov 9 11:35:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=47429 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56423 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14667 SEQ=1 Nov 9 11:35:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:36:01 server83 systemd: Started Session 311200 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311199 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311198 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311202 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311203 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311205 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311201 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311204 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311206 of user root. Nov 9 11:36:01 server83 systemd: Started Session 311207 of user root. Nov 9 11:36:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8671 PROTO=TCP SPT=49956 DPT=25931 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32958 SEQ=1 Nov 9 11:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58885 SEQ=1 Nov 9 11:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6082 SEQ=1 Nov 9 11:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44507 SEQ=1 Nov 9 11:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36564 SEQ=1 Nov 9 11:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58885 SEQ=1 Nov 9 11:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15317 SEQ=1 Nov 9 11:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53657 SEQ=1 Nov 9 11:36:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.251 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52363 DPT=5020 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=53642 PROTO=TCP SPT=41580 DPT=104 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46992 SEQ=1 Nov 9 11:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53520 SEQ=1 Nov 9 11:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7949 SEQ=1 Nov 9 11:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39425 SEQ=1 Nov 9 11:36:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.209 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51011 DPT=48012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:36:30 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.35.152.121 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=50 ID=20491 DF PROTO=UDP SPT=23679 DPT=5353 LEN=45 Nov 9 11:36:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.52.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39943 DPT=104 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38769 SEQ=1 Nov 9 11:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10574 SEQ=1 Nov 9 11:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38074 SEQ=1 Nov 9 11:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19203 SEQ=1 Nov 9 11:36:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.186 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=56186 PROTO=TCP SPT=7371 DPT=8389 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:36:36 server83 scripts.sh: Sun Nov 9 11:36:36 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 11:36:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44341 SEQ=1 Nov 9 11:36:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38074 SEQ=1 Nov 9 11:36:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=36789 DPT=104 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13176 DF PROTO=TCP SPT=63020 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:36:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13177 DF PROTO=TCP SPT=63020 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:36:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.235.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=3125 DF PROTO=TCP SPT=44943 DPT=17200 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:36:42 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:36:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13178 DF PROTO=TCP SPT=63020 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:36:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.217.194.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55300 DPT=5959 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:36:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:36:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13179 DF PROTO=TCP SPT=63020 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:36:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:36:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=64745 PROTO=TCP SPT=46376 DPT=40502 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25646 SEQ=1 Nov 9 11:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61878 SEQ=1 Nov 9 11:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45029 SEQ=1 Nov 9 11:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8777 SEQ=1 Nov 9 11:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14135 SEQ=1 Nov 9 11:36:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46079 SEQ=1 Nov 9 11:36:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13180 DF PROTO=TCP SPT=63020 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:36:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.207 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50251 DPT=9103 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62833 PROTO=TCP SPT=52198 DPT=5630 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4781] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4786] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4787] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4791] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4802] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4805] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:36:59 server83 NetworkManager[922]: <info> [1762668419.4815] dhcp4 (eth1): dhclient started with pid 21797 Nov 9 11:36:59 server83 dhclient[21797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3a6b1464) Nov 9 11:36:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55047 DPT=9524 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.121 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=8737 DF PROTO=TCP SPT=56992 DPT=22105 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:37:01 server83 systemd: Started Session 311211 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311209 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311208 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311212 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311213 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311210 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311214 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311215 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311216 of user root. Nov 9 11:37:01 server83 systemd: Started Session 311217 of user root. Nov 9 11:37:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.121 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=8738 DF PROTO=TCP SPT=56992 DPT=22105 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:37:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.121 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=33085 DF PROTO=TCP SPT=57010 DPT=22105 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:37:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.121 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=33086 DF PROTO=TCP SPT=57010 DPT=22105 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:37:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.121 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=57364 DF PROTO=TCP SPT=57022 DPT=22105 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4891 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:06 server83 dhclient[21797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3a6b1464) Nov 9 11:37:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4892 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50789 SEQ=1 Nov 9 11:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28086 SEQ=1 Nov 9 11:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31265 SEQ=1 Nov 9 11:37:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4893 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.19 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54601 DPT=9093 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52465 SEQ=1 Nov 9 11:37:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.144.239.78 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=59534 DPT=10022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.203.30.22 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=48447 DPT=3390 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4894 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:37:14 server83 dhclient[21797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x3a6b1464) Nov 9 11:37:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.200.116.37 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36586 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7669 SEQ=1 Nov 9 11:37:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1433 SEQ=1 Nov 9 11:37:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60228 SEQ=1 Nov 9 11:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14113 SEQ=1 Nov 9 11:37:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4895 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7669 SEQ=1 Nov 9 11:37:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:37:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3922 PROTO=TCP SPT=46714 DPT=7453 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.141.172 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=3278 DF PROTO=TCP SPT=46411 DPT=2991 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55657 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.81.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42003 DPT=10022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=29081 PROTO=TCP SPT=44846 DPT=6000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15535 SEQ=1 Nov 9 11:37:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36721 SEQ=1 Nov 9 11:37:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64526 PROTO=TCP SPT=57869 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:34 server83 dhclient[21797]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x3a6b1464) Nov 9 11:37:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64527 PROTO=TCP SPT=57869 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43517 PROTO=TCP SPT=41918 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64528 PROTO=TCP SPT=57869 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43518 PROTO=TCP SPT=41918 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=64529 PROTO=TCP SPT=57869 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4896 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24092 SEQ=1 Nov 9 11:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36721 SEQ=1 Nov 9 11:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60580 SEQ=1 Nov 9 11:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=43520 PROTO=TCP SPT=41918 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52227 SEQ=1 Nov 9 11:37:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42532 SEQ=1 Nov 9 11:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43463 DF PROTO=TCP SPT=54900 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43464 DF PROTO=TCP SPT=54900 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:44 server83 NetworkManager[922]: <warn> [1762668464.4503] dhcp4 (eth1): request timed out Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21797 Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:37:44 server83 NetworkManager[922]: <warn> [1762668464.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4699] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4701] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4702] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4704] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4713] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4715] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:37:44 server83 NetworkManager[922]: <info> [1762668464.4725] dhcp4 (eth1): dhclient started with pid 27890 Nov 9 11:37:44 server83 dhclient[27890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x69539da6) Nov 9 11:37:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:37:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43465 DF PROTO=TCP SPT=54900 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51732 SEQ=1 Nov 9 11:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.87 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=41079 PROTO=TCP SPT=10365 DPT=8808 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:37:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=911 SEQ=1 Nov 9 11:37:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3652 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:37:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=911 SEQ=1 Nov 9 11:37:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16218 SEQ=1 Nov 9 11:37:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27182 SEQ=1 Nov 9 11:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24200 SEQ=1 Nov 9 11:37:51 server83 dhclient[27890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x69539da6) Nov 9 11:37:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:37:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:37:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=57506 DF PROTO=ICMP TYPE=8 CODE=0 ID=2564 SEQ=15565 Nov 9 11:37:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30720 PROTO=TCP SPT=53014 DPT=6778 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43466 DF PROTO=TCP SPT=54900 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:01 server83 systemd: Started Session 311219 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311218 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311221 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311222 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311220 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311223 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311224 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311225 of user root. Nov 9 11:38:01 server83 systemd: Started Session 311226 of user root. Nov 9 11:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6325 SEQ=1 Nov 9 11:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10683 SEQ=1 Nov 9 11:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24265 SEQ=1 Nov 9 11:38:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.200 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50966 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8931 SEQ=1 Nov 9 11:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5452 SEQ=1 Nov 9 11:38:04 server83 dhclient[27890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x69539da6) Nov 9 11:38:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51501 PROTO=TCP SPT=60425 DPT=4775 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:38:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3651 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:38:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6325 SEQ=1 Nov 9 11:38:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4897 DF PROTO=TCP SPT=50840 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=159.65.166.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=40178 PROTO=TCP SPT=61003 DPT=8080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43467 DF PROTO=TCP SPT=54900 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:14 server83 dhclient[27890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x69539da6) Nov 9 11:38:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59960 DPT=4145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:38:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=64941 PROTO=TCP SPT=46360 DPT=39454 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33969 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 11:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 11:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50886 SEQ=1 Nov 9 11:38:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33970 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19191 SEQ=1 Nov 9 11:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57908 SEQ=1 Nov 9 11:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58422 SEQ=1 Nov 9 11:38:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60453 SEQ=1 Nov 9 11:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33971 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33972 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53622 DPT=9914 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:38:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27981 PROTO=TCP SPT=41811 DPT=2509 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:38:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:38:29 server83 dhclient[27890]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x69539da6) Nov 9 11:38:29 server83 NetworkManager[922]: <warn> [1762668509.4503] dhcp4 (eth1): request timed out Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27890 Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:38:29 server83 NetworkManager[922]: <warn> [1762668509.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4625] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4629] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4630] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4634] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4644] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4647] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:38:29 server83 NetworkManager[922]: <info> [1762668509.4659] dhcp4 (eth1): dhclient started with pid 32408 Nov 9 11:38:29 server83 dhclient[32408]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x29b65d52) Nov 9 11:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1570 SEQ=1 Nov 9 11:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15979 SEQ=1 Nov 9 11:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1570 SEQ=1 Nov 9 11:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13615 SEQ=1 Nov 9 11:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36949 SEQ=1 Nov 9 11:38:32 server83 dhclient[32408]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x29b65d52) Nov 9 11:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5900 SEQ=1 Nov 9 11:38:33 server83 aibolit_wrapper[334]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626685136392432.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626685136393916.txt --log=/tmp/malware_cleaner_log_17626685136395382.txt --progress=/tmp/malware_cleaner_progress_17626685136395002.json --csv_result=/tmp/revisium_csvfile_17626685136395184.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33973 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:37 server83 aibolit_wrapper[813]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626685178686218.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626685178686990.txt --log=/tmp/malware_cleaner_log_17626685178687732.txt --progress=/tmp/malware_cleaner_progress_17626685178687544.json --csv_result=/tmp/revisium_csvfile_17626685178687634.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:38:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40444 PROTO=TCP SPT=46235 DPT=44526 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:38:39 server83 dhclient[32408]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x29b65d52) Nov 9 11:38:42 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 11:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=34024 PROTO=TCP SPT=59419 DPT=31446 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:38:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26575 PROTO=TCP SPT=45727 DPT=30098 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:38:43 server83 aibolit_wrapper[1435]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626685238000106.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626685238001276.txt --log=/tmp/malware_cleaner_log_17626685238002462.txt --progress=/tmp/malware_cleaner_progress_17626685238002164.json --csv_result=/tmp/revisium_csvfile_17626685238002300.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:38:44 server83 systemd: Started Session c2874 of user root. Nov 9 11:38:45 server83 scripts.sh: Load Average: 3.33 , 3.54 Nov 9 11:38:45 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:38:45 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:38:45 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:38:45 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:38:45 server83 scripts.sh: MySQL Status: active Nov 9 11:38:45 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:38:45 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:38:45 server83 scripts.sh: SSHD Status: active Nov 9 11:38:45 server83 scripts.sh: FTP Status: active Nov 9 11:38:45 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:38:45 server83 scripts.sh: Imunify Status: Active Nov 9 11:38:45 server83 scripts.sh: cPanel Status: active Nov 9 11:38:45 server83 scripts.sh: Memory Status: 12/31 GB - 38.99% Nov 9 11:38:45 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:38:45 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:38:45 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=43468 DF PROTO=TCP SPT=54900 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:46 server83 dhclient[32408]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x29b65d52) Nov 9 11:38:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33335 SEQ=1 Nov 9 11:38:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:38:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:38:48 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 11:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26831 SEQ=1 Nov 9 11:38:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.111 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=431 PROTO=TCP SPT=18372 DPT=41621 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6850 SEQ=1 Nov 9 11:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33974 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:38:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30411 SEQ=1 Nov 9 11:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30411 SEQ=1 Nov 9 11:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6821 SEQ=1 Nov 9 11:38:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:38:53 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:38:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.5 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=47316 PROTO=TCP SPT=35526 DPT=20404 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:38:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6850 SEQ=1 Nov 9 11:39:01 server83 systemd: Started Session 311227 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311229 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311228 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311230 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311233 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311234 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311232 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311231 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311235 of user root. Nov 9 11:39:01 server83 systemd: Started Session 311236 of user root. Nov 9 11:39:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:39:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=27582 PROTO=TCP SPT=49661 DPT=5672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:39:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52303 DF PROTO=TCP SPT=56146 DPT=31210 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52304 DF PROTO=TCP SPT=56146 DPT=31210 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=6732 DF PROTO=TCP SPT=56152 DPT=31210 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:39:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.32 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=37520 PROTO=TCP SPT=49819 DPT=47256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:39:05 server83 dhclient[32408]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x29b65d52) Nov 9 11:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=6733 DF PROTO=TCP SPT=56152 DPT=31210 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45901 DF PROTO=TCP SPT=56176 DPT=31210 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28706 SEQ=1 Nov 9 11:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28247 SEQ=1 Nov 9 11:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26287 SEQ=1 Nov 9 11:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45902 DF PROTO=TCP SPT=56176 DPT=31210 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28247 SEQ=1 Nov 9 11:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18151 SEQ=1 Nov 9 11:39:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44856 DF PROTO=TCP SPT=58588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59319 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:39:14 server83 aibolit_wrapper[4639]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626685541613346.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626685541614396.txt --log=/tmp/malware_cleaner_log_17626685541615346.txt --progress=/tmp/malware_cleaner_progress_17626685541615092.json --csv_result=/tmp/revisium_csvfile_17626685541615198.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44857 DF PROTO=TCP SPT=58588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:14 server83 NetworkManager[922]: <warn> [1762668554.4503] dhcp4 (eth1): request timed out Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32408 Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:39:14 server83 NetworkManager[922]: <warn> [1762668554.4674] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4678] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4714] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4720] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4721] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4726] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4737] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4741] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:39:14 server83 NetworkManager[922]: <info> [1762668554.4753] dhcp4 (eth1): dhclient started with pid 4678 Nov 9 11:39:14 server83 dhclient[4678]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x44b60ba2) Nov 9 11:39:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65314 SEQ=1 Nov 9 11:39:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44661 SEQ=1 Nov 9 11:39:19 server83 dhclient[4678]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x44b60ba2) Nov 9 11:39:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.52 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56961 DPT=47317 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:39:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.60.2 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=45 ID=47598 DF PROTO=TCP SPT=48622 DPT=1290 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 11:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12405 SEQ=1 Nov 9 11:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12405 SEQ=1 Nov 9 11:39:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65314 SEQ=1 Nov 9 11:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52111 SEQ=1 Nov 9 11:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52111 SEQ=1 Nov 9 11:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44858 DF PROTO=TCP SPT=58588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33975 DF PROTO=TCP SPT=38082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63523 PROTO=TCP SPT=58726 DPT=6159 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:39:28 server83 dhclient[4678]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x44b60ba2) Nov 9 11:39:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=48572 PROTO=TCP SPT=55917 DPT=7517 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:39:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11515 SEQ=1 Nov 9 11:39:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6792 SEQ=1 Nov 9 11:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44859 DF PROTO=TCP SPT=58588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38841 SEQ=1 Nov 9 11:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9004 SEQ=1 Nov 9 11:39:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54833 SEQ=1 Nov 9 11:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40864 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.6 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52427 DPT=9972 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40865 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3650 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:39:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:39:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40866 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39834 PROTO=TCP SPT=51844 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:39:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=39835 PROTO=TCP SPT=51844 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:39:47 server83 dhclient[4678]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x44b60ba2) Nov 9 11:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49600 SEQ=1 Nov 9 11:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40867 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38955 SEQ=1 Nov 9 11:39:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:39:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:39:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20327 PROTO=TCP SPT=43414 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:39:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3843 SEQ=1 Nov 9 11:39:49 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:39:50 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:39:50 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50374 SEQ=1 Nov 9 11:39:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20329 PROTO=TCP SPT=43414 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10785 SEQ=1 Nov 9 11:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10785 SEQ=1 Nov 9 11:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44503 SEQ=1 Nov 9 11:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40868 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3657 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:39:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.232 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=12840 PROTO=TCP SPT=22262 DPT=2298 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:39:59 server83 NetworkManager[922]: <warn> [1762668599.4513] dhcp4 (eth1): request timed out Nov 9 11:39:59 server83 NetworkManager[922]: <info> [1762668599.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:39:59 server83 NetworkManager[922]: <info> [1762668599.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4678 Nov 9 11:39:59 server83 NetworkManager[922]: <info> [1762668599.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 11:39:59 server83 NetworkManager[922]: <info> [1762668599.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:39:59 server83 NetworkManager[922]: <warn> [1762668599.4598] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:39:59 server83 NetworkManager[922]: <info> [1762668599.4599] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:40:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13181 DF PROTO=TCP SPT=49574 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:40:01 server83 systemd: Started Session 311237 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311240 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311239 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311241 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311238 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311243 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311245 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311242 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311246 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311248 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311247 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311244 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311249 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311251 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311252 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311250 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311253 of user root. Nov 9 11:40:01 server83 systemd: Started Session 311254 of user root. Nov 9 11:40:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13182 DF PROTO=TCP SPT=49574 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29573 SEQ=1 Nov 9 11:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43448 SEQ=1 Nov 9 11:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43448 SEQ=1 Nov 9 11:40:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13183 DF PROTO=TCP SPT=49574 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:40:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50165 SEQ=1 Nov 9 11:40:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.132.41 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=46231 DPT=8444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:40:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13184 DF PROTO=TCP SPT=49574 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=18107 DF PROTO=ICMP TYPE=8 CODE=0 ID=60615 SEQ=19316 Nov 9 11:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41514 SEQ=1 Nov 9 11:40:09 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.37 DST=51.210.113.204 LEN=45 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=53336 DPT=47808 LEN=25 Nov 9 11:40:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44860 DF PROTO=TCP SPT=58588 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3648 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40869 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.83 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52581 DPT=9657 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:40:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3649 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:40:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13185 DF PROTO=TCP SPT=49574 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46097 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46098 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31990 SEQ=1 Nov 9 11:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11907 SEQ=1 Nov 9 11:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4922 SEQ=1 Nov 9 11:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31990 SEQ=1 Nov 9 11:40:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13919 SEQ=1 Nov 9 11:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46099 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57471 PROTO=TCP SPT=41811 DPT=2542 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:40:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46100 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56310 SEQ=1 Nov 9 11:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56338 SEQ=1 Nov 9 11:40:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54231 SEQ=1 Nov 9 11:40:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=753 PROTO=TCP SPT=46235 DPT=45513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:40:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.131 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40947 PROTO=TCP SPT=48928 DPT=32507 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46101 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5114 SEQ=1 Nov 9 11:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19730 SEQ=1 Nov 9 11:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43849 SEQ=1 Nov 9 11:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61576 SEQ=1 Nov 9 11:40:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32288 SEQ=1 Nov 9 11:40:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12320 PROTO=TCP SPT=49956 DPT=25007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:40:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=40870 DF PROTO=TCP SPT=34754 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: too many requests Nov 9 11:40:46 server83 imunify360-php-daemon[734]: connections: {total = 23085, closed_as_old = 0, dropped = 1},#012messages: {total_received = 50749, blamer_received = 50596, blamer_filtered = 1856, aggregated = 1345, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 548, send = 0, send_failed = 663, stored = 116, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 9585, fevents_total = 12672,#012#011#011#011#011 fevents_filtered = {total = 38077, wrong_id = 134128, wrong_function_name = 8641519, match_file_false = 6010236, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 4680, fevents_stored_updated = 514, fevents_send_success = 0, fevents_send_failure = 585 } Nov 9 11:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 20678568 B, totalAlloc = 799609092528 B, sys = 68965640 B, rss = 178786304 B Nov 9 11:40:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:40:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55797 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4217 SEQ=1 Nov 9 11:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16954 SEQ=1 Nov 9 11:40:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39794 SEQ=1 Nov 9 11:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46102 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4718 SEQ=1 Nov 9 11:40:54 server83 kernel: No UUID available providing old NGUID Nov 9 11:40:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39794 SEQ=1 Nov 9 11:40:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.82.77.33 DST=145.239.177.179 LEN=33 TOS=0x00 PREC=0x20 TTL=116 ID=56851 PROTO=UDP SPT=32523 DPT=3283 LEN=13 Nov 9 11:40:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.81 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=6081 PROTO=TCP SPT=28858 DPT=4841 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:40:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13004 PROTO=TCP SPT=46370 DPT=1827 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:40:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3655 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:41:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12320 SEQ=1 Nov 9 11:41:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7958 SEQ=1 Nov 9 11:41:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17738 SEQ=1 Nov 9 11:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:41:01 server83 systemd: Started Session 311255 of user root. Nov 9 11:41:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:41:01 server83 systemd: Started Session 311256 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311258 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311257 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311259 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311260 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311261 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311262 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311263 of user root. Nov 9 11:41:01 server83 systemd: Started Session 311264 of user root. Nov 9 11:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12320 SEQ=1 Nov 9 11:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54310 SEQ=1 Nov 9 11:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13186 DF PROTO=TCP SPT=51153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7958 SEQ=1 Nov 9 11:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13187 DF PROTO=TCP SPT=51153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5318 DF PROTO=TCP SPT=47246 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53341 SEQ=1 Nov 9 11:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47765 SEQ=1 Nov 9 11:41:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3656 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:41:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5319 DF PROTO=TCP SPT=47246 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13188 DF PROTO=TCP SPT=51153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:41:11 server83 aibolit_wrapper[16202]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626686711618878.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626686711620684.txt --log=/tmp/malware_cleaner_log_17626686711622062.txt --progress=/tmp/malware_cleaner_progress_17626686711621694.json --csv_result=/tmp/revisium_csvfile_17626686711621852.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:41:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5320 DF PROTO=TCP SPT=47246 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:41:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.191 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=63278 PROTO=TCP SPT=53789 DPT=11443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:41:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5321 DF PROTO=TCP SPT=47246 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38925 SEQ=1 Nov 9 11:41:19 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=201.49.232.107 DST=145.239.177.179 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=60888 DF PROTO=UDP SPT=58514 DPT=19132 LEN=1008 Nov 9 11:41:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.128 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=61264 PROTO=TCP SPT=4852 DPT=45726 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16274 SEQ=1 Nov 9 11:41:21 server83 aibolit_wrapper[17033]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626686813846224.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626686813848002.txt --log=/tmp/malware_cleaner_log_17626686813849948.txt --progress=/tmp/malware_cleaner_progress_17626686813849414.json --csv_result=/tmp/revisium_csvfile_17626686813849628.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64355 SEQ=1 Nov 9 11:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13694 SEQ=1 Nov 9 11:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50567 SEQ=1 Nov 9 11:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30193 SEQ=1 Nov 9 11:41:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13190 DF PROTO=TCP SPT=51153 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5322 DF PROTO=TCP SPT=47246 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46103 DF PROTO=TCP SPT=49562 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.212 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57133 DPT=21341 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:41:28 server83 aibolit_wrapper[17284]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626686884686866.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626686884690404.txt --progress=/tmp/malware_cleaner_progress_17626686884690016.json --csv_result=/tmp/revisium_csvfile_17626686884690186.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:41:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43301 PROTO=TCP SPT=40602 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:41:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43302 PROTO=TCP SPT=40602 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:41:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43303 PROTO=TCP SPT=40602 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:41:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43304 PROTO=TCP SPT=40602 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:41:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43305 PROTO=TCP SPT=40602 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:41:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4029 SEQ=1 Nov 9 11:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14310 SEQ=1 Nov 9 11:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2606 SEQ=1 Nov 9 11:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8131 SEQ=1 Nov 9 11:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2606 SEQ=1 Nov 9 11:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27112 SEQ=1 Nov 9 11:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5323 DF PROTO=TCP SPT=47246 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:43 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 11:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21164 DF PROTO=TCP SPT=35700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.123 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=46865 DF PROTO=TCP SPT=30320 DPT=24642 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:41:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21165 DF PROTO=TCP SPT=35700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:45 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 11:41:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:41:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21166 DF PROTO=TCP SPT=35700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:41:48 server83 aibolit_wrapper[17835]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626687088240244.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626687088241612.txt --log=/tmp/malware_cleaner_log_17626687088242484.txt --progress=/tmp/malware_cleaner_progress_17626687088242260.json --csv_result=/tmp/revisium_csvfile_17626687088242360.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:41:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=2510 DF PROTO=ICMP TYPE=8 CODE=0 ID=4286 SEQ=5389 Nov 9 11:41:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56762 SEQ=1 Nov 9 11:41:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56762 SEQ=1 Nov 9 11:41:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21167 DF PROTO=TCP SPT=35700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:41:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:41:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26438 PROTO=TCP SPT=46370 DPT=2379 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:41:52 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 11:41:52 server83 systemd: Stopped Status Update Service. Nov 9 11:41:52 server83 systemd: Started Status Update Service. Nov 9 11:41:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.173.101 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45852 DPT=8999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23020 SEQ=1 Nov 9 11:41:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23020 SEQ=1 Nov 9 11:41:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.124 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=22993 PROTO=TCP SPT=53255 DPT=8999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56618 SEQ=1 Nov 9 11:41:56 server83 aibolit_wrapper[18269]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626687162024136.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626687162026038.txt --log=/tmp/malware_cleaner_log_17626687162028080.txt --progress=/tmp/malware_cleaner_progress_17626687162027502.json --csv_result=/tmp/revisium_csvfile_17626687162027772.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:41:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3654 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21168 DF PROTO=TCP SPT=35700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:42:01 server83 systemd: Started Session 311266 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311265 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311267 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311268 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311269 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311271 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311270 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311272 of user root. Nov 9 11:42:01 server83 systemd: Started Session 311273 of user root. Nov 9 11:42:02 server83 aibolit_wrapper[18577]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626687225516162.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626687225519548.txt --progress=/tmp/malware_cleaner_progress_17626687225519132.json --csv_result=/tmp/revisium_csvfile_17626687225519338.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:42:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39183 SEQ=1 Nov 9 11:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50942 SEQ=1 Nov 9 11:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38924 SEQ=1 Nov 9 11:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50646 SEQ=1 Nov 9 11:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61964 SEQ=1 Nov 9 11:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40900 SEQ=1 Nov 9 11:42:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.74 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=19186 DF PROTO=TCP SPT=48346 DPT=9001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:42:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.74 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=19187 DF PROTO=TCP SPT=48346 DPT=9001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:42:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.74 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=30100 DF PROTO=TCP SPT=48364 DPT=9001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:42:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.74 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=30101 DF PROTO=TCP SPT=48364 DPT=9001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:42:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.74 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=19407 DF PROTO=TCP SPT=48386 DPT=9001 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.148.147.222 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=54417 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.162 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51759 DPT=9327 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=196 SEQ=1 Nov 9 11:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42134 SEQ=1 Nov 9 11:42:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37574 SEQ=1 Nov 9 11:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37574 SEQ=1 Nov 9 11:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=203 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49956 SEQ=1 Nov 9 11:42:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7081 SEQ=1 Nov 9 11:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=204 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.171 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55086 DPT=48145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=205 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52671 PROTO=TCP SPT=37647 DPT=6042 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.249 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=1189 DF PROTO=TCP SPT=1907 DPT=9677 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=206 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20680 SEQ=1 Nov 9 11:42:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37151 SEQ=1 Nov 9 11:42:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24821 SEQ=1 Nov 9 11:42:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35493 SEQ=1 Nov 9 11:42:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27034 SEQ=1 Nov 9 11:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19327 SEQ=1 Nov 9 11:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=207 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.178 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35535 DPT=11211 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.34 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=54506 DF PROTO=TCP SPT=24712 DPT=4000 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:42:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=58930 PROTO=TCP SPT=53857 DPT=44386 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:42:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:42:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.43 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=45905 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:42:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21170 DF PROTO=TCP SPT=35700 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:42:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15274 SEQ=1 Nov 9 11:42:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.15.34.47 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=1 DF PROTO=TCP SPT=61000 DPT=25565 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 11:42:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.91 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52085 DPT=14403 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:42:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2334 PROTO=TCP SPT=40837 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.150.103.155 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=TCP SPT=34348 DPT=6016 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2335 PROTO=TCP SPT=40837 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:42:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26823 SEQ=1 Nov 9 11:42:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38893 PROTO=TCP SPT=57113 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16546 SEQ=1 Nov 9 11:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5940 SEQ=1 Nov 9 11:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8193 SEQ=1 Nov 9 11:42:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5940 SEQ=1 Nov 9 11:42:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32997 SEQ=1 Nov 9 11:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=208 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:42:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.109.130 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=40959 DPT=7885 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:43:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 11:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:43:01 server83 systemd: Started Session 311276 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311277 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311274 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311279 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311278 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311275 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311280 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311281 of user root. Nov 9 11:43:01 server83 systemd: Started Session 311282 of user root. Nov 9 11:43:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25599 SEQ=1 Nov 9 11:43:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17574 PROTO=TCP SPT=45727 DPT=32749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38621 SEQ=1 Nov 9 11:43:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13195 DF PROTO=TCP SPT=53605 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24836 SEQ=1 Nov 9 11:43:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48448 SEQ=1 Nov 9 11:43:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24836 SEQ=1 Nov 9 11:43:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40682 SEQ=1 Nov 9 11:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7434 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7435 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7436 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.235 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=23259 PROTO=TCP SPT=12301 DPT=1596 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13196 DF PROTO=TCP SPT=54225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:43:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58579 SEQ=1 Nov 9 11:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13197 DF PROTO=TCP SPT=54225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7437 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13198 DF PROTO=TCP SPT=54225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:43:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27045 PROTO=TCP SPT=53120 DPT=2407 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2886 SEQ=1 Nov 9 11:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2886 SEQ=1 Nov 9 11:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58579 SEQ=1 Nov 9 11:43:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=20052 PROTO=TCP SPT=56972 DPT=8407 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8803 SEQ=1 Nov 9 11:43:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12015 SEQ=1 Nov 9 11:43:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.103 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54735 DPT=9033 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2023 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:43:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7438 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=209 DF PROTO=TCP SPT=37296 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13200 DF PROTO=TCP SPT=54225 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36472 SEQ=1 Nov 9 11:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=24779 DF PROTO=ICMP TYPE=8 CODE=0 ID=50497 SEQ=7665 Nov 9 11:43:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25338 PROTO=TCP SPT=46599 DPT=7261 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:43:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59052 SEQ=1 Nov 9 11:43:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54548 SEQ=1 Nov 9 11:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21099 SEQ=1 Nov 9 11:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34453 SEQ=1 Nov 9 11:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49628 SEQ=1 Nov 9 11:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53468 SEQ=1 Nov 9 11:43:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.75 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=25992 DF PROTO=TCP SPT=43746 DPT=2225 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.75 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=25993 DF PROTO=TCP SPT=43746 DPT=2225 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.75 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4413 DF PROTO=TCP SPT=54382 DPT=2225 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.75 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4414 DF PROTO=TCP SPT=54382 DPT=2225 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.75 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=8046 DF PROTO=TCP SPT=54404 DPT=2225 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.155.75 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=8047 DF PROTO=TCP SPT=54404 DPT=2225 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:43:43 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:43:43 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7439 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29071 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:43:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29072 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:48 server83 aibolit_wrapper[22075]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626688289377940.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626688289379616.txt --log=/tmp/malware_cleaner_log_17626688289381090.txt --progress=/tmp/malware_cleaner_progress_17626688289380700.json --csv_result=/tmp/revisium_csvfile_17626688289380878.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:43:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29073 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12848 SEQ=1 Nov 9 11:43:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:43:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5430 SEQ=1 Nov 9 11:43:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21513 SEQ=1 Nov 9 11:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39659 SEQ=1 Nov 9 11:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16451 SEQ=1 Nov 9 11:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17520 SEQ=1 Nov 9 11:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29074 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:43:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52665 PROTO=TCP SPT=42749 DPT=7017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:00 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 11:44:00 server83 aibolit_wrapper[22449]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626688403654556.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626688403656418.txt --log=/tmp/malware_cleaner_log_17626688403658164.txt --progress=/tmp/malware_cleaner_progress_17626688403657706.json --csv_result=/tmp/revisium_csvfile_17626688403657902.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29075 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38738 PROTO=TCP SPT=48169 DPT=22222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:44:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 11:44:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 11:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:44:01 server83 systemd: Started Session 311285 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311287 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311284 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311286 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311283 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311288 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311289 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311290 of user root. Nov 9 11:44:01 server83 systemd: Started Session 311291 of user root. Nov 9 11:44:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60831 SEQ=1 Nov 9 11:44:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15804 PROTO=TCP SPT=49956 DPT=26865 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:44:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18075 SEQ=1 Nov 9 11:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34770 SEQ=1 Nov 9 11:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18075 SEQ=1 Nov 9 11:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38726 SEQ=1 Nov 9 11:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56442 SEQ=1 Nov 9 11:44:17 server83 pam_imunify_daemon.bin: time="2025-11-09T11:44:17+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 11:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7440 DF PROTO=TCP SPT=56384 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29076 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6426 SEQ=1 Nov 9 11:44:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30917 SEQ=1 Nov 9 11:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48558 SEQ=1 Nov 9 11:44:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51167 SEQ=1 Nov 9 11:44:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26397 SEQ=1 Nov 9 11:44:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29716 SEQ=1 Nov 9 11:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3647 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51594 SEQ=1 Nov 9 11:44:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51167 SEQ=1 Nov 9 11:44:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.45 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=43037 PROTO=TCP SPT=15577 DPT=42376 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:44:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.172 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=UDP SPT=46620 DPT=123 LEN=20 Nov 9 11:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21651 DF PROTO=TCP SPT=44376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58923 PROTO=TCP SPT=42488 DPT=5310 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21652 DF PROTO=TCP SPT=44376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21653 DF PROTO=TCP SPT=44376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23197 PROTO=TCP SPT=41233 DPT=4810 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21654 DF PROTO=TCP SPT=44376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40216 PROTO=TCP SPT=46235 DPT=19580 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=246 SEQ=1 Nov 9 11:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4839 SEQ=1 Nov 9 11:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14216 SEQ=1 Nov 9 11:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14216 SEQ=1 Nov 9 11:44:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45318 PROTO=TCP SPT=49956 DPT=28984 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:44:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20714 PROTO=TCP SPT=36350 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=20715 PROTO=TCP SPT=36350 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.104 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55673 DPT=46252 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4839 SEQ=1 Nov 9 11:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.223.104.85 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48064 DPT=8091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=32285 PROTO=TCP SPT=34805 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:44:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=32287 PROTO=TCP SPT=34805 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:44:43 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 11:44:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=32289 PROTO=TCP SPT=34805 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:44:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37332 SEQ=1 Nov 9 11:44:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18793 SEQ=1 Nov 9 11:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13657 SEQ=1 Nov 9 11:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13657 SEQ=1 Nov 9 11:44:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41148 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2528 SEQ=1 Nov 9 11:44:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29077 DF PROTO=TCP SPT=55348 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:50 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:44:50 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:44:50 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27880 SEQ=1 Nov 9 11:44:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21656 DF PROTO=TCP SPT=44376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:44:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.193.82 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=25844 PROTO=TCP SPT=52463 DPT=102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4494] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4499] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4500] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4504] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4514] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4517] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:44:59 server83 NetworkManager[922]: <info> [1762668899.4532] dhcp4 (eth1): dhclient started with pid 24046 Nov 9 11:44:59 server83 dhclient[24046]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x18095eaa) Nov 9 11:45:01 server83 systemd: Started Session 311292 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311293 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311297 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311298 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311295 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311296 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311299 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311294 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311300 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311303 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311302 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311304 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311301 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311305 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311306 of user root. Nov 9 11:45:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 11:45:01 server83 systemd: Started Session 311307 of user sanatanhinduvahi. Nov 9 11:45:01 server83 systemd: Started Session 311308 of user root. Nov 9 11:45:01 server83 systemd: Started Session 311309 of user root. Nov 9 11:45:02 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 11:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57830 SEQ=1 Nov 9 11:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50265 SEQ=1 Nov 9 11:45:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7197 SEQ=1 Nov 9 11:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63999 SEQ=1 Nov 9 11:45:04 server83 dhclient[24046]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x18095eaa) Nov 9 11:45:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.142.154.87 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=31526 PROTO=TCP SPT=58914 DPT=385 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:45:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3653 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:45:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14169 SEQ=1 Nov 9 11:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16888 SEQ=1 Nov 9 11:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33660 SEQ=1 Nov 9 11:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51133 SEQ=1 Nov 9 11:45:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51133 SEQ=1 Nov 9 11:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14653 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:16 server83 dhclient[24046]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x18095eaa) Nov 9 11:45:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14654 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14655 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.110.248.50 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=233 ID=25317 PROTO=TCP SPT=61001 DPT=1177 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42519 SEQ=1 Nov 9 11:45:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3646 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6984 SEQ=1 Nov 9 11:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24314 SEQ=1 Nov 9 11:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30912 SEQ=1 Nov 9 11:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=58448 PROTO=TCP SPT=46399 DPT=3022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48456 SEQ=1 Nov 9 11:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14656 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.107.190 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=38939 DPT=1723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:45:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.114.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51769 DPT=18080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:45:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.138 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=4597 PROTO=TCP SPT=36476 DPT=17999 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:45:29 server83 dhclient[24046]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x18095eaa) Nov 9 11:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20667 PROTO=TCP SPT=46376 DPT=36108 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=21657 DF PROTO=TCP SPT=44376 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14657 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37679 PROTO=TCP SPT=61364 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.130 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49250 DPT=18080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37680 PROTO=TCP SPT=61364 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14355 SEQ=1 Nov 9 11:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.193.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=54321 PROTO=TCP SPT=58613 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4685 PROTO=TCP SPT=41540 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=37682 PROTO=TCP SPT=61364 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=101.36.97.88 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=47 ID=6952 DF PROTO=TCP SPT=37290 DPT=1811 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3128 SEQ=1 Nov 9 11:45:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14355 SEQ=1 Nov 9 11:45:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4686 PROTO=TCP SPT=41540 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:45:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4687 PROTO=TCP SPT=41540 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48556 SEQ=1 Nov 9 11:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=890 SEQ=1 Nov 9 11:45:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3645 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:45:44 server83 NetworkManager[922]: <warn> [1762668944.4508] dhcp4 (eth1): request timed out Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4508] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4587] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24046 Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4587] dhcp4 (eth1): state changed timeout -> done Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4589] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:45:44 server83 NetworkManager[922]: <warn> [1762668944.4594] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4595] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4626] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4630] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4631] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4634] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4644] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4647] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:45:44 server83 NetworkManager[922]: <info> [1762668944.4658] dhcp4 (eth1): dhclient started with pid 25547 Nov 9 11:45:44 server83 dhclient[25547]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x285bbd75) Nov 9 11:45:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14658 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7595 SEQ=1 Nov 9 11:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44391 SEQ=1 Nov 9 11:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=124.198.132.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42217 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40454 SEQ=1 Nov 9 11:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34618 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34619 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:51 server83 dhclient[25547]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x285bbd75) Nov 9 11:45:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29345 SEQ=1 Nov 9 11:45:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29345 SEQ=1 Nov 9 11:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=38262 DF PROTO=ICMP TYPE=8 CODE=0 ID=32266 SEQ=716 Nov 9 11:45:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34620 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36330 SEQ=1 Nov 9 11:45:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36043 PROTO=TCP SPT=58400 DPT=9802 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.235 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45723 PROTO=TCP SPT=28011 DPT=35224 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:45:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34621 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:45:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4483 PROTO=TCP SPT=45727 DPT=31646 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:46:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.154 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50269 DPT=8818 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:46:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:46:01 server83 systemd: Started Session 311310 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311311 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311312 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311313 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311315 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311314 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311317 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311316 of user root. Nov 9 11:46:01 server83 systemd: Started Session 311318 of user root. Nov 9 11:46:02 server83 dhclient[25547]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x285bbd75) Nov 9 11:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34622 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:07 server83 scripts.sh: Sun Nov 9 11:46:07 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 11:46:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54120 PROTO=TCP SPT=46376 DPT=12476 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:46:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6140 SEQ=1 Nov 9 11:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26135 SEQ=1 Nov 9 11:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26135 SEQ=1 Nov 9 11:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44185 SEQ=1 Nov 9 11:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30994 SEQ=1 Nov 9 11:46:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.117.57.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=37620 DPT=19000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.15.34.47 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=1 DF PROTO=TCP SPT=61000 DPT=25565 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 11:46:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:46:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.190 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51177 DPT=48942 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=120 ID=26316 PROTO=TCP SPT=25292 DPT=13246 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:46:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=120 ID=26316 PROTO=TCP SPT=25292 DPT=13246 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:46:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.26.10.7 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=120 ID=26316 PROTO=TCP SPT=25292 DPT=13246 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:46:15 server83 dhclient[25547]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x285bbd75) Nov 9 11:46:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16269 PROTO=TCP SPT=49956 DPT=25098 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:46:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29895 SEQ=1 Nov 9 11:46:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39544 SEQ=1 Nov 9 11:46:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=46.250.173.95 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=38 ID=48728 DF PROTO=ICMP TYPE=8 CODE=0 ID=57044 SEQ=55281 Nov 9 11:46:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34945 SEQ=1 Nov 9 11:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14659 DF PROTO=TCP SPT=42094 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42412 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34623 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:22 server83 dhclient[25547]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x285bbd75) Nov 9 11:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34945 SEQ=1 Nov 9 11:46:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7290 SEQ=1 Nov 9 11:46:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3644 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:46:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.203.57.24 DST=51.210.113.204 LEN=88 TOS=0x00 PREC=0x00 TTL=241 ID=55290 PROTO=UDP SPT=45512 DPT=1701 LEN=68 Nov 9 11:46:29 server83 NetworkManager[922]: <warn> [1762668989.4453] dhcp4 (eth1): request timed out Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4613] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25547 Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4613] dhcp4 (eth1): state changed timeout -> done Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4615] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:46:29 server83 NetworkManager[922]: <warn> [1762668989.4620] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4622] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4656] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4660] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4661] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4665] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4675] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4678] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:46:29 server83 NetworkManager[922]: <info> [1762668989.4690] dhcp4 (eth1): dhclient started with pid 26782 Nov 9 11:46:29 server83 dhclient[26782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x597e25e3) Nov 9 11:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17256 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17257 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.49 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54992 DPT=8155 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17258 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:36 server83 dhclient[26782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x597e25e3) Nov 9 11:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17259 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34428 SEQ=1 Nov 9 11:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38122 SEQ=1 Nov 9 11:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42924 SEQ=1 Nov 9 11:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54270 SEQ=1 Nov 9 11:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11481 SEQ=1 Nov 9 11:46:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43217 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44571 DPT=7547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17260 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:46:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:46:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=45595 PROTO=TCP SPT=55975 DPT=7622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:46:49 server83 dhclient[26782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x597e25e3) Nov 9 11:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43085 SEQ=1 Nov 9 11:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16364 SEQ=1 Nov 9 11:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.42.212.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=50129 DF PROTO=TCP SPT=52487 DPT=10443 WINDOW=65280 RES=0x00 SYN URGP=0 Nov 9 11:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6154 SEQ=1 Nov 9 11:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10398 SEQ=1 Nov 9 11:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64517 SEQ=1 Nov 9 11:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6154 SEQ=1 Nov 9 11:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=58660 DPT=40843 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34624 DF PROTO=TCP SPT=56340 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:46:57 server83 dhclient[26782]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x597e25e3) Nov 9 11:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:47:01 server83 systemd: Started Session 311319 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311320 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311322 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311324 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311325 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311326 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311321 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311327 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311323 of user root. Nov 9 11:47:01 server83 systemd: Started Session 311328 of user root. Nov 9 11:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17261 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:47:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:47:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30180 SEQ=1 Nov 9 11:47:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.45 DST=145.239.177.179 LEN=80 TOS=0x00 PREC=0x00 TTL=45 ID=37594 DF PROTO=UDP SPT=5575 DPT=4500 LEN=60 Nov 9 11:47:07 server83 aibolit_wrapper[27856]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626690275001168.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626690275003188.txt --log=/tmp/malware_cleaner_log_17626690275004904.txt --progress=/tmp/malware_cleaner_progress_17626690275004446.json --csv_result=/tmp/revisium_csvfile_17626690275004630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=412 SEQ=1 Nov 9 11:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10035 SEQ=1 Nov 9 11:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21978 SEQ=1 Nov 9 11:47:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35087 SEQ=1 Nov 9 11:47:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62963 PROTO=TCP SPT=46235 DPT=16516 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:47:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35419 PROTO=TCP SPT=56238 DPT=8164 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:47:11 server83 aibolit_wrapper[27954]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626690316857950.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626690316858782.txt --log=/tmp/malware_cleaner_log_17626690316859592.txt --progress=/tmp/malware_cleaner_progress_17626690316859376.json --csv_result=/tmp/revisium_csvfile_17626690316859474.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:47:14 server83 NetworkManager[922]: <warn> [1762669034.4426] dhcp4 (eth1): request timed out Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4426] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4585] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26782 Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4585] dhcp4 (eth1): state changed timeout -> done Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4587] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:47:14 server83 NetworkManager[922]: <warn> [1762669034.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4622] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4625] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4626] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4629] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4638] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4640] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:47:14 server83 NetworkManager[922]: <info> [1762669034.4650] dhcp4 (eth1): dhclient started with pid 28015 Nov 9 11:47:14 server83 dhclient[28015]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x41857c3a) Nov 9 11:47:17 server83 aibolit_wrapper[28098]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626690377210062.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626690377212608.txt --progress=/tmp/malware_cleaner_progress_17626690377212306.json --csv_result=/tmp/revisium_csvfile_17626690377212446.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:47:17 server83 dhclient[28015]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x41857c3a) Nov 9 11:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47457 SEQ=1 Nov 9 11:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28371 SEQ=1 Nov 9 11:47:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23323 SEQ=1 Nov 9 11:47:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34921 SEQ=1 Nov 9 11:47:19 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.211.48.8 DST=145.239.177.179 LEN=73 TOS=0x14 PREC=0x00 TTL=49 ID=10932 PROTO=UDP SPT=11956 DPT=1812 LEN=53 Nov 9 11:47:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.180.48.63 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=31491 PROTO=TCP SPT=48169 DPT=22222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:47:23 server83 dhclient[28015]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x41857c3a) Nov 9 11:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56556 SEQ=1 Nov 9 11:47:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47104 SEQ=1 Nov 9 11:47:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47457 SEQ=1 Nov 9 11:47:30 server83 dhclient[28015]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x41857c3a) Nov 9 11:47:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.182.130.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=57156 PROTO=TCP SPT=61006 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17262 DF PROTO=TCP SPT=46108 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 11:47:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60455 SEQ=1 Nov 9 11:47:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60455 SEQ=1 Nov 9 11:47:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.211 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7459 DF PROTO=TCP SPT=43148 DPT=1894 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27366 SEQ=1 Nov 9 11:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7182 SEQ=1 Nov 9 11:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26689 SEQ=1 Nov 9 11:47:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.16 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=23969 PROTO=TCP SPT=39133 DPT=7022 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:47:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44740 SEQ=1 Nov 9 11:47:42 server83 dhclient[28015]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x41857c3a) Nov 9 11:47:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:47:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:47:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:47:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54153 PROTO=TCP SPT=45727 DPT=32871 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:47:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.96 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=49744 PROTO=TCP SPT=32660 DPT=16928 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29453 SEQ=1 Nov 9 11:47:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1527 SEQ=1 Nov 9 11:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63412 SEQ=1 Nov 9 11:47:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57439 SEQ=1 Nov 9 11:47:58 server83 dhclient[28015]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x41857c3a) Nov 9 11:47:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.14.122.207 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50216 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:47:59 server83 NetworkManager[922]: <warn> [1762669079.4441] dhcp4 (eth1): request timed out Nov 9 11:47:59 server83 NetworkManager[922]: <info> [1762669079.4441] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:47:59 server83 NetworkManager[922]: <info> [1762669079.4601] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28015 Nov 9 11:47:59 server83 NetworkManager[922]: <info> [1762669079.4601] dhcp4 (eth1): state changed timeout -> done Nov 9 11:47:59 server83 NetworkManager[922]: <info> [1762669079.4603] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:47:59 server83 NetworkManager[922]: <warn> [1762669079.4607] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:47:59 server83 NetworkManager[922]: <info> [1762669079.4609] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:48:01 server83 systemd: Started Session 311329 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311331 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311332 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311330 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311333 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311335 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311336 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311334 of user root. Nov 9 11:48:01 server83 systemd: Started Session 311337 of user root. Nov 9 11:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:48:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13201 DF PROTO=TCP SPT=59581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55113 SEQ=1 Nov 9 11:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30880 SEQ=1 Nov 9 11:48:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13202 DF PROTO=TCP SPT=59581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:48:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13203 DF PROTO=TCP SPT=59581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:48:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48513 SEQ=1 Nov 9 11:48:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62782 SEQ=1 Nov 9 11:48:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8734 SEQ=1 Nov 9 11:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53483 SEQ=1 Nov 9 11:48:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1284 PROTO=TCP SPT=38583 DPT=4210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11249 SEQ=1 Nov 9 11:48:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33286 PROTO=TCP SPT=42111 DPT=2540 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:48:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13204 DF PROTO=TCP SPT=59581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:48:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45004 PROTO=TCP SPT=46235 DPT=39974 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:48:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52114 PROTO=TCP SPT=13075 DPT=8808 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:48:15 server83 systemd: Started Session c2875 of user root. Nov 9 11:48:16 server83 scripts.sh: Load Average: 1.70 , 2.47 Nov 9 11:48:16 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:48:16 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:48:16 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:48:16 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:48:16 server83 scripts.sh: MySQL Status: active Nov 9 11:48:16 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:48:16 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:48:16 server83 scripts.sh: SSHD Status: active Nov 9 11:48:16 server83 scripts.sh: FTP Status: active Nov 9 11:48:16 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:48:16 server83 scripts.sh: Imunify Status: Active Nov 9 11:48:16 server83 scripts.sh: cPanel Status: active Nov 9 11:48:16 server83 scripts.sh: Memory Status: 13/31 GB - 42.51% Nov 9 11:48:16 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:48:16 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:48:16 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:48:16 server83 pam_imunify_daemon.bin: time="2025-11-09T11:48:16+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 11:48:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13205 DF PROTO=TCP SPT=59581 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:48:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19147 PROTO=TCP SPT=46370 DPT=1522 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 11:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 11:48:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48459 PROTO=TCP SPT=45727 DPT=30741 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:48:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62837 SEQ=1 Nov 9 11:48:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46204 SEQ=1 Nov 9 11:48:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.101 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54019 DPT=21234 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:48:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:48:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.251.67.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=24528 PROTO=TCP SPT=41132 DPT=32222 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:48:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.73 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56245 DPT=8878 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41514 SEQ=1 Nov 9 11:48:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40649 SEQ=1 Nov 9 11:48:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33062 PROTO=TCP SPT=48351 DPT=9552 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:48:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=28882 PROTO=TCP SPT=56114 DPT=7813 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:48:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=61283 PROTO=TCP SPT=56753 DPT=8104 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:48:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:48:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3750 SEQ=1 Nov 9 11:48:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3750 SEQ=1 Nov 9 11:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23024 SEQ=1 Nov 9 11:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46572 SEQ=1 Nov 9 11:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14743 SEQ=1 Nov 9 11:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43729 SEQ=1 Nov 9 11:48:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31795 SEQ=1 Nov 9 11:48:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.138.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=45 ID=7058 DF PROTO=TCP SPT=41673 DPT=9297 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:49:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3652 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49816 SEQ=1 Nov 9 11:49:01 server83 systemd: Started Session 311338 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311339 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311341 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311342 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311340 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311344 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311343 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311345 of user root. Nov 9 11:49:01 server83 systemd: Started Session 311346 of user root. Nov 9 11:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6608 SEQ=1 Nov 9 11:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39058 SEQ=1 Nov 9 11:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54731 SEQ=1 Nov 9 11:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11228 SEQ=1 Nov 9 11:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33827 SEQ=1 Nov 9 11:49:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=61934 PROTO=TCP SPT=49149 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=55037 PROTO=TCP SPT=49149 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23617 PROTO=TCP SPT=42111 DPT=2550 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:49:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=12645 PROTO=TCP SPT=49149 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3651 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65485 SEQ=1 Nov 9 11:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49923 SEQ=1 Nov 9 11:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2480 SEQ=1 Nov 9 11:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47556 SEQ=1 Nov 9 11:49:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34288 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31094 SEQ=1 Nov 9 11:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40936 SEQ=1 Nov 9 11:49:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3643 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31094 SEQ=1 Nov 9 11:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35424 SEQ=1 Nov 9 11:49:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.194.251.145 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4580 DF PROTO=TCP SPT=48566 DPT=4180 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:49:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53379 SEQ=1 Nov 9 11:49:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44904 SEQ=1 Nov 9 11:49:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:49:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49632 SEQ=1 Nov 9 11:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44890 SEQ=1 Nov 9 11:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13292 SEQ=1 Nov 9 11:49:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.180 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50121 DPT=36963 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:49:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.22 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57149 PROTO=TCP SPT=65332 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:49:54 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:49:54 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:49:54 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:49:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.22 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57150 PROTO=TCP SPT=65332 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:49:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.16 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=15133 PROTO=TCP SPT=65197 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:49:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.22 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=57151 PROTO=TCP SPT=65332 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:49:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.16 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=15134 PROTO=TCP SPT=65197 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:49:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.16 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=15135 PROTO=TCP SPT=65197 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:49:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.4.16 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=15137 PROTO=TCP SPT=65197 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:50:01 server83 systemd: Started Session 311348 of user root. Nov 9 11:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:50:01 server83 systemd: Started Session 311350 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311347 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311349 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311352 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311351 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311353 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311357 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311354 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311355 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311356 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311358 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311360 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311359 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311362 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311361 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311363 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311364 of user root. Nov 9 11:50:01 server83 systemd: Started Session 311365 of user root. Nov 9 11:50:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.129 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=22632 DF PROTO=TCP SPT=47374 DPT=2226 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:50:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61301 PROTO=TCP SPT=57143 DPT=8616 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32779 SEQ=1 Nov 9 11:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50734 SEQ=1 Nov 9 11:50:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.129 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=56618 DF PROTO=TCP SPT=47390 DPT=2226 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:50:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.129 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=36503 DF PROTO=TCP SPT=47400 DPT=2226 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:50:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13206 DF PROTO=TCP SPT=62624 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:50:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13207 DF PROTO=TCP SPT=62624 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2242 SEQ=1 Nov 9 11:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8903 SEQ=1 Nov 9 11:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8903 SEQ=1 Nov 9 11:50:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13208 DF PROTO=TCP SPT=62624 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:50:10 server83 aibolit_wrapper[1101]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626692101885550.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626692101887286.txt --log=/tmp/malware_cleaner_log_17626692101888392.txt --progress=/tmp/malware_cleaner_progress_17626692101888104.json --csv_result=/tmp/revisium_csvfile_17626692101888226.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:50:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13209 DF PROTO=TCP SPT=62624 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:50:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.64.104.27 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=60135 PROTO=TCP SPT=58019 DPT=1364 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:50:16 server83 aibolit_wrapper[1289]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626692164986260.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626692164987530.txt --log=/tmp/malware_cleaner_log_17626692164988626.txt --progress=/tmp/malware_cleaner_progress_17626692164988330.json --csv_result=/tmp/revisium_csvfile_17626692164988454.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:50:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52971 DPT=38321 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:50:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52563 SEQ=1 Nov 9 11:50:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20816 SEQ=1 Nov 9 11:50:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41490 SEQ=1 Nov 9 11:50:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52563 SEQ=1 Nov 9 11:50:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13210 DF PROTO=TCP SPT=62624 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58853 SEQ=1 Nov 9 11:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12419 SEQ=1 Nov 9 11:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37490 SEQ=1 Nov 9 11:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19729 PROTO=TCP SPT=45727 DPT=31555 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:50:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:50:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50745 SEQ=1 Nov 9 11:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.0.97 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41102 DPT=31598 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:50:36 server83 aibolit_wrapper[1772]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626692365281078.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626692365282354.txt --log=/tmp/malware_cleaner_log_17626692365283722.txt --progress=/tmp/malware_cleaner_progress_17626692365283374.json --csv_result=/tmp/revisium_csvfile_17626692365283534.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53722 SEQ=1 Nov 9 11:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15908 SEQ=1 Nov 9 11:50:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51888 SEQ=1 Nov 9 11:50:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:50:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.52.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52423 DPT=31598 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:50:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38901 PROTO=TCP SPT=60969 DPT=5941 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:50:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62492 PROTO=TCP SPT=46370 DPT=1754 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:50:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20296 PROTO=TCP SPT=60383 DPT=6247 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:50:46 server83 aibolit_wrapper[2032]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626692467980104.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626692467981238.txt --log=/tmp/malware_cleaner_log_17626692467982404.txt --progress=/tmp/malware_cleaner_progress_17626692467982144.json --csv_result=/tmp/revisium_csvfile_17626692467982256.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:50:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62466 SEQ=1 Nov 9 11:50:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10706 SEQ=1 Nov 9 11:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6487 SEQ=1 Nov 9 11:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=26109 DF PROTO=ICMP TYPE=8 CODE=0 ID=61428 SEQ=16234 Nov 9 11:50:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3650 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:50:53 server83 aibolit_wrapper[2268]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626692538175590.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626692538176982.txt --log=/tmp/malware_cleaner_log_17626692538178396.txt --progress=/tmp/malware_cleaner_progress_17626692538178022.json --csv_result=/tmp/revisium_csvfile_17626692538178192.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63254 SEQ=1 Nov 9 11:50:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.172.72 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=4199 DF PROTO=TCP SPT=47551 DPT=4413 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:51:01 server83 systemd: Started Session 311367 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311369 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311368 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311371 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311366 of user root. Nov 9 11:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:51:01 server83 systemd: Started Session 311370 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311372 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311373 of user root. Nov 9 11:51:01 server83 systemd: Started Session 311374 of user root. Nov 9 11:51:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56089 SEQ=1 Nov 9 11:51:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4626 SEQ=1 Nov 9 11:51:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21443 SEQ=1 Nov 9 11:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46013 SEQ=1 Nov 9 11:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47237 SEQ=1 Nov 9 11:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25075 SEQ=1 Nov 9 11:51:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=6159 DF PROTO=TCP SPT=40040 DPT=8765 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=6160 DF PROTO=TCP SPT=40040 DPT=8765 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=6647 DF PROTO=TCP SPT=40068 DPT=8765 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=6648 DF PROTO=TCP SPT=40068 DPT=8765 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12315 DF PROTO=TCP SPT=40092 DPT=8765 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=481 SEQ=1 Nov 9 11:51:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.222 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12316 DF PROTO=TCP SPT=40092 DPT=8765 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53243 SEQ=1 Nov 9 11:51:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7849 SEQ=1 Nov 9 11:51:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7769 SEQ=1 Nov 9 11:51:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7849 SEQ=1 Nov 9 11:51:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.174 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=56742 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63066 SEQ=1 Nov 9 11:51:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3648 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24226 SEQ=1 Nov 9 11:51:23 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 11:51:23 server83 systemd: Stopped Status Update Service. Nov 9 11:51:23 server83 systemd: Started Status Update Service. Nov 9 11:51:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:51:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3649 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:51:26 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:51:26 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:51:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38593 PROTO=TCP SPT=49956 DPT=27999 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:51:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.194.9 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=25322 PROTO=TCP SPT=41419 DPT=1930 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:51:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55129 SEQ=1 Nov 9 11:51:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58931 SEQ=1 Nov 9 11:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2955 SEQ=1 Nov 9 11:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51001 SEQ=1 Nov 9 11:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31269 SEQ=1 Nov 9 11:51:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59252 DF PROTO=TCP SPT=48586 DPT=3060 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:51:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59253 DF PROTO=TCP SPT=48586 DPT=3060 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=24001 DF PROTO=TCP SPT=48610 DPT=3060 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=24002 DF PROTO=TCP SPT=48610 DPT=3060 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.116 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60477 DF PROTO=TCP SPT=48620 DPT=3060 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:51:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.182 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42805 DPT=5090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:51:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.121 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=28900 DF PROTO=TCP SPT=46500 DPT=40453 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.121 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63254 DF PROTO=TCP SPT=55220 DPT=40453 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36010 SEQ=1 Nov 9 11:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47141 SEQ=1 Nov 9 11:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36010 SEQ=1 Nov 9 11:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29013 SEQ=1 Nov 9 11:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47141 SEQ=1 Nov 9 11:51:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.121 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=24966 DF PROTO=TCP SPT=55244 DPT=40453 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:52:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=24661 PROTO=TCP SPT=56256 DPT=8023 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:52:02 server83 systemd: Started Session 311375 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311376 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311377 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311379 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311378 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311381 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311380 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311382 of user root. Nov 9 11:52:02 server83 systemd: Started Session 311383 of user root. Nov 9 11:52:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23582 SEQ=1 Nov 9 11:52:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21916 SEQ=1 Nov 9 11:52:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13211 DF PROTO=TCP SPT=49157 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:03 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=49 TOS=0x00 PREC=0x00 TTL=51 ID=57142 PROTO=UDP SPT=33898 DPT=5683 LEN=29 Nov 9 11:52:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8410 PROTO=TCP SPT=36049 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13212 DF PROTO=TCP SPT=49157 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8411 PROTO=TCP SPT=36049 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.216.66.154 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=31850 DF PROTO=TCP SPT=32874 DPT=9202 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 11:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8412 PROTO=TCP SPT=36049 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13213 DF PROTO=TCP SPT=49157 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=8413 PROTO=TCP SPT=36049 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6749 SEQ=1 Nov 9 11:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11419 SEQ=1 Nov 9 11:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6749 SEQ=1 Nov 9 11:52:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13214 DF PROTO=TCP SPT=49157 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13215 DF PROTO=TCP SPT=49366 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13216 DF PROTO=TCP SPT=49366 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.207.253.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=55723 DPT=5090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:52:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13217 DF PROTO=TCP SPT=49366 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13218 DF PROTO=TCP SPT=49157 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14290 SEQ=1 Nov 9 11:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40296 SEQ=1 Nov 9 11:52:19 server83 aibolit_wrapper[3964]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626693396278792.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626693396279946.txt --log=/tmp/malware_cleaner_log_17626693396281156.txt --progress=/tmp/malware_cleaner_progress_17626693396280832.json --csv_result=/tmp/revisium_csvfile_17626693396280962.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:52:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13219 DF PROTO=TCP SPT=49366 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27392 SEQ=1 Nov 9 11:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48917 SEQ=1 Nov 9 11:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41389 SEQ=1 Nov 9 11:52:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.120.89 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=5030 DF PROTO=TCP SPT=40366 DPT=10176 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:52:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23474 PROTO=TCP SPT=46235 DPT=45513 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:52:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:52:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13220 DF PROTO=TCP SPT=49366 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:52:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=42470 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11334 SEQ=1 Nov 9 11:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4176 SEQ=1 Nov 9 11:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63227 SEQ=1 Nov 9 11:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9708 SEQ=1 Nov 9 11:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53594 SEQ=1 Nov 9 11:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53594 SEQ=1 Nov 9 11:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11334 SEQ=1 Nov 9 11:52:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43151 PROTO=TCP SPT=46370 DPT=3168 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:52:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61101 PROTO=TCP SPT=51187 DPT=6731 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:52:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:52:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=64167 PROTO=TCP SPT=43571 DPT=19101 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:52:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=52916 DF PROTO=ICMP TYPE=8 CODE=0 ID=15413 SEQ=33392 Nov 9 11:52:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50360 SEQ=1 Nov 9 11:52:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32941 SEQ=1 Nov 9 11:52:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50360 SEQ=1 Nov 9 11:52:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.27 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=18251 PROTO=TCP SPT=8742 DPT=8636 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:52:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.54.31.38 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=39761 PROTO=TCP SPT=23320 DPT=10000 WINDOW=55447 RES=0x00 SYN URGP=0 Nov 9 11:52:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49147 SEQ=1 Nov 9 11:52:50 server83 aibolit_wrapper[4664]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626693702738164.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626693702739790.txt --log=/tmp/malware_cleaner_log_17626693702741464.txt --progress=/tmp/malware_cleaner_progress_17626693702741004.json --csv_result=/tmp/revisium_csvfile_17626693702741220.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:52:52 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 11:52:52 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:52:52 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 11:52:54 server83 aibolit_wrapper[4839]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626693744474724.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626693744476312.txt --log=/tmp/malware_cleaner_log_17626693744478026.txt --progress=/tmp/malware_cleaner_progress_17626693744477620.json --csv_result=/tmp/revisium_csvfile_17626693744477802.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:52:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=1.1.1.1 DST=145.239.177.179 LEN=140 TOS=0x00 PREC=0x00 TTL=52 ID=63003 DF PROTO=UDP SPT=53 DPT=41452 LEN=120 Nov 9 11:52:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=62692 PROTO=TCP SPT=53789 DPT=38443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:52:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39266 PROTO=TCP SPT=46370 DPT=1184 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4416] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4421] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4422] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4426] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4436] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4439] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:52:59 server83 NetworkManager[922]: <info> [1762669379.4451] dhcp4 (eth1): dhclient started with pid 4929 Nov 9 11:52:59 server83 dhclient[4929]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3ccdc33e) Nov 9 11:52:59 server83 aibolit_wrapper[4948]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626693798202424.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626693798204034.txt --log=/tmp/malware_cleaner_log_17626693798205588.txt --progress=/tmp/malware_cleaner_progress_17626693798205224.json --csv_result=/tmp/revisium_csvfile_17626693798205402.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:53:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55071 PROTO=TCP SPT=49956 DPT=28624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:53:01 server83 systemd: Started Session 311384 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311386 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311385 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311387 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311388 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311389 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311390 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311391 of user root. Nov 9 11:53:01 server83 systemd: Started Session 311392 of user root. Nov 9 11:53:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32328 SEQ=1 Nov 9 11:53:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35615 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:53:05 server83 aibolit_wrapper[5214]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626693852933902.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626693852936718.txt --progress=/tmp/malware_cleaner_progress_17626693852936364.json --csv_result=/tmp/revisium_csvfile_17626693852936534.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:53:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16377 SEQ=1 Nov 9 11:53:06 server83 dhclient[4929]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3ccdc33e) Nov 9 11:53:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22695 SEQ=1 Nov 9 11:53:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17523 SEQ=1 Nov 9 11:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10855 PROTO=TCP SPT=40658 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10856 PROTO=TCP SPT=40658 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31838 PROTO=TCP SPT=39006 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10857 PROTO=TCP SPT=40658 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31839 PROTO=TCP SPT=39006 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10858 PROTO=TCP SPT=40658 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31840 PROTO=TCP SPT=39006 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18082 SEQ=1 Nov 9 11:53:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17219 SEQ=1 Nov 9 11:53:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31842 PROTO=TCP SPT=39006 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:53:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61332 SEQ=1 Nov 9 11:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60769 SEQ=1 Nov 9 11:53:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.221.137.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57127 DPT=5002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18082 SEQ=1 Nov 9 11:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9451 SEQ=1 Nov 9 11:53:21 server83 dhclient[4929]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x3ccdc33e) Nov 9 11:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3276 SEQ=1 Nov 9 11:53:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=23351 DF PROTO=ICMP TYPE=8 CODE=0 ID=49295 SEQ=53833 Nov 9 11:53:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.34 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=8790 PROTO=TCP SPT=50439 DPT=5900 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:53:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=47236 PROTO=TCP SPT=38643 DPT=981 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:53:30 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 11:53:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3642 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:53:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=38263 PROTO=TCP SPT=56033 DPT=7707 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:53:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19368 PROTO=TCP SPT=49956 DPT=26174 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:53:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:53:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.237.156.209 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39836 DPT=5242 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:53:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38767 SEQ=1 Nov 9 11:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34416 SEQ=1 Nov 9 11:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34416 SEQ=1 Nov 9 11:53:39 server83 dhclient[4929]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3ccdc33e) Nov 9 11:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35816 SEQ=1 Nov 9 11:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31047 SEQ=1 Nov 9 11:53:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3641 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:53:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:53:44 server83 NetworkManager[922]: <warn> [1762669424.4379] dhcp4 (eth1): request timed out Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4379] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4539] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4929 Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4539] dhcp4 (eth1): state changed timeout -> done Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4541] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:53:44 server83 NetworkManager[922]: <warn> [1762669424.4544] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4545] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4574] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4577] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4577] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4581] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4590] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4593] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:53:44 server83 NetworkManager[922]: <info> [1762669424.4604] dhcp4 (eth1): dhclient started with pid 5943 Nov 9 11:53:44 server83 dhclient[5943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x845cbd2) Nov 9 11:53:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6708 PROTO=TCP SPT=49956 DPT=27130 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47315 SEQ=1 Nov 9 11:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12853 SEQ=1 Nov 9 11:53:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.141 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=7757 PROTO=TCP SPT=43432 DPT=43640 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5227 SEQ=1 Nov 9 11:53:52 server83 dhclient[5943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x845cbd2) Nov 9 11:53:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6419 SEQ=1 Nov 9 11:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28163 SEQ=1 Nov 9 11:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13228 PROTO=TCP SPT=46370 DPT=1777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:54:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.193.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=54321 PROTO=TCP SPT=56372 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:54:01 server83 systemd: Started Session 311393 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311394 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311395 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311397 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311400 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311401 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311398 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311396 of user root. Nov 9 11:54:01 server83 systemd: Started Session 311399 of user root. Nov 9 11:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6176 SEQ=1 Nov 9 11:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=4348 PROTO=TCP SPT=38543 DPT=11369 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:54:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.6 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=40919 PROTO=TCP SPT=26200 DPT=40001 WINDOW=34458 RES=0x00 SYN URGP=0 Nov 9 11:54:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61138 SEQ=1 Nov 9 11:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8902 SEQ=1 Nov 9 11:54:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.55 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=45 ID=53147 DF PROTO=UDP SPT=38966 DPT=37810 LEN=9 Nov 9 11:54:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.127 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=34473 DF PROTO=TCP SPT=25172 DPT=9850 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:54:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65003 SEQ=1 Nov 9 11:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61138 SEQ=1 Nov 9 11:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42832 SEQ=1 Nov 9 11:54:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46088 PROTO=TCP SPT=55105 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.186.79.37 DST=145.239.177.179 LEN=34 TOS=0x00 PREC=0x00 TTL=47 ID=9663 PROTO=ICMP TYPE=8 CODE=0 ID=9663 SEQ=0 Nov 9 11:54:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20373 SEQ=1 Nov 9 11:54:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46089 PROTO=TCP SPT=55105 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14277 PROTO=TCP SPT=48953 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46090 PROTO=TCP SPT=55105 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14278 PROTO=TCP SPT=48953 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46091 PROTO=TCP SPT=55105 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14279 PROTO=TCP SPT=48953 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:13 server83 dhclient[5943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x845cbd2) Nov 9 11:54:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.221 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14281 PROTO=TCP SPT=48953 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:54:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=38951 PROTO=TCP SPT=33353 DPT=5599 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=58683 DF PROTO=ICMP TYPE=8 CODE=0 ID=17980 SEQ=20614 Nov 9 11:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52726 SEQ=1 Nov 9 11:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=964 SEQ=1 Nov 9 11:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33501 SEQ=1 Nov 9 11:54:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3692 SEQ=1 Nov 9 11:54:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4126 PROTO=TCP SPT=46370 DPT=2506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:54:26 server83 dhclient[5943]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x845cbd2) Nov 9 11:54:29 server83 NetworkManager[922]: <warn> [1762669469.4513] dhcp4 (eth1): request timed out Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5943 Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4673] dhcp4 (eth1): state changed timeout -> done Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4674] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:54:29 server83 NetworkManager[922]: <warn> [1762669469.4678] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4679] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4710] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4711] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4713] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4722] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4724] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:54:29 server83 NetworkManager[922]: <info> [1762669469.4734] dhcp4 (eth1): dhclient started with pid 6737 Nov 9 11:54:29 server83 dhclient[6737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5e2ddd37) Nov 9 11:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58074 SEQ=1 Nov 9 11:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8934 SEQ=1 Nov 9 11:54:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:54:37 server83 dhclient[6737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5e2ddd37) Nov 9 11:54:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43848 SEQ=1 Nov 9 11:54:40 server83 aibolit_wrapper[7019]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626694806128010.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626694806129972.txt --log=/tmp/malware_cleaner_log_17626694806131794.txt --progress=/tmp/malware_cleaner_progress_17626694806131292.json --csv_result=/tmp/revisium_csvfile_17626694806131510.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:54:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47250 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:54:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:54:45 server83 dhclient[6737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5e2ddd37) Nov 9 11:54:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:54:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.208.169 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=5397 DF PROTO=TCP SPT=47306 DPT=45678 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27531 SEQ=1 Nov 9 11:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18689 SEQ=1 Nov 9 11:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1068 SEQ=1 Nov 9 11:54:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32569 SEQ=1 Nov 9 11:54:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19413 SEQ=1 Nov 9 11:54:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9522 SEQ=1 Nov 9 11:54:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:54:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:54:55 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 11:54:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.85 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=1259 DF PROTO=UDP SPT=56774 DPT=11 LEN=9 Nov 9 11:54:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.86 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32614 PROTO=TCP SPT=44242 DPT=2628 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:54:58 server83 dhclient[6737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x5e2ddd37) Nov 9 11:54:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32099 PROTO=TCP SPT=45727 DPT=30163 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:54:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46502 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:01 server83 systemd: Started Session 311402 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311403 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311404 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311405 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311406 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311407 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311408 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311409 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311410 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311411 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311412 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311414 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311413 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311415 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311416 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311418 of user root. Nov 9 11:55:01 server83 systemd: Started Session 311417 of user root. Nov 9 11:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43725 SEQ=1 Nov 9 11:55:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17853 SEQ=1 Nov 9 11:55:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18661 PROTO=TCP SPT=46235 DPT=13539 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:55:05 server83 dhclient[6737]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x5e2ddd37) Nov 9 11:55:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11974 SEQ=1 Nov 9 11:55:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8544 SEQ=1 Nov 9 11:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5705 SEQ=1 Nov 9 11:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37192 SEQ=1 Nov 9 11:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36804 SEQ=1 Nov 9 11:55:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.241 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49982 DPT=4172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.122 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53320 DPT=9506 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:14 server83 NetworkManager[922]: <warn> [1762669514.4469] dhcp4 (eth1): request timed out Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4469] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4629] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6737 Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4629] dhcp4 (eth1): state changed timeout -> done Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4632] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:55:14 server83 NetworkManager[922]: <warn> [1762669514.4635] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4636] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4667] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4669] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4670] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4672] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4681] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4683] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 11:55:14 server83 NetworkManager[922]: <info> [1762669514.4695] dhcp4 (eth1): dhclient started with pid 7843 Nov 9 11:55:14 server83 dhclient[7843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x1929a34c) Nov 9 11:55:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3640 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:55:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30470 SEQ=1 Nov 9 11:55:19 server83 dhclient[7843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x1929a34c) Nov 9 11:55:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.85.254 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48556 DPT=7006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3883 SEQ=1 Nov 9 11:55:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56300 PROTO=TCP SPT=45727 DPT=31478 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19639 SEQ=1 Nov 9 11:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32805 SEQ=1 Nov 9 11:55:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47518 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54450 PROTO=TCP SPT=47274 DPT=1047 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:55:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.235.36 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=3884 DF PROTO=TCP SPT=46608 DPT=45045 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:55:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3647 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:55:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29327 SEQ=1 Nov 9 11:55:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17657 SEQ=1 Nov 9 11:55:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20057 SEQ=1 Nov 9 11:55:32 server83 dhclient[7843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x1929a34c) Nov 9 11:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.208 DST=145.239.177.179 LEN=69 TOS=0x00 PREC=0x00 TTL=112 ID=32196 DF PROTO=ICMP TYPE=8 CODE=0 ID=46925 SEQ=61692 Nov 9 11:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=200 SEQ=1 Nov 9 11:55:36 server83 aibolit_wrapper[8172]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626695361350730.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626695361352128.txt --log=/tmp/malware_cleaner_log_17626695361353386.txt --progress=/tmp/malware_cleaner_progress_17626695361352982.json --csv_result=/tmp/revisium_csvfile_17626695361353176.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:55:38 server83 scripts.sh: Sun Nov 9 11:55:38 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 11:55:43 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:55:46 server83 aibolit_wrapper[8456]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626695464404960.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626695464406336.txt --log=/tmp/malware_cleaner_log_17626695464407896.txt --progress=/tmp/malware_cleaner_progress_17626695464407454.json --csv_result=/tmp/revisium_csvfile_17626695464407654.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:55:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:55:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3639 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54793 SEQ=1 Nov 9 11:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12366 SEQ=1 Nov 9 11:55:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=51811 DPT=5987 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34563 SEQ=1 Nov 9 11:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51223 SEQ=1 Nov 9 11:55:51 server83 aibolit_wrapper[8587]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626695515703898.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626695515704736.txt --log=/tmp/malware_cleaner_log_17626695515705542.txt --progress=/tmp/malware_cleaner_progress_17626695515705348.json --csv_result=/tmp/revisium_csvfile_17626695515705444.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:55:52 server83 dhclient[7843]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x1929a34c) Nov 9 11:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17182 SEQ=1 Nov 9 11:55:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3638 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:55:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.134 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2023 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 11:55:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20988 SEQ=1 Nov 9 11:55:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54522 DPT=5443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:56 server83 aibolit_wrapper[8816]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626695568813730.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626695568815542.txt --progress=/tmp/malware_cleaner_progress_17626695568815346.json --csv_result=/tmp/revisium_csvfile_17626695568815444.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:55:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.81.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49394 DPT=7006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:55:59 server83 NetworkManager[922]: <warn> [1762669559.4378] dhcp4 (eth1): request timed out Nov 9 11:55:59 server83 NetworkManager[922]: <info> [1762669559.4378] dhcp4 (eth1): state changed unknown -> timeout Nov 9 11:55:59 server83 NetworkManager[922]: <info> [1762669559.4537] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7843 Nov 9 11:55:59 server83 NetworkManager[922]: <info> [1762669559.4538] dhcp4 (eth1): state changed timeout -> done Nov 9 11:55:59 server83 NetworkManager[922]: <info> [1762669559.4540] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 11:55:59 server83 NetworkManager[922]: <warn> [1762669559.4542] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 11:55:59 server83 NetworkManager[922]: <info> [1762669559.4544] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 11:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:56:01 server83 systemd: Started Session 311421 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311420 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311419 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311422 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311424 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311425 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311426 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311427 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311428 of user root. Nov 9 11:56:01 server83 systemd: Started Session 311423 of user root. Nov 9 11:56:02 server83 aibolit_wrapper[8971]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626695621501976.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626695621505232.txt --progress=/tmp/malware_cleaner_progress_17626695621504828.json --csv_result=/tmp/revisium_csvfile_17626695621505022.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:56:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44056 PROTO=TCP SPT=41811 DPT=2437 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42865 SEQ=1 Nov 9 11:56:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47369 SEQ=1 Nov 9 11:56:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38121 SEQ=1 Nov 9 11:56:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2059 SEQ=1 Nov 9 11:56:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42865 SEQ=1 Nov 9 11:56:07 server83 aibolit_wrapper[9089]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626695676232914.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626695676234308.txt --log=/tmp/malware_cleaner_log_17626695676235880.txt --progress=/tmp/malware_cleaner_progress_17626695676235406.json --csv_result=/tmp/revisium_csvfile_17626695676235600.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:56:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37350 SEQ=1 Nov 9 11:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23482 SEQ=1 Nov 9 11:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43300 SEQ=1 Nov 9 11:56:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64289 SEQ=1 Nov 9 11:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4718 PROTO=TCP SPT=49956 DPT=26178 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.17 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=35425 PROTO=TCP SPT=51289 DPT=44819 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60784 SEQ=1 Nov 9 11:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23482 SEQ=1 Nov 9 11:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=43787 DF PROTO=ICMP TYPE=8 CODE=0 ID=10929 SEQ=32529 Nov 9 11:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=2654 DF PROTO=ICMP TYPE=8 CODE=0 ID=18683 SEQ=13720 Nov 9 11:56:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27804 PROTO=TCP SPT=44048 DPT=8875 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:56:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=12506 PROTO=TCP SPT=49581 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=21065 PROTO=TCP SPT=49581 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.117 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56185 DPT=9139 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:56:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.125 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51365 DPT=21280 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:56:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3646 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21739 SEQ=1 Nov 9 11:56:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41467 SEQ=1 Nov 9 11:56:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=38781 PROTO=TCP SPT=49581 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:56:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.202 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=62045 DF PROTO=TCP SPT=44284 DPT=5173 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:56:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.202 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=62046 DF PROTO=TCP SPT=44284 DPT=5173 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:56:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.202 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=62882 DF PROTO=TCP SPT=44290 DPT=5173 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:56:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.202 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=62883 DF PROTO=TCP SPT=44290 DPT=5173 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:56:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.202 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1583 DF PROTO=TCP SPT=44300 DPT=5173 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:56:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.202 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1584 DF PROTO=TCP SPT=44300 DPT=5173 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:56:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:56:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33347 SEQ=1 Nov 9 11:56:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:56:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:56:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3753 SEQ=1 Nov 9 11:56:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44826 SEQ=1 Nov 9 11:56:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3645 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29962 SEQ=1 Nov 9 11:56:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.95 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=53000 PROTO=TCP SPT=55780 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3753 SEQ=1 Nov 9 11:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44826 SEQ=1 Nov 9 11:56:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.221.141.145 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=30670 DF PROTO=TCP SPT=31694 DPT=6008 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 11:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 11:57:01 server83 systemd: Started Session 311429 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311430 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311432 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311431 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311433 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311434 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311436 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311435 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311437 of user root. Nov 9 11:57:01 server83 systemd: Started Session 311438 of user root. Nov 9 11:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50111 SEQ=1 Nov 9 11:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54364 SEQ=1 Nov 9 11:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54364 SEQ=1 Nov 9 11:57:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50495 SEQ=1 Nov 9 11:57:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=1 Nov 9 11:57:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.177.229.130 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=52 ID=56625 DF PROTO=ICMP TYPE=8 CODE=0 ID=36353 SEQ=12805 Nov 9 11:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22384 SEQ=1 Nov 9 11:57:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.201 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55501 DPT=43676 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:57:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=43715 DPT=5989 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:57:15 server83 kernel: No UUID available providing old NGUID Nov 9 11:57:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:57:16 server83 aibolit_wrapper[10385]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626696368787796.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626696368789424.txt --log=/tmp/malware_cleaner_log_17626696368791290.txt --progress=/tmp/malware_cleaner_progress_17626696368790706.json --csv_result=/tmp/revisium_csvfile_17626696368790956.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11902 SEQ=1 Nov 9 11:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11902 SEQ=1 Nov 9 11:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23477 SEQ=1 Nov 9 11:57:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26689 SEQ=1 Nov 9 11:57:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25204 SEQ=1 Nov 9 11:57:22 server83 aibolit_wrapper[10485]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626696422728328.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626696422729370.txt --log=/tmp/malware_cleaner_log_17626696422730310.txt --progress=/tmp/malware_cleaner_progress_17626696422730086.json --csv_result=/tmp/revisium_csvfile_17626696422730190.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:57:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23848 SEQ=1 Nov 9 11:57:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37779 SEQ=1 Nov 9 11:57:34 server83 aibolit_wrapper[10706]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626696549237158.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626696549238134.txt --log=/tmp/malware_cleaner_log_17626696549239102.txt --progress=/tmp/malware_cleaner_progress_17626696549238832.json --csv_result=/tmp/revisium_csvfile_17626696549238956.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:57:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3644 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:57:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=61351 DF PROTO=ICMP TYPE=8 CODE=0 ID=12750 SEQ=49609 Nov 9 11:57:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17185 SEQ=1 Nov 9 11:57:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10592 SEQ=1 Nov 9 11:57:40 server83 aibolit_wrapper[10866]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626696601934218.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626696601935928.txt --log=/tmp/malware_cleaner_log_17626696601937590.txt --progress=/tmp/malware_cleaner_progress_17626696601937184.json --csv_result=/tmp/revisium_csvfile_17626696601937380.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:57:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 11:57:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=53645 DPT=32080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:57:46 server83 systemd: Started Session c2876 of user root. Nov 9 11:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.92.27.206 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=41153 DPT=32080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:57:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:57:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:57:46 server83 scripts.sh: Load Average: 3.43 , 2.72 Nov 9 11:57:46 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 11:57:46 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 11:57:46 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 11:57:46 server83 scripts.sh: HTTPD Status: inactive Nov 9 11:57:46 server83 scripts.sh: MySQL Status: active Nov 9 11:57:46 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 11:57:46 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 11:57:46 server83 scripts.sh: SSHD Status: active Nov 9 11:57:46 server83 scripts.sh: FTP Status: active Nov 9 11:57:46 server83 scripts.sh: LiteSpeed Status: Active Nov 9 11:57:46 server83 scripts.sh: Imunify Status: Active Nov 9 11:57:46 server83 scripts.sh: cPanel Status: active Nov 9 11:57:46 server83 scripts.sh: Memory Status: 12/31 GB - 41.06% Nov 9 11:57:46 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 11:57:46 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 11:57:46 server83 scripts.sh: Local Version: 4.4.5 Nov 9 11:57:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.44.163.138 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=30237 DF PROTO=ICMP TYPE=8 CODE=0 ID=40272 SEQ=28257 Nov 9 11:57:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12866 SEQ=1 Nov 9 11:57:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12866 SEQ=1 Nov 9 11:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59262 SEQ=1 Nov 9 11:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7086 SEQ=1 Nov 9 11:57:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12396 SEQ=1 Nov 9 11:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55243 SEQ=1 Nov 9 11:57:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:57:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=26803 PROTO=TCP SPT=46077 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:58:01 server83 systemd: Started Session 311440 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311439 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311442 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311441 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311443 of user root. Nov 9 11:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 11:58:01 server83 systemd: Started Session 311444 of user metalarts. Nov 9 11:58:01 server83 systemd: Started Session 311446 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311448 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311445 of user root. Nov 9 11:58:01 server83 systemd: Started Session 311447 of user root. Nov 9 11:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 11:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42469 PROTO=TCP SPT=45727 DPT=34208 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61004 SEQ=1 Nov 9 11:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9886 SEQ=1 Nov 9 11:58:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=37019 PROTO=TCP SPT=63101 DPT=103 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:58:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65286 SEQ=1 Nov 9 11:58:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9886 SEQ=1 Nov 9 11:58:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.143 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54899 DPT=9683 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:58:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.129 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=33953 PROTO=TCP SPT=29864 DPT=2003 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 11:58:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17646 SEQ=1 Nov 9 11:58:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1512 SEQ=1 Nov 9 11:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 11:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 11:58:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33537 SEQ=1 Nov 9 11:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15881 SEQ=1 Nov 9 11:58:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13221 DF PROTO=TCP SPT=56989 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:58:27 server83 imunify-auditd-log-reader[9638]: error messages suppressed: 57 Nov 9 11:58:27 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 11:58:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13222 DF PROTO=TCP SPT=56989 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:58:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13223 DF PROTO=TCP SPT=56989 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:58:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13224 DF PROTO=TCP SPT=56989 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:58:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7470 SEQ=1 Nov 9 11:58:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2005 SEQ=1 Nov 9 11:58:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.159.99.101 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36126 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:58:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1285 SEQ=1 Nov 9 11:58:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7470 SEQ=1 Nov 9 11:58:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7849 SEQ=1 Nov 9 11:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5163 SEQ=1 Nov 9 11:58:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13225 DF PROTO=TCP SPT=56989 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:58:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.42 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=57042 DF PROTO=TCP SPT=55364 DPT=30000 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.42 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=57043 DF PROTO=TCP SPT=55364 DPT=30000 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.42 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=450 DF PROTO=TCP SPT=55366 DPT=30000 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:58:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.42 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=451 DF PROTO=TCP SPT=55366 DPT=30000 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:58:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6070 PROTO=TCP SPT=42111 DPT=2417 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:58:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13284 SEQ=1 Nov 9 11:58:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.42 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=452 DF PROTO=TCP SPT=55366 DPT=30000 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:58:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65486 SEQ=1 Nov 9 11:58:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40196 SEQ=1 Nov 9 11:58:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9934 SEQ=1 Nov 9 11:58:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:58:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:58:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42905 SEQ=1 Nov 9 11:58:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.42 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=43788 DF PROTO=TCP SPT=55400 DPT=30000 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 11:58:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44103 SEQ=1 Nov 9 11:58:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51621 PROTO=TCP SPT=58603 DPT=8933 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:58:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.211.52.151 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=28753 DF PROTO=TCP SPT=29777 DPT=7170 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 11:58:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:59:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13226 DF PROTO=TCP SPT=57813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:01 server83 systemd: Started Session 311449 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311450 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311452 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311453 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311454 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311455 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311451 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311456 of user root. Nov 9 11:59:01 server83 systemd: Started Session 311457 of user root. Nov 9 11:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13227 DF PROTO=TCP SPT=57813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.81.14 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=22256 PROTO=TCP SPT=34934 DPT=27423 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:59:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13228 DF PROTO=TCP SPT=57813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.193.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=54321 PROTO=TCP SPT=46975 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5700 SEQ=1 Nov 9 11:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55715 SEQ=1 Nov 9 11:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22289 SEQ=1 Nov 9 11:59:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13229 DF PROTO=TCP SPT=57813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45951 SEQ=1 Nov 9 11:59:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56453 SEQ=1 Nov 9 11:59:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.227.160.122 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=41184 PROTO=TCP SPT=61006 DPT=12000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:59:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13230 DF PROTO=TCP SPT=57813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47172 SEQ=1 Nov 9 11:59:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40374 SEQ=1 Nov 9 11:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2856 SEQ=1 Nov 9 11:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9098 SEQ=1 Nov 9 11:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41166 SEQ=1 Nov 9 11:59:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9098 SEQ=1 Nov 9 11:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40374 SEQ=1 Nov 9 11:59:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=164.92.123.179 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=58275 PROTO=TCP SPT=61007 DPT=15000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 11:59:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.105 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=3961 DF PROTO=TCP SPT=50372 DPT=8800 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:59:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13231 DF PROTO=TCP SPT=58608 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45885 SEQ=1 Nov 9 11:59:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.106 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=45180 DF PROTO=ICMP TYPE=8 CODE=0 ID=27022 SEQ=20560 Nov 9 11:59:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13232 DF PROTO=TCP SPT=58608 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51254 SEQ=1 Nov 9 11:59:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42958 SEQ=1 Nov 9 11:59:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13233 DF PROTO=TCP SPT=58608 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6043 SEQ=1 Nov 9 11:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44552 SEQ=1 Nov 9 11:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55194 SEQ=1 Nov 9 11:59:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13234 DF PROTO=TCP SPT=58608 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=123.58.213.118 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=6530 DF PROTO=TCP SPT=45578 DPT=9359 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 11:59:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 11:59:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 11:59:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 11:59:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=50034 PROTO=TCP SPT=47715 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:59:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13235 DF PROTO=TCP SPT=58608 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.121 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=61913 DF PROTO=TCP SPT=3282 DPT=8089 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 11:59:47 server83 aibolit_wrapper[13877]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626697875989696.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626697875991362.txt --log=/tmp/malware_cleaner_log_17626697875993280.txt --progress=/tmp/malware_cleaner_progress_17626697875992616.json --csv_result=/tmp/revisium_csvfile_17626697875992870.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 11:59:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=50035 PROTO=TCP SPT=47715 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:59:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59482 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 11:59:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=50036 PROTO=TCP SPT=47715 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:59:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54163 PROTO=TCP SPT=43920 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:59:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24823 SEQ=1 Nov 9 11:59:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.239.60.203 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=21573 DF PROTO=ICMP TYPE=8 CODE=0 ID=20515 SEQ=13882 Nov 9 11:59:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35314 SEQ=1 Nov 9 11:59:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63298 SEQ=1 Nov 9 11:59:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54165 PROTO=TCP SPT=43920 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 11:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50347 SEQ=1 Nov 9 11:59:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3637 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 11:59:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13239 DF PROTO=TCP SPT=59063 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 11:59:57 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 11:59:57 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 11:59:57 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:00:01 server83 systemd: Started Session 311458 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311459 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311461 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311463 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311460 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311464 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311465 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311466 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311467 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311462 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311468 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311470 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311471 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311472 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311469 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311473 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311478 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311477 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311474 of user root. Nov 9 12:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 12:00:01 server83 systemd: Started Session 311479 of user sanatanhinduvahi. Nov 9 12:00:01 server83 systemd: Started Session 311481 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311476 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311480 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311475 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311482 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311484 of user root. Nov 9 12:00:01 server83 systemd: Created slice User Slice of mailman. Nov 9 12:00:01 server83 systemd: Started Session 311483 of user mailman. Nov 9 12:00:01 server83 systemd: Started Session 311485 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311486 of user root. Nov 9 12:00:01 server83 systemd: Started Session 311487 of user root. Nov 9 12:00:01 server83 systemd: Removed slice User Slice of mailman. Nov 9 12:00:01 server83 systemd: Removed slice User Slice of sanatanhinduvahi. Nov 9 12:00:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58671 SEQ=1 Nov 9 12:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58671 SEQ=1 Nov 9 12:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64175 SEQ=1 Nov 9 12:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64175 SEQ=1 Nov 9 12:00:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7038 SEQ=1 Nov 9 12:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13240 DF PROTO=TCP SPT=59063 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.182.174 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=5750 DF PROTO=TCP SPT=48296 DPT=4036 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21331 SEQ=1 Nov 9 12:00:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40354 SEQ=1 Nov 9 12:00:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23745 SEQ=1 Nov 9 12:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11724 SEQ=1 Nov 9 12:00:09 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.132.187 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=19323 DPT=19323 LEN=16 Nov 9 12:00:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.193 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=49310 PROTO=TCP SPT=53904 DPT=14436 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:00:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:00:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:00:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12313 SEQ=1 Nov 9 12:00:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:00:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63882 SEQ=1 Nov 9 12:00:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:00:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:00:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27231 SEQ=1 Nov 9 12:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43074 SEQ=1 Nov 9 12:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45300 SEQ=1 Nov 9 12:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43074 SEQ=1 Nov 9 12:00:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.93.201.79 DST=51.210.113.204 LEN=440 TOS=0x18 PREC=0xA0 TTL=50 ID=54874 DF PROTO=UDP SPT=5199 DPT=5060 LEN=420 Nov 9 12:00:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51713 DPT=2002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:00:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=54771 DPT=5938 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:00:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53097 PROTO=TCP SPT=46360 DPT=4242 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53364 SEQ=1 Nov 9 12:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1920 SEQ=1 Nov 9 12:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13422 SEQ=1 Nov 9 12:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5585 SEQ=1 Nov 9 12:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1920 SEQ=1 Nov 9 12:00:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.29.132.187 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=19323 DPT=19323 LEN=16 Nov 9 12:00:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10284 SEQ=1 Nov 9 12:00:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10284 SEQ=1 Nov 9 12:00:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3643 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:00:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:00:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34513 SEQ=1 Nov 9 12:00:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35051 PROTO=TCP SPT=45727 DPT=34315 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55729 SEQ=1 Nov 9 12:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39233 SEQ=1 Nov 9 12:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21980 SEQ=1 Nov 9 12:00:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21980 SEQ=1 Nov 9 12:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26387 SEQ=1 Nov 9 12:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55729 SEQ=1 Nov 9 12:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.204.107.51 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=23425 SEQ=0 Nov 9 12:00:54 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:00:54 server83 systemd: Stopped Status Update Service. Nov 9 12:00:54 server83 systemd: Started Status Update Service. Nov 9 12:00:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39623 PROTO=TCP SPT=56753 DPT=8112 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:00:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3636 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4393] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4398] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4399] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4401] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4412] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4414] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:00:59 server83 NetworkManager[922]: <info> [1762669859.4425] dhcp4 (eth1): dhclient started with pid 23752 Nov 9 12:00:59 server83 dhclient[23752]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x9c8141d) Nov 9 12:01:01 server83 systemd: Started Session 311488 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311489 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311491 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311490 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311492 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311493 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311494 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311496 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311495 of user root. Nov 9 12:01:01 server83 systemd: Started Session 311497 of user root. Nov 9 12:01:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:01:04 server83 dhclient[23752]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x9c8141d) Nov 9 12:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42906 SEQ=1 Nov 9 12:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7232 SEQ=1 Nov 9 12:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29213 SEQ=1 Nov 9 12:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7232 SEQ=1 Nov 9 12:01:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49463 SEQ=1 Nov 9 12:01:14 server83 dhclient[23752]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x9c8141d) Nov 9 12:01:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35260 SEQ=1 Nov 9 12:01:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.117 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50454 DPT=48166 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:01:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36904 SEQ=1 Nov 9 12:01:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=57382 PROTO=TCP SPT=39575 DPT=2492 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55571 SEQ=1 Nov 9 12:01:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3635 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:01:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45508 SEQ=1 Nov 9 12:01:25 server83 dhclient[23752]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x9c8141d) Nov 9 12:01:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=48392 PROTO=TCP SPT=59403 DPT=12288 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:01:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5677 SEQ=1 Nov 9 12:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14962 SEQ=1 Nov 9 12:01:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.230 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56313 DPT=3333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22157 SEQ=1 Nov 9 12:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5267 SEQ=1 Nov 9 12:01:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8486 SEQ=1 Nov 9 12:01:33 server83 aibolit_wrapper[28029]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626698937368148.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626698937369332.txt --log=/tmp/malware_cleaner_log_17626698937370396.txt --progress=/tmp/malware_cleaner_progress_17626698937370090.json --csv_result=/tmp/revisium_csvfile_17626698937370248.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:01:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.43.63.38 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=34 ID=0 DF PROTO=TCP SPT=54606 DPT=6017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:01:36 server83 dhclient[23752]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x9c8141d) Nov 9 12:01:38 server83 aibolit_wrapper[28683]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626698979876190.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626698979877546.txt --log=/tmp/malware_cleaner_log_17626698979879012.txt --progress=/tmp/malware_cleaner_progress_17626698979878642.json --csv_result=/tmp/revisium_csvfile_17626698979878800.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:01:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12355 SEQ=1 Nov 9 12:01:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.123 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=14270 PROTO=TCP SPT=36274 DPT=20137 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:01:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=18427 PROTO=TCP SPT=56753 DPT=8115 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:01:42 server83 aibolit_wrapper[29213]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626699023014652.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626699023016174.txt --log=/tmp/malware_cleaner_log_17626699023017706.txt --progress=/tmp/malware_cleaner_progress_17626699023017304.json --csv_result=/tmp/revisium_csvfile_17626699023017494.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:01:43 server83 dhclient[23752]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x9c8141d) Nov 9 12:01:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.211.51.119 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=40446 DF PROTO=TCP SPT=41470 DPT=12178 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:01:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:01:44 server83 NetworkManager[922]: <warn> [1762669904.4393] dhcp4 (eth1): request timed out Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4553] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23752 Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4553] dhcp4 (eth1): state changed timeout -> done Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4555] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:01:44 server83 NetworkManager[922]: <warn> [1762669904.4559] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4561] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4593] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4597] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4597] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4600] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4616] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4622] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:01:44 server83 NetworkManager[922]: <info> [1762669904.4635] dhcp4 (eth1): dhclient started with pid 29460 Nov 9 12:01:44 server83 dhclient[29460]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x43dcf595) Nov 9 12:01:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53487 DPT=46896 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:01:47 server83 aibolit_wrapper[29933]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626699077164298.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626699077165356.txt --log=/tmp/malware_cleaner_log_17626699077166436.txt --progress=/tmp/malware_cleaner_progress_17626699077166192.json --csv_result=/tmp/revisium_csvfile_17626699077166300.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:01:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21799 SEQ=1 Nov 9 12:01:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38745 SEQ=1 Nov 9 12:01:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46472 SEQ=1 Nov 9 12:01:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62724 SEQ=1 Nov 9 12:01:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=32846 PROTO=TCP SPT=51046 DPT=8088 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:01:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20588 PROTO=TCP SPT=47940 DPT=4929 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55631 SEQ=1 Nov 9 12:01:51 server83 aibolit_wrapper[30385]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626699118414592.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626699118417286.txt --progress=/tmp/malware_cleaner_progress_17626699118416900.json --csv_result=/tmp/revisium_csvfile_17626699118417070.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:01:52 server83 dhclient[29460]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x43dcf595) Nov 9 12:01:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.129 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=21391 PROTO=TCP SPT=56296 DPT=41927 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:01:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:01:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:02:01 server83 pam_imunify_daemon.bin: time="2025-11-09T12:02:01+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 12:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:02:01 server83 systemd: Started Session 311498 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311500 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311499 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311503 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311501 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311502 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311505 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311506 of user root. Nov 9 12:02:01 server83 systemd: Started Session 311504 of user root. Nov 9 12:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:02:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40989 SEQ=1 Nov 9 12:02:03 server83 dhclient[29460]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x43dcf595) Nov 9 12:02:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.98 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54841 DPT=48186 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23628 SEQ=1 Nov 9 12:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40989 SEQ=1 Nov 9 12:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11016 SEQ=1 Nov 9 12:02:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3634 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34226 PROTO=TCP SPT=49956 DPT=29511 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:02:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22140 PROTO=TCP SPT=46928 DPT=4087 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41836 PROTO=TCP SPT=52632 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41837 PROTO=TCP SPT=52632 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9232 PROTO=TCP SPT=54306 DPT=5962 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.193.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=54321 PROTO=TCP SPT=60537 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40088 PROTO=TCP SPT=59522 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40090 PROTO=TCP SPT=59522 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11897 SEQ=1 Nov 9 12:02:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=40092 PROTO=TCP SPT=59522 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22559 SEQ=1 Nov 9 12:02:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18534 SEQ=1 Nov 9 12:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2062 SEQ=1 Nov 9 12:02:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63486 PROTO=TCP SPT=39163 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:23 server83 dhclient[29460]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x43dcf595) Nov 9 12:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43887 SEQ=1 Nov 9 12:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7540 SEQ=1 Nov 9 12:02:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=63488 PROTO=TCP SPT=39163 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:02:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=41341 PROTO=TCP SPT=59419 DPT=30330 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:02:29 server83 NetworkManager[922]: <warn> [1762669949.4513] dhcp4 (eth1): request timed out Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29460 Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4594] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:02:29 server83 NetworkManager[922]: <warn> [1762669949.4598] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4601] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4632] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4636] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4637] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4640] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4650] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4652] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:02:29 server83 NetworkManager[922]: <info> [1762669949.4662] dhcp4 (eth1): dhclient started with pid 2520 Nov 9 12:02:29 server83 dhclient[2520]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1eb4da6a) Nov 9 12:02:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=24774 DF PROTO=TCP SPT=35296 DPT=14096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=24775 DF PROTO=TCP SPT=35296 DPT=14096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44330 SEQ=1 Nov 9 12:02:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=24776 DF PROTO=TCP SPT=35296 DPT=14096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39318 DPT=31337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:36 server83 dhclient[2520]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1eb4da6a) Nov 9 12:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3971 SEQ=1 Nov 9 12:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46641 SEQ=1 Nov 9 12:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=24777 DF PROTO=TCP SPT=35296 DPT=14096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57221 SEQ=1 Nov 9 12:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2563 SEQ=1 Nov 9 12:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33237 SEQ=1 Nov 9 12:02:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=134.199.160.211 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=37704 DPT=11434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=177.197.193.179 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=108 ID=24778 DF PROTO=TCP SPT=35296 DPT=14096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.131 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=4755 PROTO=TCP SPT=56352 DPT=38604 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:02:48 server83 dhclient[2520]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x1eb4da6a) Nov 9 12:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18652 SEQ=1 Nov 9 12:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40988 SEQ=1 Nov 9 12:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35878 SEQ=1 Nov 9 12:02:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18652 SEQ=1 Nov 9 12:02:58 server83 aibolit_wrapper[6190]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626699785897370.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626699785898392.txt --log=/tmp/malware_cleaner_log_17626699785899424.txt --progress=/tmp/malware_cleaner_progress_17626699785899172.json --csv_result=/tmp/revisium_csvfile_17626699785899288.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:02:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=62544 PROTO=TCP SPT=46156 DPT=1147 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:02:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=15742 PROTO=TCP SPT=59419 DPT=19050 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:02:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.146 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51809 DPT=48486 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:02:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51881 DPT=9901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:03:01 server83 systemd: Started Session 311507 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311510 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311509 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311511 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311514 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311513 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311512 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311508 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311516 of user root. Nov 9 12:03:01 server83 systemd: Started Session 311515 of user root. Nov 9 12:03:01 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 12:03:02 server83 dhclient[2520]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x1eb4da6a) Nov 9 12:03:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2793 DF PROTO=TCP SPT=56710 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2794 DF PROTO=TCP SPT=56710 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19702 PROTO=TCP SPT=45727 DPT=32988 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:03:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13501 PROTO=TCP SPT=56095 DPT=6035 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:03:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2795 DF PROTO=TCP SPT=56710 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1523 SEQ=1 Nov 9 12:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57531 SEQ=1 Nov 9 12:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52975 PROTO=TCP SPT=57143 DPT=8604 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6411 SEQ=1 Nov 9 12:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31421 SEQ=1 Nov 9 12:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31011 SEQ=1 Nov 9 12:03:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6411 SEQ=1 Nov 9 12:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.242 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54178 DPT=20211 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=2388 PROTO=TCP SPT=53762 DPT=5050 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:03:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2796 DF PROTO=TCP SPT=56710 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63678 DF PROTO=TCP SPT=60706 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:13 server83 dhclient[2520]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x1eb4da6a) Nov 9 12:03:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63679 DF PROTO=TCP SPT=60706 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:14 server83 NetworkManager[922]: <warn> [1762669994.4508] dhcp4 (eth1): request timed out Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4508] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4667] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2520 Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4667] dhcp4 (eth1): state changed timeout -> done Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4669] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:03:14 server83 NetworkManager[922]: <warn> [1762669994.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4700] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4703] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4703] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4705] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4713] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4715] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:03:14 server83 NetworkManager[922]: <info> [1762669994.4726] dhcp4 (eth1): dhclient started with pid 8063 Nov 9 12:03:14 server83 dhclient[8063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x739e2d5e) Nov 9 12:03:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63680 DF PROTO=TCP SPT=60706 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:03:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.44 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2483 DF PROTO=TCP SPT=58656 DPT=30110 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.44 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=2484 DF PROTO=TCP SPT=58656 DPT=30110 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63681 DF PROTO=TCP SPT=60706 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:22 server83 dhclient[8063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x739e2d5e) Nov 9 12:03:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24116 SEQ=1 Nov 9 12:03:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60178 DF PROTO=TCP SPT=44074 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7841 SEQ=1 Nov 9 12:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25540 SEQ=1 Nov 9 12:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35448 SEQ=1 Nov 9 12:03:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60179 DF PROTO=TCP SPT=44074 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7331 SEQ=1 Nov 9 12:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60180 DF PROTO=TCP SPT=44074 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.123 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=56838 DF PROTO=TCP SPT=56774 DPT=41665 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:03:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60181 DF PROTO=TCP SPT=44074 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:30 server83 dhclient[8063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x739e2d5e) Nov 9 12:03:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13243 DF PROTO=TCP SPT=62946 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55613 SEQ=1 Nov 9 12:03:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13244 DF PROTO=TCP SPT=63101 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.52 DST=51.210.113.204 LEN=67 TOS=0x00 PREC=0x00 TTL=108 ID=65092 DF PROTO=ICMP TYPE=8 CODE=0 ID=31297 SEQ=61674 Nov 9 12:03:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13245 DF PROTO=TCP SPT=63101 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13766 SEQ=1 Nov 9 12:03:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61751 SEQ=1 Nov 9 12:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17941 PROTO=TCP SPT=33176 DPT=5937 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=52585 DF PROTO=TCP SPT=57342 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13246 DF PROTO=TCP SPT=63101 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24796 SEQ=1 Nov 9 12:03:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13247 DF PROTO=TCP SPT=63187 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13248 DF PROTO=TCP SPT=62946 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59399 SEQ=1 Nov 9 12:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13766 SEQ=1 Nov 9 12:03:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1359 DF PROTO=TCP SPT=57390 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13251 DF PROTO=TCP SPT=63101 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=57403 DF PROTO=TCP SPT=57416 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:43 server83 dhclient[8063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x739e2d5e) Nov 9 12:03:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=57404 DF PROTO=TCP SPT=57416 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13252 DF PROTO=TCP SPT=63187 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:44 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 12:03:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13253 DF PROTO=TCP SPT=62946 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=57405 DF PROTO=TCP SPT=57416 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:03:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37644 PROTO=TCP SPT=57857 DPT=5302 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:03:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4379 SEQ=1 Nov 9 12:03:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13254 DF PROTO=TCP SPT=63101 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39841 SEQ=1 Nov 9 12:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39841 SEQ=1 Nov 9 12:03:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.178 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=57406 DF PROTO=TCP SPT=57416 DPT=5433 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:03:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4379 SEQ=1 Nov 9 12:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18953 SEQ=1 Nov 9 12:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=29335 DF PROTO=ICMP TYPE=8 CODE=0 ID=64368 SEQ=24292 Nov 9 12:03:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13255 DF PROTO=TCP SPT=63187 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7547 SEQ=1 Nov 9 12:03:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:03:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:03:58 server83 dhclient[8063]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x739e2d5e) Nov 9 12:03:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:03:59 server83 NetworkManager[922]: <warn> [1762670039.4503] dhcp4 (eth1): request timed out Nov 9 12:03:59 server83 NetworkManager[922]: <info> [1762670039.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:03:59 server83 NetworkManager[922]: <info> [1762670039.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8063 Nov 9 12:03:59 server83 NetworkManager[922]: <info> [1762670039.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 12:03:59 server83 NetworkManager[922]: <info> [1762670039.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:03:59 server83 NetworkManager[922]: <warn> [1762670039.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:03:59 server83 NetworkManager[922]: <info> [1762670039.4675] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:01 server83 systemd: Started Session 311517 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311518 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311519 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311521 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311522 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311520 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311523 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311524 of user root. Nov 9 12:04:01 server83 systemd: Started Session 311525 of user root. Nov 9 12:04:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56699 SEQ=1 Nov 9 12:04:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56699 SEQ=1 Nov 9 12:04:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20687 SEQ=1 Nov 9 12:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40834 SEQ=1 Nov 9 12:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14302 SEQ=1 Nov 9 12:04:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.110 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=33812 DF PROTO=UDP SPT=10414 DPT=13 LEN=9 Nov 9 12:04:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.197 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=56379 DF PROTO=TCP SPT=42948 DPT=912 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:04:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50086 SEQ=1 Nov 9 12:04:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.197 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=29918 DF PROTO=TCP SPT=42960 DPT=912 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:04:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40369 SEQ=1 Nov 9 12:04:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.197 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=29919 DF PROTO=TCP SPT=42960 DPT=912 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:04:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.197 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=3253 DF PROTO=TCP SPT=42964 DPT=912 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:04:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.197 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=3254 DF PROTO=TCP SPT=42964 DPT=912 WINDOW=21900 RES=0x00 SYN URGP=0 Nov 9 12:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48595 SEQ=1 Nov 9 12:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48595 SEQ=1 Nov 9 12:04:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6553 SEQ=1 Nov 9 12:04:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30501 SEQ=1 Nov 9 12:04:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=53725 PROTO=TCP SPT=56114 DPT=7812 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:04:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:31 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=18992 PROTO=TCP SPT=59964 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44273 SEQ=1 Nov 9 12:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23665 SEQ=1 Nov 9 12:04:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8034 SEQ=1 Nov 9 12:04:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:04:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65055 SEQ=1 Nov 9 12:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57596 SEQ=1 Nov 9 12:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51351 SEQ=1 Nov 9 12:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41603 SEQ=1 Nov 9 12:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41603 SEQ=1 Nov 9 12:04:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.244.141.238 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=233 ID=34307 PROTO=TCP SPT=61014 DPT=8081 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:04:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3642 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:04:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:42 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 12:04:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44056 DPT=4145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:04:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:04:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:46 server83 aibolit_wrapper[20739]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626700864020750.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626700864022232.txt --log=/tmp/malware_cleaner_log_17626700864023626.txt --progress=/tmp/malware_cleaner_progress_17626700864023300.json --csv_result=/tmp/revisium_csvfile_17626700864023452.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:04:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:48 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:04:48 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:04:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.86.135 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=2024 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:04:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27003 SEQ=1 Nov 9 12:04:52 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 12:04:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3641 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:04:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50025 SEQ=1 Nov 9 12:04:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50025 SEQ=1 Nov 9 12:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42493 SEQ=1 Nov 9 12:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32847 SEQ=1 Nov 9 12:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39731 SEQ=1 Nov 9 12:04:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:04:55 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:04:55 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:04:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:04:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.84 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8276 PROTO=TCP SPT=46236 DPT=1201 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:04:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50611 PROTO=TCP SPT=56949 DPT=8521 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:05:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.126 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=26735 DF PROTO=TCP SPT=33532 DPT=32813 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:05:01 server83 systemd: Started Session 311526 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311528 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311529 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311527 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311531 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311532 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311534 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311530 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311535 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311533 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311536 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311537 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311539 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311538 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311541 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311540 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311542 of user root. Nov 9 12:05:01 server83 systemd: Started Session 311543 of user root. Nov 9 12:05:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17363 SEQ=1 Nov 9 12:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7582 SEQ=1 Nov 9 12:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31952 SEQ=1 Nov 9 12:05:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.126 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=26736 DF PROTO=TCP SPT=33532 DPT=32813 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31952 SEQ=1 Nov 9 12:05:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.126 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=17088 DF PROTO=TCP SPT=33534 DPT=32813 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:05:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.126 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=65478 DF PROTO=TCP SPT=33538 DPT=32813 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:05:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11213 SEQ=1 Nov 9 12:05:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.126 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=65479 DF PROTO=TCP SPT=33538 DPT=32813 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:05:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.128 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54233 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32112 PROTO=TCP SPT=45727 DPT=33009 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:05:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:05:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:05:09 server83 scripts.sh: Sun Nov 9 12:05:09 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 12:05:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3633 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:05:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26146 PROTO=TCP SPT=49956 DPT=28922 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:05:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.35.41 DST=145.239.177.179 LEN=60 TOS=0x14 PREC=0x00 TTL=51 ID=20353 DF PROTO=TCP SPT=7606 DPT=8880 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56859 SEQ=1 Nov 9 12:05:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64575 SEQ=1 Nov 9 12:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23457 SEQ=1 Nov 9 12:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56859 SEQ=1 Nov 9 12:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21641 SEQ=1 Nov 9 12:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35097 SEQ=1 Nov 9 12:05:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46898 PROTO=TCP SPT=48482 DPT=6004 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30781 SEQ=1 Nov 9 12:05:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36958 PROTO=TCP SPT=45727 DPT=32610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:05:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26055 PROTO=TCP SPT=38024 DPT=8470 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52404 PROTO=TCP SPT=39017 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.152.221.92 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0xA0 TTL=44 ID=22636 DF PROTO=TCP SPT=60470 DPT=2222 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:05:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52405 PROTO=TCP SPT=39017 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13776 PROTO=TCP SPT=63318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52406 PROTO=TCP SPT=39017 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27877 SEQ=1 Nov 9 12:05:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13777 PROTO=TCP SPT=63318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62744 SEQ=1 Nov 9 12:05:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13779 PROTO=TCP SPT=63318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=13780 PROTO=TCP SPT=63318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:05:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.152.221.92 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0xA0 TTL=44 ID=22638 DF PROTO=TCP SPT=60470 DPT=2222 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:05:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60062 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62744 SEQ=1 Nov 9 12:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14630 SEQ=1 Nov 9 12:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2571 SEQ=1 Nov 9 12:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10829 SEQ=1 Nov 9 12:05:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13256 DF PROTO=TCP SPT=49765 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2571 SEQ=1 Nov 9 12:05:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:05:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61304 PROTO=TCP SPT=47906 DPT=5461 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13257 DF PROTO=TCP SPT=49765 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:05:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13258 DF PROTO=TCP SPT=49765 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:05:44 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 12:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17616 PROTO=TCP SPT=45347 DPT=7785 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13259 DF PROTO=TCP SPT=49765 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:05:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9144 PROTO=TCP SPT=46370 DPT=1715 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52699 SEQ=1 Nov 9 12:05:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47023 PROTO=TCP SPT=59436 DPT=4740 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41703 SEQ=1 Nov 9 12:05:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12847 SEQ=1 Nov 9 12:05:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57797 DPT=31337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37669 SEQ=1 Nov 9 12:05:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.62 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52689 DPT=8116 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61138 SEQ=1 Nov 9 12:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62141 SEQ=1 Nov 9 12:05:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=13260 DF PROTO=TCP SPT=49765 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:05:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.253 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9924 DF PROTO=TCP SPT=33070 DPT=9615 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:05:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.124 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=37973 PROTO=TCP SPT=39618 DPT=2060 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:06:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62395 SEQ=1 Nov 9 12:06:01 server83 systemd: Started Session 311544 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311545 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311546 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311547 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311549 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311548 of user root. Nov 9 12:06:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:06:01 server83 systemd: Started Session 311550 of user accentri. Nov 9 12:06:01 server83 systemd: Started Session 311552 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311553 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311551 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311554 of user root. Nov 9 12:06:01 server83 systemd: Started Session 311555 of user accentri. Nov 9 12:06:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26097 SEQ=1 Nov 9 12:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5887 SEQ=1 Nov 9 12:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33029 SEQ=1 Nov 9 12:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45576 SEQ=1 Nov 9 12:06:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25753 PROTO=TCP SPT=46235 DPT=19580 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:06:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10721 SEQ=1 Nov 9 12:06:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.105.44 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=53023 PROTO=TCP SPT=57048 DPT=5357 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:06:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:06:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.233 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=50441 DF PROTO=TCP SPT=10696 DPT=8083 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:06:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.15.85.154 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=56366 DPT=30003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2830 SEQ=1 Nov 9 12:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34064 SEQ=1 Nov 9 12:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34640 SEQ=1 Nov 9 12:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1092 SEQ=1 Nov 9 12:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58289 SEQ=1 Nov 9 12:06:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46449 PROTO=TCP SPT=45727 DPT=32406 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:06:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3640 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:06:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64807 PROTO=TCP SPT=46370 DPT=1834 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:06:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.154 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=20122 PROTO=TCP SPT=7530 DPT=4840 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:06:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1493 SEQ=1 Nov 9 12:06:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.29.24.16 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=64443 PROTO=TCP SPT=35512 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:06:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.5 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53501 DPT=45672 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:06:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:06:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32142 SEQ=1 Nov 9 12:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21468 SEQ=1 Nov 9 12:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1493 SEQ=1 Nov 9 12:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35882 SEQ=1 Nov 9 12:06:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54547 PROTO=TCP SPT=43710 DPT=4725 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:06:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46104 PROTO=TCP SPT=49956 DPT=27847 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:06:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55659 SEQ=1 Nov 9 12:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49068 SEQ=1 Nov 9 12:06:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64605 PROTO=TCP SPT=49956 DPT=26210 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:06:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=16588 PROTO=TCP SPT=8238 DPT=2456 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49938 SEQ=1 Nov 9 12:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35041 SEQ=1 Nov 9 12:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27772 SEQ=1 Nov 9 12:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55659 SEQ=1 Nov 9 12:06:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.20.76 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49837 DPT=8883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:06:57 server83 aibolit_wrapper[6298]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626702172904418.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626702172905548.txt --log=/tmp/malware_cleaner_log_17626702172906820.txt --progress=/tmp/malware_cleaner_progress_17626702172906460.json --csv_result=/tmp/revisium_csvfile_17626702172906628.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:06:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3639 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:07:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:07:01 server83 systemd: Started Session 311556 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311559 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311558 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311560 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311561 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311564 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311557 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311563 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311562 of user root. Nov 9 12:07:01 server83 systemd: Started Session 311565 of user root. Nov 9 12:07:01 server83 aibolit_wrapper[6842]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626702215433858.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626702215435730.txt --log=/tmp/malware_cleaner_log_17626702215437730.txt --progress=/tmp/malware_cleaner_progress_17626702215437178.json --csv_result=/tmp/revisium_csvfile_17626702215437426.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23897 SEQ=1 Nov 9 12:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65514 SEQ=1 Nov 9 12:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3638 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39521 SEQ=1 Nov 9 12:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41247 SEQ=1 Nov 9 12:07:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.71.23.93 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=1103 PROTO=TCP SPT=61002 DPT=1133 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13264 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13265 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:07 server83 aibolit_wrapper[7522]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626702276325924.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626702276327264.txt --log=/tmp/malware_cleaner_log_17626702276328716.txt --progress=/tmp/malware_cleaner_progress_17626702276328368.json --csv_result=/tmp/revisium_csvfile_17626702276328536.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42138 SEQ=1 Nov 9 12:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65514 SEQ=1 Nov 9 12:07:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13266 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13267 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:13 server83 aibolit_wrapper[8333]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626702338272032.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626702338275180.txt --progress=/tmp/malware_cleaner_progress_17626702338274800.json --csv_result=/tmp/revisium_csvfile_17626702338274966.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:07:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.41 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56350 DPT=45996 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:07:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1054 SEQ=1 Nov 9 12:07:17 server83 systemd: Started Session c2877 of user root. Nov 9 12:07:17 server83 scripts.sh: Load Average: 3.07 , 3.10 Nov 9 12:07:17 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 12:07:17 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 12:07:17 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 12:07:17 server83 scripts.sh: HTTPD Status: inactive Nov 9 12:07:17 server83 scripts.sh: MySQL Status: active Nov 9 12:07:17 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 12:07:17 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 12:07:17 server83 scripts.sh: SSHD Status: active Nov 9 12:07:17 server83 scripts.sh: FTP Status: active Nov 9 12:07:17 server83 scripts.sh: LiteSpeed Status: Active Nov 9 12:07:17 server83 scripts.sh: Imunify Status: Active Nov 9 12:07:17 server83 scripts.sh: cPanel Status: active Nov 9 12:07:17 server83 scripts.sh: Memory Status: 12/31 GB - 39.77% Nov 9 12:07:17 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 12:07:17 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 12:07:17 server83 scripts.sh: Local Version: 4.4.5 Nov 9 12:07:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14183 SEQ=1 Nov 9 12:07:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40083 SEQ=1 Nov 9 12:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13268 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=581 SEQ=1 Nov 9 12:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57516 SEQ=1 Nov 9 12:07:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=34346 PROTO=TCP SPT=59419 DPT=19448 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:07:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65024 SEQ=1 Nov 9 12:07:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24012 PROTO=TCP SPT=59444 DPT=8206 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:07:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39144 PROTO=TCP SPT=53857 DPT=44341 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:07:34 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:07:34 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46201 SEQ=1 Nov 9 12:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13269 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38362 SEQ=1 Nov 9 12:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35894 SEQ=1 Nov 9 12:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27384 SEQ=1 Nov 9 12:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55593 SEQ=1 Nov 9 12:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43907 SEQ=1 Nov 9 12:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15794 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15795 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15796 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:44 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 12:07:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15797 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2413 SEQ=1 Nov 9 12:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1162 SEQ=1 Nov 9 12:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1162 SEQ=1 Nov 9 12:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23266 SEQ=1 Nov 9 12:07:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.32 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=26304 PROTO=TCP SPT=12131 DPT=1891 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60505 SEQ=1 Nov 9 12:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16041 SEQ=1 Nov 9 12:07:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15798 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:07:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:07:57 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:08:01 server83 systemd: Started Session 311566 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311567 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311569 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311568 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311572 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311573 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311571 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311570 of user root. Nov 9 12:08:01 server83 systemd: Started Session 311576 of user root. Nov 9 12:08:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:08:01 server83 systemd: Started Session 311574 of user accentri. Nov 9 12:08:01 server83 systemd: Started Session 311575 of user accentri. Nov 9 12:08:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:08:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58607 SEQ=1 Nov 9 12:08:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20152 PROTO=TCP SPT=46360 DPT=39454 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36973 SEQ=1 Nov 9 12:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11256 SEQ=1 Nov 9 12:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50499 SEQ=1 Nov 9 12:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10264 SEQ=1 Nov 9 12:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35082 SEQ=1 Nov 9 12:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13270 DF PROTO=TCP SPT=52082 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15799 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:08:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13493 PROTO=TCP SPT=49956 DPT=26163 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52999 PROTO=TCP SPT=39087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53000 PROTO=TCP SPT=39087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12874 PROTO=TCP SPT=37015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=53001 PROTO=TCP SPT=39087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12875 PROTO=TCP SPT=37015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 12:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 12:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12876 PROTO=TCP SPT=37015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6907 SEQ=1 Nov 9 12:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56079 SEQ=1 Nov 9 12:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36158 SEQ=1 Nov 9 12:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=371 SEQ=1 Nov 9 12:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56079 SEQ=1 Nov 9 12:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=12878 PROTO=TCP SPT=37015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:08:24 server83 aibolit_wrapper[16366]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626703043324888.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626703043326624.txt --log=/tmp/malware_cleaner_log_17626703043328064.txt --progress=/tmp/malware_cleaner_progress_17626703043327708.json --csv_result=/tmp/revisium_csvfile_17626703043327854.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:08:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17745 SEQ=1 Nov 9 12:08:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=11073 DPT=8008 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:08:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29136 DF PROTO=TCP SPT=37690 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:08:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=115.231.78.15 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=0 PROTO=TCP SPT=8529 DPT=8081 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39333 SEQ=1 Nov 9 12:08:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42147 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29137 DF PROTO=TCP SPT=37690 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:08:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49824 SEQ=1 Nov 9 12:08:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47651 SEQ=1 Nov 9 12:08:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57179 SEQ=1 Nov 9 12:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26646 SEQ=1 Nov 9 12:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54541 SEQ=1 Nov 9 12:08:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=5523 PROTO=TCP SPT=1821 DPT=2701 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12098 PROTO=TCP SPT=49956 DPT=26978 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:08:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15800 DF PROTO=TCP SPT=56072 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:08:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:08:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:08:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21398 SEQ=1 Nov 9 12:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29138 DF PROTO=TCP SPT=37690 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:08:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50612 PROTO=TCP SPT=45727 DPT=32846 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62753 SEQ=1 Nov 9 12:08:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47979 SEQ=1 Nov 9 12:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44762 SEQ=1 Nov 9 12:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43997 SEQ=1 Nov 9 12:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43997 SEQ=1 Nov 9 12:08:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.201.33 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=40112 PROTO=TCP SPT=42547 DPT=27017 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4606] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4609] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4610] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4612] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4621] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4623] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:08:59 server83 NetworkManager[922]: <info> [1762670339.4632] dhcp4 (eth1): dhclient started with pid 19723 Nov 9 12:08:59 server83 dhclient[19723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x5fd59c11) Nov 9 12:09:00 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=154.8.54.34 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=44 ID=18498 PROTO=UDP SPT=40788 DPT=37763 LEN=520 Nov 9 12:09:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50225 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:09:01 server83 systemd: Started Session 311578 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311579 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311581 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311580 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311577 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311584 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311585 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311583 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311586 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311587 of user root. Nov 9 12:09:01 server83 systemd: Started Session 311582 of user root. Nov 9 12:09:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=61499 PROTO=TCP SPT=48162 DPT=40454 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21149 SEQ=1 Nov 9 12:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43722 SEQ=1 Nov 9 12:09:04 server83 dhclient[19723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x5fd59c11) Nov 9 12:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54565 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61888 SEQ=1 Nov 9 12:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49078 SEQ=1 Nov 9 12:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54566 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.130 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=31970 PROTO=TCP SPT=53980 DPT=1883 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:09:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11151 SEQ=1 Nov 9 12:09:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43995 SEQ=1 Nov 9 12:09:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43995 SEQ=1 Nov 9 12:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54567 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3632 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54568 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:15 server83 dhclient[19723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5fd59c11) Nov 9 12:09:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:09:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:09:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:09:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3631 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46147 SEQ=1 Nov 9 12:09:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:09:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58290 SEQ=1 Nov 9 12:09:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42319 PROTO=TCP SPT=57143 DPT=8618 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:09:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53429 SEQ=1 Nov 9 12:09:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46147 SEQ=1 Nov 9 12:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54569 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:23 server83 dhclient[19723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x5fd59c11) Nov 9 12:09:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18525 SEQ=1 Nov 9 12:09:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11947 SEQ=1 Nov 9 12:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29139 DF PROTO=TCP SPT=37690 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=58343 PROTO=TCP SPT=55975 DPT=7604 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:09:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.225 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=35188 DF PROTO=TCP SPT=32824 DPT=8082 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:09:31 server83 aibolit_wrapper[22779]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626703710633294.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626703710634684.txt --log=/tmp/malware_cleaner_log_17626703710635828.txt --progress=/tmp/malware_cleaner_progress_17626703710635514.json --csv_result=/tmp/revisium_csvfile_17626703710635654.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:09:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59790 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:09:36 server83 aibolit_wrapper[23353]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626703763672206.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626703763673768.txt --log=/tmp/malware_cleaner_log_17626703763675378.txt --progress=/tmp/malware_cleaner_progress_17626703763674926.json --csv_result=/tmp/revisium_csvfile_17626703763675134.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49561 SEQ=1 Nov 9 12:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19117 SEQ=1 Nov 9 12:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54620 SEQ=1 Nov 9 12:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19377 SEQ=1 Nov 9 12:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54570 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=53689 PROTO=TCP SPT=46376 DPT=43673 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19377 SEQ=1 Nov 9 12:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61206 SEQ=1 Nov 9 12:09:39 server83 dhclient[19723]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x5fd59c11) Nov 9 12:09:40 server83 pam_imunify_daemon.bin: time="2025-11-09T12:09:40+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 12:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18344 DF PROTO=TCP SPT=54096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:41 server83 aibolit_wrapper[23908]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626703818061820.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626703818065174.txt --progress=/tmp/malware_cleaner_progress_17626703818064778.json --csv_result=/tmp/revisium_csvfile_17626703818064976.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18345 DF PROTO=TCP SPT=54096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19372 PROTO=TCP SPT=45727 DPT=31404 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:09:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52057 PROTO=TCP SPT=46370 DPT=3163 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21339 PROTO=TCP SPT=33907 DPT=4196 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:09:44 server83 NetworkManager[922]: <warn> [1762670384.4513] dhcp4 (eth1): request timed out Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19723 Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4677] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:09:44 server83 NetworkManager[922]: <warn> [1762670384.4683] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4686] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4719] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4724] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4725] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4729] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4740] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4744] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:09:44 server83 NetworkManager[922]: <info> [1762670384.4757] dhcp4 (eth1): dhclient started with pid 24178 Nov 9 12:09:44 server83 dhclient[24178]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x2b1a5e13) Nov 9 12:09:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:09:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:09:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:09:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18347 DF PROTO=TCP SPT=54096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:50 server83 dhclient[24178]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2b1a5e13) Nov 9 12:09:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.92.27.179 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58443 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20373 SEQ=1 Nov 9 12:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35630 SEQ=1 Nov 9 12:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49693 SEQ=1 Nov 9 12:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35630 SEQ=1 Nov 9 12:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18348 DF PROTO=TCP SPT=54096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:09:56 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:09:56 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:09:56 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:09:57 server83 dhclient[24178]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x2b1a5e13) Nov 9 12:09:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:10:01 server83 systemd: Started Session 311590 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311592 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311589 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311593 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311591 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311588 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311594 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311595 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311597 of user root. Nov 9 12:10:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:10:01 server83 systemd: Started Session 311600 of user accentri. Nov 9 12:10:01 server83 systemd: Started Session 311596 of user accentri. Nov 9 12:10:01 server83 systemd: Started Session 311603 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311599 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311598 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311604 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311601 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311605 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311602 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311607 of user root. Nov 9 12:10:01 server83 systemd: Started Session 311606 of user root. Nov 9 12:10:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:10:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52832 PROTO=TCP SPT=44377 DPT=6226 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:10:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35599 SEQ=1 Nov 9 12:10:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47095 SEQ=1 Nov 9 12:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61416 SEQ=1 Nov 9 12:10:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2777 SEQ=1 Nov 9 12:10:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.62 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=42871 PROTO=TCP SPT=55547 DPT=5101 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:10:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58278 SEQ=1 Nov 9 12:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61416 SEQ=1 Nov 9 12:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14962 SEQ=1 Nov 9 12:10:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24035 PROTO=TCP SPT=46376 DPT=43000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:10:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.111 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49619 DPT=9341 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:10:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=8880 PROTO=TCP SPT=60232 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=8881 PROTO=TCP SPT=60232 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:11 server83 dhclient[24178]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x2b1a5e13) Nov 9 12:10:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54571 DF PROTO=TCP SPT=42148 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=32568 PROTO=TCP SPT=51925 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=32569 PROTO=TCP SPT=51925 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.104.47 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58262 DPT=5101 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:10:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=32570 PROTO=TCP SPT=51925 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=8884 PROTO=TCP SPT=60232 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=32571 PROTO=TCP SPT=51925 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=32572 PROTO=TCP SPT=51925 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=39702 PROTO=TCP SPT=38246 DPT=407 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:10:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=85.5.79.225 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=15683 PROTO=TCP SPT=59946 DPT=85 WINDOW=1300 RES=0x00 SYN URGP=0 Nov 9 12:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64220 SEQ=1 Nov 9 12:10:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46301 SEQ=1 Nov 9 12:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56087 SEQ=1 Nov 9 12:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49103 DF PROTO=TCP SPT=38862 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10597 SEQ=1 Nov 9 12:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49104 DF PROTO=TCP SPT=38862 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14880 SEQ=1 Nov 9 12:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49105 DF PROTO=TCP SPT=38862 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26892 SEQ=1 Nov 9 12:10:25 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:10:25 server83 systemd: Stopped Status Update Service. Nov 9 12:10:25 server83 systemd: Started Status Update Service. Nov 9 12:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49106 DF PROTO=TCP SPT=38862 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:29 server83 NetworkManager[922]: <warn> [1762670429.4503] dhcp4 (eth1): request timed out Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24178 Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:10:29 server83 NetworkManager[922]: <warn> [1762670429.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4709] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4717] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4727] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4729] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:10:29 server83 NetworkManager[922]: <info> [1762670429.4742] dhcp4 (eth1): dhclient started with pid 28831 Nov 9 12:10:29 server83 dhclient[28831]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x4ae53a28) Nov 9 12:10:30 server83 aibolit_wrapper[28916]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626704301892150.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626704301893614.txt --log=/tmp/malware_cleaner_log_17626704301896936.txt --progress=/tmp/malware_cleaner_progress_17626704301896670.json --csv_result=/tmp/revisium_csvfile_17626704301896796.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38867 SEQ=1 Nov 9 12:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.81.246.26 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=22 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=12 SEQ=14815 Nov 9 12:10:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52015 SEQ=1 Nov 9 12:10:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7416 PROTO=TCP SPT=49037 DPT=39287 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:10:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40180 PROTO=TCP SPT=49956 DPT=29693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35096 SEQ=1 Nov 9 12:10:34 server83 dhclient[28831]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x4ae53a28) Nov 9 12:10:35 server83 aibolit_wrapper[29476]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626704358388006.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626704358389282.txt --log=/tmp/malware_cleaner_log_17626704358390684.txt --progress=/tmp/malware_cleaner_progress_17626704358390376.json --csv_result=/tmp/revisium_csvfile_17626704358390534.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49107 DF PROTO=TCP SPT=38862 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9491 SEQ=1 Nov 9 12:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14908 SEQ=1 Nov 9 12:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20323 SEQ=1 Nov 9 12:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64909 SEQ=1 Nov 9 12:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52015 SEQ=1 Nov 9 12:10:40 server83 aibolit_wrapper[29884]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626704401409236.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626704401410118.txt --log=/tmp/malware_cleaner_log_17626704401411360.txt --progress=/tmp/malware_cleaner_progress_17626704401410954.json --csv_result=/tmp/revisium_csvfile_17626704401411128.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:10:40 server83 dhclient[28831]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x4ae53a28) Nov 9 12:10:44 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:10:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36269 SEQ=1 Nov 9 12:10:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7634 SEQ=1 Nov 9 12:10:46 server83 aibolit_wrapper[30461]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626704463723772.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626704463725250.txt --log=/tmp/malware_cleaner_log_17626704463726882.txt --progress=/tmp/malware_cleaner_progress_17626704463726458.json --csv_result=/tmp/revisium_csvfile_17626704463726646.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:10:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48925 SEQ=1 Nov 9 12:10:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18350 DF PROTO=TCP SPT=54096 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:10:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:10:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22345 SEQ=1 Nov 9 12:10:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.73 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40442 DPT=1200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:10:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.49 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53424 DPT=9444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:10:51 server83 aibolit_wrapper[31019]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626704517569712.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626704517570818.txt --log=/tmp/malware_cleaner_log_17626704517571998.txt --progress=/tmp/malware_cleaner_progress_17626704517571722.json --csv_result=/tmp/revisium_csvfile_17626704517571846.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3630 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49108 DF PROTO=TCP SPT=38862 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:10:55 server83 aibolit_wrapper[31405]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626704559706812.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626704559710068.txt --progress=/tmp/malware_cleaner_progress_17626704559709650.json --csv_result=/tmp/revisium_csvfile_17626704559709856.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:10:57 server83 dhclient[28831]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4ae53a28) Nov 9 12:11:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24689 PROTO=TCP SPT=47867 DPT=20256 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:11:01 server83 systemd: Started Session 311608 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311609 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311610 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311612 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311613 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311611 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311614 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311615 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311616 of user root. Nov 9 12:11:01 server83 systemd: Started Session 311617 of user root. Nov 9 12:11:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33380 SEQ=1 Nov 9 12:11:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37773 SEQ=1 Nov 9 12:11:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50347 SEQ=1 Nov 9 12:11:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10625 SEQ=1 Nov 9 12:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62667 SEQ=1 Nov 9 12:11:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.244.55.22 DST=51.210.113.204 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=32144 DF PROTO=TCP SPT=40317 DPT=853 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:11:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.244.55.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=32145 DF PROTO=TCP SPT=40317 DPT=853 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:11:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3637 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24330 SEQ=1 Nov 9 12:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26373 DF PROTO=TCP SPT=58032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37773 SEQ=1 Nov 9 12:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26374 DF PROTO=TCP SPT=58032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=53348 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50027 DPT=9987 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:11:12 server83 dhclient[28831]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x4ae53a28) Nov 9 12:11:14 server83 NetworkManager[922]: <warn> [1762670474.4502] dhcp4 (eth1): request timed out Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4502] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4581] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28831 Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4581] dhcp4 (eth1): state changed timeout -> done Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:11:14 server83 NetworkManager[922]: <warn> [1762670474.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4622] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4626] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4627] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4630] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4640] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4642] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:11:14 server83 NetworkManager[922]: <info> [1762670474.4654] dhcp4 (eth1): dhclient started with pid 725 Nov 9 12:11:14 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x139b3f01) Nov 9 12:11:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57437 DF PROTO=TCP SPT=56303 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:11:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57438 DF PROTO=TCP SPT=56303 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26376 DF PROTO=TCP SPT=58032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:17 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x139b3f01) Nov 9 12:11:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29096 SEQ=1 Nov 9 12:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23797 SEQ=1 Nov 9 12:11:20 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x139b3f01) Nov 9 12:11:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63698 SEQ=1 Nov 9 12:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27867 SEQ=1 Nov 9 12:11:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3629 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:11:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57440 DF PROTO=TCP SPT=56303 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:11:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12927 SEQ=1 Nov 9 12:11:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=63267 PROTO=TCP SPT=59419 DPT=37399 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50784 SEQ=1 Nov 9 12:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27867 SEQ=1 Nov 9 12:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26377 DF PROTO=TCP SPT=58032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:28 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x139b3f01) Nov 9 12:11:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57441 DF PROTO=TCP SPT=56303 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:11:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3628 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23440 SEQ=1 Nov 9 12:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53244 SEQ=1 Nov 9 12:11:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18528 SEQ=1 Nov 9 12:11:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19346 PROTO=TCP SPT=33414 DPT=5466 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:11:38 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x139b3f01) Nov 9 12:11:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65532 SEQ=1 Nov 9 12:11:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18528 SEQ=1 Nov 9 12:11:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56746 SEQ=1 Nov 9 12:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26378 DF PROTO=TCP SPT=58032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16532 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16533 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16534 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:11:49 server83 dhclient[725]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x139b3f01) Nov 9 12:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16535 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:51 server83 aibolit_wrapper[1475]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626705116722248.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626705116723948.txt --log=/tmp/malware_cleaner_log_17626705116725574.txt --progress=/tmp/malware_cleaner_progress_17626705116725044.json --csv_result=/tmp/revisium_csvfile_17626705116725268.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:11:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63184 PROTO=TCP SPT=59779 DPT=8469 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:11:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11336 SEQ=1 Nov 9 12:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5547 SEQ=1 Nov 9 12:11:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=49.0.204.0 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=24494 DF PROTO=ICMP TYPE=8 CODE=0 ID=6722 SEQ=28512 Nov 9 12:11:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32292 SEQ=1 Nov 9 12:11:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22975 PROTO=TCP SPT=33871 DPT=5515 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16536 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:11:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.8.177 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=46 ID=24142 DF PROTO=TCP SPT=25166 DPT=5000 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:11:59 server83 NetworkManager[922]: <warn> [1762670519.4503] dhcp4 (eth1): request timed out Nov 9 12:11:59 server83 NetworkManager[922]: <info> [1762670519.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:11:59 server83 NetworkManager[922]: <info> [1762670519.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 725 Nov 9 12:11:59 server83 NetworkManager[922]: <info> [1762670519.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 12:11:59 server83 NetworkManager[922]: <info> [1762670519.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:11:59 server83 NetworkManager[922]: <warn> [1762670519.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:11:59 server83 NetworkManager[922]: <info> [1762670519.4671] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:12:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:12:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:12:01 server83 systemd: Started Session 311618 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311619 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311620 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311621 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311622 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311624 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311623 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311625 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311626 of user root. Nov 9 12:12:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:12:01 server83 systemd: Started Session 311627 of user accentri. Nov 9 12:12:01 server83 systemd: Started Session 311628 of user root. Nov 9 12:12:01 server83 systemd: Started Session 311629 of user accentri. Nov 9 12:12:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61015 SEQ=1 Nov 9 12:12:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54167 SEQ=1 Nov 9 12:12:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50262 SEQ=1 Nov 9 12:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=55757 DF PROTO=ICMP TYPE=8 CODE=0 ID=3706 SEQ=48459 Nov 9 12:12:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3636 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12173 SEQ=1 Nov 9 12:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65515 SEQ=1 Nov 9 12:12:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26379 DF PROTO=TCP SPT=58032 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16537 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24142 SEQ=1 Nov 9 12:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65267 SEQ=1 Nov 9 12:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53409 SEQ=1 Nov 9 12:12:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26279 SEQ=1 Nov 9 12:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62125 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62126 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62127 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62128 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2185 SEQ=1 Nov 9 12:12:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3635 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:12:32 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 12:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20876 SEQ=1 Nov 9 12:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45253 SEQ=1 Nov 9 12:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17500 SEQ=1 Nov 9 12:12:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33068 SEQ=1 Nov 9 12:12:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=8585 PROTO=TCP SPT=50015 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:12:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53296 SEQ=1 Nov 9 12:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.19 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54940 DPT=9192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62129 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2242 PROTO=TCP SPT=49053 DPT=1522 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:12:44 server83 imunify360-php-daemon[734]: circuit breaker is open Nov 9 12:12:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:12:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16538 DF PROTO=TCP SPT=43608 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.153 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=48425 PROTO=TCP SPT=36876 DPT=81 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12383 SEQ=1 Nov 9 12:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24518 SEQ=1 Nov 9 12:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16938 SEQ=1 Nov 9 12:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4780 SEQ=1 Nov 9 12:12:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55733 PROTO=TCP SPT=58530 DPT=6959 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:12:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11941 SEQ=1 Nov 9 12:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62130 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:12:57 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.29.142.68 DST=51.210.113.204 LEN=36 TOS=0x00 PREC=0x00 TTL=41 ID=28016 DF PROTO=UDP SPT=19318 DPT=19318 LEN=16 Nov 9 12:12:59 server83 aibolit_wrapper[3117]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626705794787424.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626705794789056.txt --log=/tmp/malware_cleaner_log_17626705794790780.txt --progress=/tmp/malware_cleaner_progress_17626705794790376.json --csv_result=/tmp/revisium_csvfile_17626705794790540.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:13:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:13:01 server83 systemd: Started Session 311632 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311630 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311633 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311631 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311637 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311634 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311636 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311635 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311638 of user root. Nov 9 12:13:01 server83 systemd: Started Session 311639 of user root. Nov 9 12:13:01 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 12:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57442 DF PROTO=TCP SPT=58940 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:13:05 server83 aibolit_wrapper[3431]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626705856950750.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626705856953856.txt --progress=/tmp/malware_cleaner_progress_17626705856953446.json --csv_result=/tmp/revisium_csvfile_17626705856953616.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57443 DF PROTO=TCP SPT=58940 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:13:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8974 SEQ=1 Nov 9 12:13:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54742 SEQ=1 Nov 9 12:13:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25235 SEQ=1 Nov 9 12:13:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57444 DF PROTO=TCP SPT=58940 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:13:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=48039 PROTO=TCP SPT=56960 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:13:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24399 SEQ=1 Nov 9 12:13:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64525 SEQ=1 Nov 9 12:13:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=48040 PROTO=TCP SPT=56960 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:13:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13045 SEQ=1 Nov 9 12:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22540 PROTO=TCP SPT=35953 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=48041 PROTO=TCP SPT=56960 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:13:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=22541 PROTO=TCP SPT=35953 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:13:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.241 DST=51.210.113.204 LEN=655 TOS=0x00 PREC=0x00 TTL=35 ID=4321 PROTO=UDP SPT=38801 DPT=14827 LEN=635 Nov 9 12:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12792 DF PROTO=TCP SPT=47124 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12793 DF PROTO=TCP SPT=47124 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=57889 DF PROTO=ICMP TYPE=8 CODE=0 ID=30744 SEQ=59225 Nov 9 12:13:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60217 SEQ=1 Nov 9 12:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12794 DF PROTO=TCP SPT=47124 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55476 PROTO=TCP SPT=42111 DPT=2550 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:13:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20703 SEQ=1 Nov 9 12:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3998 SEQ=1 Nov 9 12:13:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11681 SEQ=1 Nov 9 12:13:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.160 DST=145.239.177.179 LEN=53 TOS=0x00 PREC=0x00 TTL=48 ID=43312 PROTO=UDP SPT=42681 DPT=27016 LEN=33 Nov 9 12:13:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:13:25 server83 pam_imunify_daemon.bin: time="2025-11-09T12:13:25+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 12:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35441 PROTO=TCP SPT=51312 DPT=6943 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12795 DF PROTO=TCP SPT=47124 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62131 DF PROTO=TCP SPT=52502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.183.149.228 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=35817 DPT=9876 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:13:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=9177 PROTO=TCP SPT=49053 DPT=31075 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33525 SEQ=1 Nov 9 12:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57872 SEQ=1 Nov 9 12:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64938 SEQ=1 Nov 9 12:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16704 SEQ=1 Nov 9 12:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7380 SEQ=1 Nov 9 12:13:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.202.118.16 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=40956 PROTO=TCP SPT=58828 DPT=8040 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:13:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.189 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=53856 DPT=16464 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12796 DF PROTO=TCP SPT=47124 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64414 DF PROTO=TCP SPT=33774 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.45 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2024 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:13:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64415 DF PROTO=TCP SPT=33774 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64416 DF PROTO=TCP SPT=33774 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31398 SEQ=1 Nov 9 12:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16003 SEQ=1 Nov 9 12:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64417 DF PROTO=TCP SPT=33774 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12483 SEQ=1 Nov 9 12:13:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.32 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41920 DPT=5443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:13:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=49709 PROTO=TCP SPT=53857 DPT=44314 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64418 DF PROTO=TCP SPT=33774 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:01 server83 systemd: Started Session 311640 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311642 of user root. Nov 9 12:14:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:14:01 server83 systemd: Started Session 311641 of user accentri. Nov 9 12:14:01 server83 systemd: Started Session 311644 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311643 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311645 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311647 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311646 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311649 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311650 of user root. Nov 9 12:14:01 server83 systemd: Started Session 311648 of user accentri. Nov 9 12:14:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44781 SEQ=1 Nov 9 12:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35425 SEQ=1 Nov 9 12:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26322 SEQ=1 Nov 9 12:14:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23899 SEQ=1 Nov 9 12:14:08 server83 aibolit_wrapper[5379]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626706489721734.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626706489722776.txt --log=/tmp/malware_cleaner_log_17626706489723794.txt --progress=/tmp/malware_cleaner_progress_17626706489723534.json --csv_result=/tmp/revisium_csvfile_17626706489723642.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29731 SEQ=1 Nov 9 12:14:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57447 DF PROTO=TCP SPT=60478 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57448 DF PROTO=TCP SPT=60478 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57449 DF PROTO=TCP SPT=60478 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.148.10.73 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=7228 PROTO=TCP SPT=59419 DPT=28509 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:14:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.24 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54702 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.218 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55844 DPT=11555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=46483 PROTO=TCP SPT=56033 DPT=7707 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57450 DF PROTO=TCP SPT=60478 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=903 SEQ=1 Nov 9 12:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51406 SEQ=1 Nov 9 12:14:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18987 SEQ=1 Nov 9 12:14:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46640 SEQ=1 Nov 9 12:14:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=903 SEQ=1 Nov 9 12:14:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7793 SEQ=1 Nov 9 12:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=400 SEQ=1 Nov 9 12:14:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:14:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=49 TOS=0x00 PREC=0x00 TTL=50 ID=24627 PROTO=UDP SPT=60063 DPT=5683 LEN=29 Nov 9 12:14:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57451 DF PROTO=TCP SPT=60478 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37012 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37013 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37014 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37015 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54130 SEQ=1 Nov 9 12:14:35 server83 aibolit_wrapper[5885]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626706752955150.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626706752956646.txt --log=/tmp/malware_cleaner_log_17626706752958236.txt --progress=/tmp/malware_cleaner_progress_17626706752957862.json --csv_result=/tmp/revisium_csvfile_17626706752958030.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:14:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57452 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57453 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23299 SEQ=1 Nov 9 12:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=279 DF PROTO=ICMP TYPE=8 CODE=0 ID=39379 SEQ=1383 Nov 9 12:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59746 SEQ=1 Nov 9 12:14:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27532 SEQ=1 Nov 9 12:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.89 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34249 DPT=7443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57454 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=48980 PROTO=TCP SPT=53857 DPT=44354 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:14:39 server83 scripts.sh: Sun Nov 9 12:14:39 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 12:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.156 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=64781 DF PROTO=TCP SPT=21174 DPT=9669 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37016 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:42 server83 aibolit_wrapper[6106]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626706825107440.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626706825109114.txt --log=/tmp/malware_cleaner_log_17626706825110542.txt --progress=/tmp/malware_cleaner_progress_17626706825110164.json --csv_result=/tmp/revisium_csvfile_17626706825110324.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:14:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57455 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:14:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:14:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64420 DF PROTO=TCP SPT=33774 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=61468 PROTO=TCP SPT=52834 DPT=4756 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:14:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28854 SEQ=1 Nov 9 12:14:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57456 DF PROTO=TCP SPT=61062 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:14:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=11112 PROTO=TCP SPT=49037 DPT=31075 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12201 PROTO=TCP SPT=38874 DPT=26214 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37017 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:14:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19107 PROTO=TCP SPT=49956 DPT=25486 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:14:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.84 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56522 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:14:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.127.224.63 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=18925 PROTO=TCP SPT=41666 DPT=8040 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:15:00 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 12:15:01 server83 systemd: Started Session 311651 of user root. Nov 9 12:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:15:01 server83 systemd: Started Session 311653 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311654 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311655 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311657 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311658 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311652 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311660 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311663 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311659 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311662 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311661 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311656 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311664 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311666 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311667 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311665 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311668 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311669 of user root. Nov 9 12:15:01 server83 systemd: Started Session 311670 of user root. Nov 9 12:15:01 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:15:01 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:15:01 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:15:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42369 PROTO=TCP SPT=49956 DPT=25396 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58905 SEQ=1 Nov 9 12:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37505 SEQ=1 Nov 9 12:15:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54184 PROTO=TCP SPT=43622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60515 SEQ=1 Nov 9 12:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12993 SEQ=1 Nov 9 12:15:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54185 PROTO=TCP SPT=43622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20035 PROTO=TCP SPT=61154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54186 PROTO=TCP SPT=43622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20036 PROTO=TCP SPT=61154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54187 PROTO=TCP SPT=43622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20037 PROTO=TCP SPT=61154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=54188 PROTO=TCP SPT=43622 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26303 SEQ=1 Nov 9 12:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60339 SEQ=1 Nov 9 12:15:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38775 SEQ=1 Nov 9 12:15:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20039 PROTO=TCP SPT=61154 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:15:10 server83 aibolit_wrapper[7354]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626707107279326.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626707107280374.txt --log=/tmp/malware_cleaner_log_17626707107281212.txt --progress=/tmp/malware_cleaner_progress_17626707107280998.json --csv_result=/tmp/revisium_csvfile_17626707107281088.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25239 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25240 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:17 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.144.234.132 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=49 ID=31913 DF PROTO=UDP SPT=8701 DPT=5353 LEN=64 Nov 9 12:15:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25241 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:15:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.91.70.71 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54451 PROTO=TCP SPT=45432 DPT=8873 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:15:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9643 SEQ=1 Nov 9 12:15:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24997 SEQ=1 Nov 9 12:15:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11860 SEQ=1 Nov 9 12:15:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37395 SEQ=1 Nov 9 12:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25242 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9643 SEQ=1 Nov 9 12:15:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7000 SEQ=1 Nov 9 12:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=217.119.139.38 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2209 PROTO=TCP SPT=50285 DPT=4433 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3627 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:15:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62510 SEQ=1 Nov 9 12:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25243 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37018 DF PROTO=TCP SPT=36558 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24689 SEQ=1 Nov 9 12:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27479 SEQ=1 Nov 9 12:15:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.195 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52947 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:15:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:15:35 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:15:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9063 PROTO=TCP SPT=55114 DPT=7643 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:15:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58767 SEQ=1 Nov 9 12:15:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14505 SEQ=1 Nov 9 12:15:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36409 PROTO=TCP SPT=49956 DPT=25100 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:15:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.251 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=786 DF PROTO=TCP SPT=18066 DPT=9822 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:15:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:15:46 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:15:46 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:15:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:15:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25244 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48400 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24760 SEQ=1 Nov 9 12:15:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48401 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46901 SEQ=1 Nov 9 12:15:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44537 SEQ=1 Nov 9 12:15:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48402 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14355 PROTO=TCP SPT=56256 DPT=8009 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:15:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47957 SEQ=1 Nov 9 12:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48403 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=49625 PROTO=TCP SPT=33851 DPT=8140 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:16:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:16:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:16:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:16:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:16:01 server83 systemd: Started Session 311671 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311672 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311673 of user root. Nov 9 12:16:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:16:01 server83 systemd: Started Session 311674 of user accentri. Nov 9 12:16:01 server83 systemd: Started Session 311675 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311678 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311677 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311676 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311679 of user root. Nov 9 12:16:01 server83 systemd: Started Session 311680 of user accentri. Nov 9 12:16:01 server83 systemd: Started Session 311681 of user root. Nov 9 12:16:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26376 SEQ=1 Nov 9 12:16:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:16:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2222 PROTO=TCP SPT=49439 DPT=4996 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:16:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.225.32 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54548 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:16:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36310 PROTO=TCP SPT=45727 DPT=31090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:16:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57622 PROTO=TCP SPT=50395 DPT=42867 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48404 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:16:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:16:06 server83 aibolit_wrapper[8872]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626707663951922.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626707663953416.txt --log=/tmp/malware_cleaner_log_17626707663954954.txt --progress=/tmp/malware_cleaner_progress_17626707663954472.json --csv_result=/tmp/revisium_csvfile_17626707663954700.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47901 SEQ=1 Nov 9 12:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50720 SEQ=1 Nov 9 12:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40794 SEQ=1 Nov 9 12:16:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53632 PROTO=TCP SPT=40558 DPT=5337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:16:12 server83 aibolit_wrapper[9011]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626707725959122.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626707725961670.txt --progress=/tmp/malware_cleaner_progress_17626707725961328.json --csv_result=/tmp/revisium_csvfile_17626707725961478.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:16:15 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.22 DST=51.210.113.204 LEN=57 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=51788 DPT=427 LEN=37 Nov 9 12:16:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64180 SEQ=1 Nov 9 12:16:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=28346 PROTO=TCP SPT=41811 DPT=2795 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:16:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6670 SEQ=1 Nov 9 12:16:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19361 SEQ=1 Nov 9 12:16:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25245 DF PROTO=TCP SPT=52012 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3633 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48405 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:22 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64180 SEQ=1 Nov 9 12:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7369 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7370 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3626 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:16:31 server83 aibolit_wrapper[9466]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626707919605064.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626707919606668.txt --log=/tmp/malware_cleaner_log_17626707919608464.txt --progress=/tmp/malware_cleaner_progress_17626707919607858.json --csv_result=/tmp/revisium_csvfile_17626707919608106.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38439 SEQ=1 Nov 9 12:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7371 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65285 SEQ=1 Nov 9 12:16:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48713 SEQ=1 Nov 9 12:16:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.134 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=46357 PROTO=TCP SPT=35408 DPT=2108 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:16:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34834 SEQ=1 Nov 9 12:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37436 SEQ=1 Nov 9 12:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49808 SEQ=1 Nov 9 12:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7372 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52663 SEQ=1 Nov 9 12:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4267 SEQ=1 Nov 9 12:16:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=39423 PROTO=TCP SPT=50784 DPT=7636 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:16:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.16.39.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34398 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:16:45 server83 aibolit_wrapper[9764]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626708050654164.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626708050655472.txt --log=/tmp/malware_cleaner_log_17626708050656576.txt --progress=/tmp/malware_cleaner_progress_17626708050656274.json --csv_result=/tmp/revisium_csvfile_17626708050656400.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:16:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7373 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:16:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=60192 PROTO=TCP SPT=36446 DPT=6547 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:16:48 server83 systemd: Started Session c2878 of user root. Nov 9 12:16:48 server83 scripts.sh: Load Average: 2.45 , 2.53 Nov 9 12:16:48 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 12:16:48 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 12:16:48 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 12:16:48 server83 scripts.sh: HTTPD Status: inactive Nov 9 12:16:48 server83 scripts.sh: MySQL Status: active Nov 9 12:16:48 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 12:16:48 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 12:16:48 server83 scripts.sh: SSHD Status: active Nov 9 12:16:48 server83 scripts.sh: FTP Status: active Nov 9 12:16:48 server83 scripts.sh: LiteSpeed Status: Active Nov 9 12:16:48 server83 scripts.sh: Imunify Status: Active Nov 9 12:16:48 server83 scripts.sh: cPanel Status: active Nov 9 12:16:48 server83 scripts.sh: Memory Status: 12/31 GB - 39.90% Nov 9 12:16:48 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 12:16:48 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 12:16:48 server83 scripts.sh: Local Version: 4.4.5 Nov 9 12:16:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.70 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=60606 DF PROTO=TCP SPT=39420 DPT=47017 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4910 SEQ=1 Nov 9 12:16:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.70 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4535 DF PROTO=TCP SPT=39144 DPT=47017 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:16:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.70 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4536 DF PROTO=TCP SPT=39144 DPT=47017 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:16:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.70 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=1753 DF PROTO=TCP SPT=39148 DPT=47017 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43324 SEQ=1 Nov 9 12:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=908 SEQ=1 Nov 9 12:16:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.155.70 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=1754 DF PROTO=TCP SPT=39148 DPT=47017 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:16:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34117 SEQ=1 Nov 9 12:16:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48406 DF PROTO=TCP SPT=54832 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=124.198.132.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33503 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4490] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4496] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4497] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4501] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4512] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4515] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:16:59 server83 NetworkManager[922]: <info> [1762670819.4529] dhcp4 (eth1): dhclient started with pid 10156 Nov 9 12:16:59 server83 dhclient[10156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x2fec9250) Nov 9 12:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.158 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49866 DPT=29444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3625 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:17:01 server83 systemd: Started Session 311682 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311684 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311683 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311685 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311686 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311687 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311688 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311689 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311690 of user root. Nov 9 12:17:01 server83 systemd: Started Session 311691 of user root. Nov 9 12:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7374 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24623 SEQ=1 Nov 9 12:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55998 SEQ=1 Nov 9 12:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34632 SEQ=1 Nov 9 12:17:03 server83 dhclient[10156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2fec9250) Nov 9 12:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11304 SEQ=1 Nov 9 12:17:10 server83 dhclient[10156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x2fec9250) Nov 9 12:17:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.133 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51123 DPT=9712 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:17:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.193.225 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=4481 PROTO=TCP SPT=35019 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52276 SEQ=1 Nov 9 12:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29394 SEQ=1 Nov 9 12:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=40652 DF PROTO=ICMP TYPE=8 CODE=0 ID=3267 SEQ=2329 Nov 9 12:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12129 SEQ=1 Nov 9 12:17:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.251 DST=51.210.113.204 LEN=71 TOS=0x00 PREC=0x00 TTL=34 ID=40907 PROTO=UDP SPT=54405 DPT=35431 LEN=51 Nov 9 12:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3837 SEQ=1 Nov 9 12:17:21 server83 aibolit_wrapper[10747]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626708413802306.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626708413804154.txt --log=/tmp/malware_cleaner_log_17626708413805584.txt --progress=/tmp/malware_cleaner_progress_17626708413805222.json --csv_result=/tmp/revisium_csvfile_17626708413805390.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:17:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23717 SEQ=1 Nov 9 12:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3837 SEQ=1 Nov 9 12:17:25 server83 dhclient[10156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x2fec9250) Nov 9 12:17:25 server83 aibolit_wrapper[10839]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626708455678762.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626708455680706.txt --log=/tmp/malware_cleaner_log_17626708455682752.txt --progress=/tmp/malware_cleaner_progress_17626708455682160.json --csv_result=/tmp/revisium_csvfile_17626708455682450.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:17:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=44984 PROTO=TCP SPT=59428 DPT=12739 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:17:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62881 PROTO=TCP SPT=35612 DPT=7505 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:17:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.234 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50328 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:17:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42060 SEQ=1 Nov 9 12:17:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16585 SEQ=1 Nov 9 12:17:34 server83 pam_imunify_daemon.bin: time="2025-11-09T12:17:34+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 12:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7375 DF PROTO=TCP SPT=52968 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:17:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28085 PROTO=TCP SPT=49956 DPT=29928 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:17:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.104 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=63272 PROTO=TCP SPT=55512 DPT=21967 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:17:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45865 SEQ=1 Nov 9 12:17:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16385 SEQ=1 Nov 9 12:17:39 server83 dhclient[10156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x2fec9250) Nov 9 12:17:44 server83 NetworkManager[922]: <warn> [1762670864.4375] dhcp4 (eth1): request timed out Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4375] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4454] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10156 Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4454] dhcp4 (eth1): state changed timeout -> done Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4456] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:17:44 server83 NetworkManager[922]: <warn> [1762670864.4461] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4463] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4497] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4501] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4502] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4506] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4516] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4518] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:17:44 server83 NetworkManager[922]: <info> [1762670864.4530] dhcp4 (eth1): dhclient started with pid 11369 Nov 9 12:17:44 server83 dhclient[11369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x1d5db33) Nov 9 12:17:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:17:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:17:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15726 SEQ=1 Nov 9 12:17:50 server83 dhclient[11369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x1d5db33) Nov 9 12:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:17:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64280 SEQ=1 Nov 9 12:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14674 SEQ=1 Nov 9 12:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52564 SEQ=1 Nov 9 12:17:56 server83 dhclient[11369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1d5db33) Nov 9 12:17:59 server83 aibolit_wrapper[11958]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626708795300196.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626708795301178.txt --log=/tmp/malware_cleaner_log_17626708795301998.txt --progress=/tmp/malware_cleaner_progress_17626708795301788.json --csv_result=/tmp/revisium_csvfile_17626708795301878.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:18:01 server83 systemd: Started Session 311692 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311693 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311694 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311695 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311696 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311697 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311698 of user root. Nov 9 12:18:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:18:01 server83 systemd: Started Session 311700 of user accentri. Nov 9 12:18:01 server83 systemd: Started Session 311701 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311699 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311702 of user root. Nov 9 12:18:01 server83 systemd: Started Session 311703 of user accentri. Nov 9 12:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:18:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:18:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46953 SEQ=1 Nov 9 12:18:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42563 SEQ=1 Nov 9 12:18:03 server83 dhclient[11369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1d5db33) Nov 9 12:18:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19923 SEQ=1 Nov 9 12:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=643 SEQ=1 Nov 9 12:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46953 SEQ=1 Nov 9 12:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42131 SEQ=1 Nov 9 12:18:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.173.101 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38594 DPT=10036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:18:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19923 SEQ=1 Nov 9 12:18:10 server83 dhclient[11369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x1d5db33) Nov 9 12:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36115 PROTO=TCP SPT=42111 DPT=2782 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=4885 PROTO=TCP SPT=34274 DPT=5621 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:18:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33381 SEQ=1 Nov 9 12:18:17 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:18:17 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 12:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 12:18:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51231 PROTO=TCP SPT=49956 DPT=29189 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21731 SEQ=1 Nov 9 12:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48138 SEQ=1 Nov 9 12:18:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6539 SEQ=1 Nov 9 12:18:23 server83 dhclient[11369]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x1d5db33) Nov 9 12:18:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2617 SEQ=1 Nov 9 12:18:29 server83 NetworkManager[922]: <warn> [1762670909.4513] dhcp4 (eth1): request timed out Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11369 Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4675] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:18:29 server83 NetworkManager[922]: <warn> [1762670909.4680] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4681] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4713] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4717] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4718] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4721] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4731] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4733] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:18:29 server83 NetworkManager[922]: <info> [1762670909.4744] dhcp4 (eth1): dhclient started with pid 12696 Nov 9 12:18:29 server83 dhclient[12696]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x6bcea7ec) Nov 9 12:18:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57899 SEQ=1 Nov 9 12:18:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=63114 PROTO=TCP SPT=35109 DPT=8712 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:18:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=26631 DF PROTO=ICMP TYPE=8 CODE=0 ID=64291 SEQ=12179 Nov 9 12:18:35 server83 dhclient[12696]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x6bcea7ec) Nov 9 12:18:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43103 SEQ=1 Nov 9 12:18:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57899 SEQ=1 Nov 9 12:18:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.67.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44319 DPT=8003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53430 PROTO=TCP SPT=45727 DPT=33031 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43103 SEQ=1 Nov 9 12:18:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49845 PROTO=TCP SPT=49956 DPT=28707 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:18:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.57.185 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=3428 DF PROTO=TCP SPT=47041 DPT=270 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:18:44 server83 dhclient[12696]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x6bcea7ec) Nov 9 12:18:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:18:46 server83 aibolit_wrapper[13093]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626709264025312.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626709264027414.txt --log=/tmp/malware_cleaner_log_17626709264029568.txt --progress=/tmp/malware_cleaner_progress_17626709264028944.json --csv_result=/tmp/revisium_csvfile_17626709264029242.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:18:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:18:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5686 SEQ=1 Nov 9 12:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32595 SEQ=1 Nov 9 12:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45289 SEQ=1 Nov 9 12:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61008 SEQ=1 Nov 9 12:18:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9722 SEQ=1 Nov 9 12:18:52 server83 aibolit_wrapper[13233]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626709325706136.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626709325708844.txt --progress=/tmp/malware_cleaner_progress_17626709325708452.json --csv_result=/tmp/revisium_csvfile_17626709325708614.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:18:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62534 SEQ=1 Nov 9 12:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41479 SEQ=1 Nov 9 12:18:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57457 DF PROTO=TCP SPT=49264 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:19:00 server83 dhclient[12696]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x6bcea7ec) Nov 9 12:19:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57458 DF PROTO=TCP SPT=49264 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:19:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:19:01 server83 systemd: Started Session 311706 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311707 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311709 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311708 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311705 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311704 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311710 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311711 of user root. Nov 9 12:19:01 server83 systemd: Started Session 311712 of user root. Nov 9 12:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58505 SEQ=1 Nov 9 12:19:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57459 DF PROTO=TCP SPT=49264 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55585 SEQ=1 Nov 9 12:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47103 SEQ=1 Nov 9 12:19:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57460 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57461 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.203.255.20 DST=51.210.113.204 LEN=76 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=UDP SPT=43922 DPT=123 LEN=56 Nov 9 12:19:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57462 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57463 DF PROTO=TCP SPT=49264 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30372 SEQ=1 Nov 9 12:19:07 server83 dhclient[12696]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x6bcea7ec) Nov 9 12:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22442 SEQ=1 Nov 9 12:19:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4202 SEQ=1 Nov 9 12:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57464 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=688 PROTO=TCP SPT=36060 DPT=9671 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:19:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16777 PROTO=TCP SPT=46376 DPT=12476 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:19:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24625 PROTO=TCP SPT=44331 DPT=5737 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:19:14 server83 NetworkManager[922]: <warn> [1762670954.4383] dhcp4 (eth1): request timed out Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4543] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 12696 Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4544] dhcp4 (eth1): state changed timeout -> done Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4547] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:19:14 server83 NetworkManager[922]: <warn> [1762670954.4553] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4555] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4589] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4593] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4594] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4598] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4609] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4613] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:19:14 server83 NetworkManager[922]: <info> [1762670954.4625] dhcp4 (eth1): dhclient started with pid 13867 Nov 9 12:19:14 server83 dhclient[13867]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x256ff3ab) Nov 9 12:19:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57465 DF PROTO=TCP SPT=49264 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57466 DF PROTO=TCP SPT=49389 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:20 server83 dhclient[13867]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x256ff3ab) Nov 9 12:19:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49115 SEQ=1 Nov 9 12:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44753 SEQ=1 Nov 9 12:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60239 SEQ=1 Nov 9 12:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40142 SEQ=1 Nov 9 12:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43208 SEQ=1 Nov 9 12:19:26 server83 aibolit_wrapper[14121]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626709660660780.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626709660662444.txt --log=/tmp/malware_cleaner_log_17626709660663998.txt --progress=/tmp/malware_cleaner_progress_17626709660663586.json --csv_result=/tmp/revisium_csvfile_17626709660663766.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:19:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59499 PROTO=TCP SPT=45774 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59500 PROTO=TCP SPT=45774 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2488 PROTO=TCP SPT=53120 DPT=2774 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:19:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39899 PROTO=TCP SPT=58737 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59501 PROTO=TCP SPT=45774 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:32 server83 aibolit_wrapper[14275]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626709725535522.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626709725536932.txt --log=/tmp/malware_cleaner_log_17626709725538296.txt --progress=/tmp/malware_cleaner_progress_17626709725537920.json --csv_result=/tmp/revisium_csvfile_17626709725538082.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:19:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39900 PROTO=TCP SPT=58737 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39901 PROTO=TCP SPT=58737 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=59503 PROTO=TCP SPT=45774 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39902 PROTO=TCP SPT=58737 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.92.208.170 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=35649 DF PROTO=ICMP TYPE=8 CODE=0 ID=3920 SEQ=56826 Nov 9 12:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30452 SEQ=1 Nov 9 12:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36572 SEQ=1 Nov 9 12:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4289 SEQ=1 Nov 9 12:19:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.162 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54764 DPT=46896 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:19:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39903 PROTO=TCP SPT=58737 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:19:37 server83 aibolit_wrapper[14443]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626709779286988.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626709779288318.txt --log=/tmp/malware_cleaner_log_17626709779289580.txt --progress=/tmp/malware_cleaner_progress_17626709779289286.json --csv_result=/tmp/revisium_csvfile_17626709779289414.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:19:38 server83 dhclient[13867]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x256ff3ab) Nov 9 12:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28824 SEQ=1 Nov 9 12:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22638 SEQ=1 Nov 9 12:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49382 SEQ=1 Nov 9 12:19:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18640 PROTO=TCP SPT=52269 DPT=7999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:19:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57467 DF PROTO=TCP SPT=50250 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:42 server83 aibolit_wrapper[14543]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626709822089820.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626709822091786.txt --progress=/tmp/malware_cleaner_progress_17626709822091532.json --csv_result=/tmp/revisium_csvfile_17626709822091636.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:19:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57468 DF PROTO=TCP SPT=50250 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30574 PROTO=TCP SPT=59444 DPT=47578 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:19:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57469 DF PROTO=TCP SPT=50250 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:45 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 12:19:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:19:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17297 SEQ=1 Nov 9 12:19:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:19:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57470 DF PROTO=TCP SPT=50250 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:19:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55928 DPT=10250 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:19:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=33916 PROTO=TCP SPT=50939 DPT=7841 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61067 SEQ=1 Nov 9 12:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64602 SEQ=1 Nov 9 12:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16089 SEQ=1 Nov 9 12:19:54 server83 dhclient[13867]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x256ff3ab) Nov 9 12:19:56 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:19:56 server83 systemd: Stopped Status Update Service. Nov 9 12:19:56 server83 systemd: Started Status Update Service. Nov 9 12:19:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57471 DF PROTO=TCP SPT=50250 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:19:59 server83 NetworkManager[922]: <warn> [1762670999.4503] dhcp4 (eth1): request timed out Nov 9 12:19:59 server83 NetworkManager[922]: <info> [1762670999.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:19:59 server83 NetworkManager[922]: <info> [1762670999.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13867 Nov 9 12:19:59 server83 NetworkManager[922]: <info> [1762670999.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 12:19:59 server83 NetworkManager[922]: <info> [1762670999.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:19:59 server83 NetworkManager[922]: <warn> [1762670999.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:19:59 server83 NetworkManager[922]: <info> [1762670999.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:20:01 server83 systemd: Started Session 311713 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311716 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311717 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311715 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311714 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311718 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311719 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311721 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311720 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311723 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311724 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311725 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311722 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311727 of user root. Nov 9 12:20:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:20:01 server83 systemd: Started Session 311728 of user accentri. Nov 9 12:20:01 server83 systemd: Started Session 311730 of user accentri. Nov 9 12:20:01 server83 systemd: Started Session 311726 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311732 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311731 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311729 of user root. Nov 9 12:20:01 server83 systemd: Started Session 311733 of user root. Nov 9 12:20:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:20:03 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:20:03 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:20:03 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=30739 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=575 SEQ=1 Nov 9 12:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12343 SEQ=1 Nov 9 12:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33791 SEQ=1 Nov 9 12:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5303 SEQ=1 Nov 9 12:20:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.189 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49859 DPT=47816 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:20:17 server83 aibolit_wrapper[16224]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626710175783710.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626710175784842.txt --log=/tmp/malware_cleaner_log_17626710175785806.txt --progress=/tmp/malware_cleaner_progress_17626710175785544.json --csv_result=/tmp/revisium_csvfile_17626710175785670.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:20:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20914 SEQ=1 Nov 9 12:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8661 SEQ=1 Nov 9 12:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32667 SEQ=1 Nov 9 12:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47547 SEQ=1 Nov 9 12:20:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51911 SEQ=1 Nov 9 12:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51870 SEQ=1 Nov 9 12:20:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3632 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:20:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9851 PROTO=TCP SPT=49956 DPT=29881 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56774 SEQ=1 Nov 9 12:20:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.170.118 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37736 PROTO=TCP SPT=56306 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3631 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:20:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.170.118 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37737 PROTO=TCP SPT=56306 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=55982 PROTO=TCP SPT=41561 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.194.170.118 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=37738 PROTO=TCP SPT=56306 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:30 server83 aibolit_wrapper[16615]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626710300456352.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626710300457944.txt --log=/tmp/malware_cleaner_log_17626710300459494.txt --progress=/tmp/malware_cleaner_progress_17626710300459128.json --csv_result=/tmp/revisium_csvfile_17626710300459318.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:20:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=55983 PROTO=TCP SPT=41561 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19767 SEQ=1 Nov 9 12:20:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=55984 PROTO=TCP SPT=41561 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26585 SEQ=1 Nov 9 12:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35064 SEQ=1 Nov 9 12:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19767 SEQ=1 Nov 9 12:20:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.170.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=55986 PROTO=TCP SPT=41561 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29360 SEQ=1 Nov 9 12:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10466 SEQ=1 Nov 9 12:20:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50483 SEQ=1 Nov 9 12:20:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:20:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26726 PROTO=TCP SPT=49956 DPT=25017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:20:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:20:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5180 SEQ=1 Nov 9 12:20:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18446 SEQ=1 Nov 9 12:20:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.202.122.207 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=21070 PROTO=TCP SPT=59197 DPT=102 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:20:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:20:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41152 SEQ=1 Nov 9 12:20:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35810 PROTO=TCP SPT=45727 DPT=31076 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5180 SEQ=1 Nov 9 12:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35846 SEQ=1 Nov 9 12:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55000 SEQ=1 Nov 9 12:20:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29608 SEQ=1 Nov 9 12:20:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57472 DF PROTO=TCP SPT=52146 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:20:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57473 DF PROTO=TCP SPT=52146 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:20:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57474 DF PROTO=TCP SPT=52146 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:21:00 server83 aibolit_wrapper[17399]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626710603172770.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626710603174572.txt --log=/tmp/malware_cleaner_log_17626710603176028.txt --progress=/tmp/malware_cleaner_progress_17626710603175664.json --csv_result=/tmp/revisium_csvfile_17626710603175826.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:21:01 server83 systemd: Started Session 311734 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311736 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311737 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311738 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311739 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311740 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311741 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311735 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311743 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311742 of user root. Nov 9 12:21:01 server83 systemd: Started Session 311744 of user root. Nov 9 12:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:21:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57475 DF PROTO=TCP SPT=52146 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:21:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.219 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37552 DPT=8808 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:21:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.129.151 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=3240 DF PROTO=TCP SPT=37417 DPT=10137 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:21:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.191 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37622 DPT=3790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:21:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52806 PROTO=TCP SPT=48369 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16636 SEQ=1 Nov 9 12:21:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33304 PROTO=TCP SPT=42111 DPT=2792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58412 SEQ=1 Nov 9 12:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12651 SEQ=1 Nov 9 12:21:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52807 PROTO=TCP SPT=48369 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=33142 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:21:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=39847 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:21:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18963 PROTO=TCP SPT=45361 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18965 PROTO=TCP SPT=45361 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:12 server83 aibolit_wrapper[17957]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626710725719624.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626710725720734.txt --log=/tmp/malware_cleaner_log_17626710725721720.txt --progress=/tmp/malware_cleaner_progress_17626710725721468.json --csv_result=/tmp/revisium_csvfile_17626710725721580.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:21:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18967 PROTO=TCP SPT=45361 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46287 SEQ=1 Nov 9 12:21:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=19033 DF PROTO=ICMP TYPE=8 CODE=0 ID=3029 SEQ=15105 Nov 9 12:21:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=721 SEQ=1 Nov 9 12:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13797 SEQ=1 Nov 9 12:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18976 SEQ=1 Nov 9 12:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.63 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=109 ID=56587 DF PROTO=ICMP TYPE=8 CODE=0 ID=27060 SEQ=35600 Nov 9 12:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51880 SEQ=1 Nov 9 12:21:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=46563 PROTO=TCP SPT=49053 DPT=33497 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:21:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:21:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51264 PROTO=TCP SPT=61000 DPT=29364 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:21:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61113 SEQ=1 Nov 9 12:21:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52741 SEQ=1 Nov 9 12:21:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34914 SEQ=1 Nov 9 12:21:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39757 SEQ=1 Nov 9 12:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52559 SEQ=1 Nov 9 12:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65066 SEQ=1 Nov 9 12:21:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56107 DPT=45351 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:21:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20021 PROTO=TCP SPT=61456 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20022 PROTO=TCP SPT=61456 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42025 PROTO=TCP SPT=45727 DPT=31040 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:21:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33446 PROTO=TCP SPT=60939 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=20023 PROTO=TCP SPT=61456 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=35275 PROTO=TCP SPT=47616 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:21:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31127 PROTO=TCP SPT=44815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:21:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:21:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31129 PROTO=TCP SPT=44815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60089 SEQ=1 Nov 9 12:21:49 server83 aibolit_wrapper[19480]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626711093284352.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626711093285912.txt --log=/tmp/malware_cleaner_log_17626711093287406.txt --progress=/tmp/malware_cleaner_progress_17626711093286960.json --csv_result=/tmp/revisium_csvfile_17626711093287182.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23300 SEQ=1 Nov 9 12:21:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=31131 PROTO=TCP SPT=44815 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30581 SEQ=1 Nov 9 12:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64333 SEQ=1 Nov 9 12:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30581 SEQ=1 Nov 9 12:21:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22824 SEQ=1 Nov 9 12:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42522 SEQ=1 Nov 9 12:21:56 server83 PAM-hulk[19286]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 12:21:56 server83 aibolit_wrapper[19611]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626711165870374.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626711165871940.txt --log=/tmp/malware_cleaner_log_17626711165873626.txt --progress=/tmp/malware_cleaner_progress_17626711165873204.json --csv_result=/tmp/revisium_csvfile_17626711165873410.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:21:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.191 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59876 DPT=4433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:01 server83 systemd: Started Session 311745 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311746 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311748 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311747 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311751 of user root. Nov 9 12:22:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:22:01 server83 systemd: Started Session 311750 of user accentri. Nov 9 12:22:01 server83 systemd: Started Session 311749 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311752 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311753 of user accentri. Nov 9 12:22:01 server83 systemd: Started Session 311754 of user root. Nov 9 12:22:01 server83 systemd: Started Session 311755 of user root. Nov 9 12:22:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:22:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3630 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:22:03 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 12:22:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4435 SEQ=1 Nov 9 12:22:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53878 SEQ=1 Nov 9 12:22:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.68 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51536 DPT=48468 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.190.163.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57806 DPT=8092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=21320 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=41388 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:22:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44385 PROTO=TCP SPT=59859 DPT=7971 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=48315 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=389 SEQ=1 Nov 9 12:22:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10052 SEQ=1 Nov 9 12:22:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4435 SEQ=1 Nov 9 12:22:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:22:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24330 SEQ=1 Nov 9 12:22:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.217.0.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=38454 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.4 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=63099 PROTO=TCP SPT=26200 DPT=3121 WINDOW=6529 RES=0x00 SYN URGP=0 Nov 9 12:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11515 SEQ=1 Nov 9 12:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.180 DST=145.239.177.179 LEN=63 TOS=0x00 PREC=0x00 TTL=112 ID=48515 DF PROTO=ICMP TYPE=8 CODE=0 ID=45025 SEQ=30941 Nov 9 12:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9490 SEQ=1 Nov 9 12:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11932 SEQ=1 Nov 9 12:22:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=39608 DPT=9001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:30 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.245 DST=51.210.113.204 LEN=30 TOS=0x00 PREC=0x00 TTL=34 ID=31541 PROTO=UDP SPT=54201 DPT=44681 LEN=10 Nov 9 12:22:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3629 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20132 SEQ=1 Nov 9 12:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20317 SEQ=1 Nov 9 12:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38590 SEQ=1 Nov 9 12:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59165 SEQ=1 Nov 9 12:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52825 SEQ=1 Nov 9 12:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2025 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34056 SEQ=1 Nov 9 12:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20132 SEQ=1 Nov 9 12:22:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51988 DPT=8445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3628 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:22:45 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:22:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.center: ProactiveModel.Host should not be empty Nov 9 12:22:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5256 SEQ=1 Nov 9 12:22:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.37 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=39678 PROTO=TCP SPT=49109 DPT=10190 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23545 SEQ=1 Nov 9 12:22:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:22:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49590 PROTO=TCP SPT=63696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:22:51 server83 aibolit_wrapper[21168]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626711719102320.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626711719104076.txt --log=/tmp/malware_cleaner_log_17626711719105690.txt --progress=/tmp/malware_cleaner_progress_17626711719105242.json --csv_result=/tmp/revisium_csvfile_17626711719105424.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:22:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49591 PROTO=TCP SPT=63696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63624 SEQ=1 Nov 9 12:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5256 SEQ=1 Nov 9 12:22:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49592 PROTO=TCP SPT=63696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7710 SEQ=1 Nov 9 12:22:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49593 PROTO=TCP SPT=63696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:22:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49594 PROTO=TCP SPT=63696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:22:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.160 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57142 DPT=46555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:22:57 server83 aibolit_wrapper[21322]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626711772329556.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626711772330572.txt --log=/tmp/malware_cleaner_log_17626711772331514.txt --progress=/tmp/malware_cleaner_progress_17626711772331240.json --csv_result=/tmp/revisium_csvfile_17626711772331364.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:22:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10243 PROTO=TCP SPT=55364 DPT=7353 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:23:01 server83 systemd: Started Session 311756 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311758 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311757 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311759 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311760 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311761 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311762 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311763 of user root. Nov 9 12:23:01 server83 systemd: Started Session 311764 of user root. Nov 9 12:23:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34222 PROTO=TCP SPT=43337 DPT=4331 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20704 SEQ=1 Nov 9 12:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34821 SEQ=1 Nov 9 12:23:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7049 SEQ=1 Nov 9 12:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15356 PROTO=TCP SPT=55240 DPT=4551 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35497 SEQ=1 Nov 9 12:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=50987 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60509 SEQ=1 Nov 9 12:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=32096 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:23:10 server83 pam_imunify_daemon.bin: time="2025-11-09T12:23:10+05:30" level=warning msg="Send stats for 8 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=8 Nov 9 12:23:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44055 SEQ=1 Nov 9 12:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60728 SEQ=1 Nov 9 12:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7875 PROTO=TCP SPT=53120 DPT=2520 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40064 SEQ=1 Nov 9 12:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28035 SEQ=1 Nov 9 12:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10320 SEQ=1 Nov 9 12:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59694 SEQ=1 Nov 9 12:23:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48041 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15210 SEQ=1 Nov 9 12:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.41 DST=145.239.177.179 LEN=63 TOS=0x00 PREC=0x00 TTL=112 ID=2451 DF PROTO=ICMP TYPE=8 CODE=0 ID=20498 SEQ=38752 Nov 9 12:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14302 SEQ=1 Nov 9 12:23:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28846 SEQ=1 Nov 9 12:23:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.124 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59173 DPT=8090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:23:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13984 SEQ=1 Nov 9 12:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46783 SEQ=1 Nov 9 12:23:40 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33044 SEQ=1 Nov 9 12:23:40 server83 aibolit_wrapper[22545]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626712208275294.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626712208276942.txt --log=/tmp/malware_cleaner_log_17626712208278822.txt --progress=/tmp/malware_cleaner_progress_17626712208278288.json --csv_result=/tmp/revisium_csvfile_17626712208278528.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:23:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:23:44 server83 aibolit_wrapper[22619]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626712249500618.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626712249501960.txt --log=/tmp/malware_cleaner_log_17626712249503408.txt --progress=/tmp/malware_cleaner_progress_17626712249502972.json --csv_result=/tmp/revisium_csvfile_17626712249503214.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:23:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:23:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.config: ProactiveModel.Host should not be empty Nov 9 12:23:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.created: ProactiveModel.Host should not be empty Nov 9 12:23:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 12:23:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.center: ProactiveModel.Host should not be empty Nov 9 12:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:23:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:23:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40566 PROTO=TCP SPT=49956 DPT=28183 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11892 SEQ=1 Nov 9 12:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62253 SEQ=1 Nov 9 12:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62253 SEQ=1 Nov 9 12:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9433 SEQ=1 Nov 9 12:24:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60780 SEQ=1 Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:24:01 server83 systemd: Started Session 311765 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311769 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311766 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311767 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311768 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311770 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311771 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311772 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311773 of user root. Nov 9 12:24:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:24:01 server83 systemd: Started Session 311774 of user accentri. Nov 9 12:24:01 server83 systemd: Started Session 311775 of user root. Nov 9 12:24:01 server83 systemd: Started Session 311776 of user accentri. Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:24:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:24:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57873 SEQ=1 Nov 9 12:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=55881 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=33395 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53967 SEQ=1 Nov 9 12:24:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=60287 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=35807 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:24:10 server83 scripts.sh: Sun Nov 9 12:24:10 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 12:24:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6277 PROTO=TCP SPT=56698 DPT=8214 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.148.250 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=4693 DF PROTO=TCP SPT=41753 DPT=5192 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:24:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54929 SEQ=1 Nov 9 12:24:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23940 SEQ=1 Nov 9 12:24:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52060 PROTO=TCP SPT=42472 DPT=4747 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51065 SEQ=1 Nov 9 12:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14469 SEQ=1 Nov 9 12:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14469 SEQ=1 Nov 9 12:24:28 server83 pam_imunify_daemon.bin: time="2025-11-09T12:24:28+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 12:24:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:24:30 server83 aibolit_wrapper[24236]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626712706469794.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626712706471468.txt --log=/tmp/malware_cleaner_log_17626712706473214.txt --progress=/tmp/malware_cleaner_progress_17626712706472760.json --csv_result=/tmp/revisium_csvfile_17626712706472938.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:24:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35482 SEQ=1 Nov 9 12:24:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63900 SEQ=1 Nov 9 12:24:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19227 SEQ=1 Nov 9 12:24:36 server83 aibolit_wrapper[24477]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626712769815424.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626712769819506.txt --progress=/tmp/malware_cleaner_progress_17626712769819006.json --csv_result=/tmp/revisium_csvfile_17626712769819200.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48529 SEQ=1 Nov 9 12:24:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.43 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56286 DPT=9925 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:24:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:24:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:24:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53562 SEQ=1 Nov 9 12:24:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22296 SEQ=1 Nov 9 12:24:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35668 SEQ=1 Nov 9 12:24:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63925 SEQ=1 Nov 9 12:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19165 SEQ=1 Nov 9 12:24:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3621 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:24:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=24547 DF PROTO=ICMP TYPE=8 CODE=0 ID=15019 SEQ=62601 Nov 9 12:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.187 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50150 DPT=9152 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49823 SEQ=1 Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4443] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4447] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4448] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4450] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4459] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4461] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:24:59 server83 NetworkManager[922]: <info> [1762671299.4472] dhcp4 (eth1): dhclient started with pid 25134 Nov 9 12:24:59 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5516b026) Nov 9 12:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:25:01 server83 systemd: Started Session 311777 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311779 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311782 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311781 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311785 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311786 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311787 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311780 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311778 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311788 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311783 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311789 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311784 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311791 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311792 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311790 of user root. Nov 9 12:25:01 server83 systemd: Started Session 311793 of user root. Nov 9 12:25:01 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 12:25:02 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5516b026) Nov 9 12:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52652 SEQ=1 Nov 9 12:25:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.121.153 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=39310 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:05 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5516b026) Nov 9 12:25:06 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:25:06 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:25:06 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34880 SEQ=1 Nov 9 12:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=11221 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:25:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37516 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=43991 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=43.192.120.251 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=63369 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x04 PREC=0x00 TTL=223 ID=16881 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:25:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:25:08 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5516b026) Nov 9 12:25:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34283 SEQ=1 Nov 9 12:25:11 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x5516b026) Nov 9 12:25:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=41999 PROTO=TCP SPT=49037 DPT=1522 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:25:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56584 SEQ=1 Nov 9 12:25:19 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x5516b026) Nov 9 12:25:19 server83 aibolit_wrapper[26187]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626713193950238.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626713193951344.txt --log=/tmp/malware_cleaner_log_17626713193952188.txt --progress=/tmp/malware_cleaner_progress_17626713193951948.json --csv_result=/tmp/revisium_csvfile_17626713193952066.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:25:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.36 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50249 DPT=3242 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6554 SEQ=1 Nov 9 12:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17331 SEQ=1 Nov 9 12:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17331 SEQ=1 Nov 9 12:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6462 SEQ=1 Nov 9 12:25:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.188.206.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25089 PROTO=TCP SPT=40590 DPT=33000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:25:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=3302 PROTO=TCP SPT=20485 DPT=17840 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:25:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.49 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=30637 PROTO=TCP SPT=46131 DPT=16622 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.204 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52742 DPT=6000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=62724 PROTO=TCP SPT=45202 DPT=4023 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.4 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=36315 DF PROTO=TCP SPT=40691 DPT=20052 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:25:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61298 SEQ=1 Nov 9 12:25:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6846 SEQ=1 Nov 9 12:25:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=61.143.45.59 DST=145.239.177.179 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=19710 DF PROTO=TCP SPT=53011 DPT=1433 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63423 SEQ=1 Nov 9 12:25:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.45 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54894 DPT=2044 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:36 server83 aibolit_wrapper[26630]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626713365701678.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626713365702810.txt --log=/tmp/malware_cleaner_log_17626713365703846.txt --progress=/tmp/malware_cleaner_progress_17626713365703578.json --csv_result=/tmp/revisium_csvfile_17626713365703714.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47336 SEQ=1 Nov 9 12:25:38 server83 dhclient[25134]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x5516b026) Nov 9 12:25:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20517 SEQ=1 Nov 9 12:25:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47336 SEQ=1 Nov 9 12:25:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49751 SEQ=1 Nov 9 12:25:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1741 PROTO=TCP SPT=49956 DPT=26871 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:25:44 server83 NetworkManager[922]: <warn> [1762671344.4375] dhcp4 (eth1): request timed out Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4375] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4535] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25134 Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4535] dhcp4 (eth1): state changed timeout -> done Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4537] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:25:44 server83 NetworkManager[922]: <warn> [1762671344.4542] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4544] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4577] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4581] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4582] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4585] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4595] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4598] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:25:44 server83 NetworkManager[922]: <info> [1762671344.4609] dhcp4 (eth1): dhclient started with pid 26747 Nov 9 12:25:44 server83 dhclient[26747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x197ce9ab) Nov 9 12:25:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:25:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.post: ProactiveModel.Host should not be empty Nov 9 12:25:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:25:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.70 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=45 ID=57741 DF PROTO=UDP SPT=3295 DPT=13 LEN=9 Nov 9 12:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9564 SEQ=1 Nov 9 12:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9330 SEQ=1 Nov 9 12:25:52 server83 dhclient[26747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x197ce9ab) Nov 9 12:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9330 SEQ=1 Nov 9 12:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58746 SEQ=1 Nov 9 12:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9564 SEQ=1 Nov 9 12:25:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45832 PROTO=TCP SPT=42636 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:25:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45833 PROTO=TCP SPT=42636 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:25:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=34567 DF PROTO=TCP SPT=60186 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:25:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.208.236 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60706 DPT=33335 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:25:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14679 PROTO=TCP SPT=39374 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:25:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45834 PROTO=TCP SPT=42636 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:26:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14681 PROTO=TCP SPT=39374 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:26:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14682 PROTO=TCP SPT=39374 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:26:01 server83 systemd: Started Session 311795 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311797 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311798 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311799 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311794 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311800 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311801 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311802 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311796 of user root. Nov 9 12:26:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:26:01 server83 systemd: Started Session 311804 of user accentri. Nov 9 12:26:01 server83 systemd: Started Session 311803 of user root. Nov 9 12:26:01 server83 systemd: Started Session 311805 of user accentri. Nov 9 12:26:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:26:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 12:26:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:26:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=34571 DF PROTO=TCP SPT=60211 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=34572 DF PROTO=TCP SPT=60191 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14683 PROTO=TCP SPT=39374 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:26:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=34573 DF PROTO=TCP SPT=60222 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:02 server83 dhclient[26747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x197ce9ab) Nov 9 12:26:03 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.87 DST=145.239.177.179 LEN=295 TOS=0x00 PREC=0x00 TTL=51 ID=6081 DF PROTO=UDP SPT=23308 DPT=13577 LEN=275 Nov 9 12:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=34575 DF PROTO=TCP SPT=60211 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=34576 DF PROTO=TCP SPT=60222 DPT=21 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=34577 DF PROTO=TCP SPT=60186 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=17121 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=9845 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:26:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=34587 DF PROTO=TCP SPT=60245 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=16350 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7691 SEQ=1 Nov 9 12:26:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x04 PREC=0x00 TTL=223 ID=22319 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:26:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=34588 DF PROTO=TCP SPT=60191 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:26:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=34589 DF PROTO=TCP SPT=60195 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29339 SEQ=1 Nov 9 12:26:09 server83 aibolit_wrapper[27489]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626713699101772.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626713699103284.txt --log=/tmp/malware_cleaner_log_17626713699104642.txt --progress=/tmp/malware_cleaner_progress_17626713699104298.json --csv_result=/tmp/revisium_csvfile_17626713699104438.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:26:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=34615 DF PROTO=TCP SPT=60245 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=34616 DF PROTO=TCP SPT=60211 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:26:12 server83 dhclient[26747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x197ce9ab) Nov 9 12:26:13 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:26:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=34649 DF PROTO=TCP SPT=60265 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=34650 DF PROTO=TCP SPT=60267 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.8 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=34651 DF PROTO=TCP SPT=60286 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:16 server83 aibolit_wrapper[27727]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626713761449576.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626713761451604.txt --progress=/tmp/malware_cleaner_progress_17626713761451370.json --csv_result=/tmp/revisium_csvfile_17626713761451468.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:26:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2015 SEQ=1 Nov 9 12:26:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23652 SEQ=1 Nov 9 12:26:18 server83 systemd: Started Session c2879 of user root. Nov 9 12:26:19 server83 scripts.sh: Load Average: 3.24 , 3.02 Nov 9 12:26:19 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 12:26:19 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 12:26:19 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 12:26:19 server83 scripts.sh: HTTPD Status: inactive Nov 9 12:26:19 server83 scripts.sh: MySQL Status: active Nov 9 12:26:19 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 12:26:19 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 12:26:19 server83 scripts.sh: SSHD Status: active Nov 9 12:26:19 server83 scripts.sh: FTP Status: active Nov 9 12:26:19 server83 scripts.sh: LiteSpeed Status: Active Nov 9 12:26:19 server83 scripts.sh: Imunify Status: Active Nov 9 12:26:19 server83 scripts.sh: cPanel Status: active Nov 9 12:26:19 server83 scripts.sh: Memory Status: 12/31 GB - 38.55% Nov 9 12:26:19 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 12:26:19 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 12:26:19 server83 scripts.sh: Local Version: 4.4.5 Nov 9 12:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44104 SEQ=1 Nov 9 12:26:19 server83 dhclient[26747]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x197ce9ab) Nov 9 12:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54396 SEQ=1 Nov 9 12:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18449 SEQ=1 Nov 9 12:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49426 SEQ=1 Nov 9 12:26:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.79 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47829 DF PROTO=TCP SPT=26043 DPT=22222 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:26:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3620 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:26:26 server83 aibolit_wrapper[27990]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626713864623786.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626713864625854.txt --log=/tmp/malware_cleaner_log_17626713864628062.txt --progress=/tmp/malware_cleaner_progress_17626713864627428.json --csv_result=/tmp/revisium_csvfile_17626713864627714.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:26:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42100 PROTO=TCP SPT=53120 DPT=2423 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:26:29 server83 NetworkManager[922]: <warn> [1762671389.4483] dhcp4 (eth1): request timed out Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4483] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4643] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26747 Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4643] dhcp4 (eth1): state changed timeout -> done Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4645] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:26:29 server83 NetworkManager[922]: <warn> [1762671389.4650] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4652] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4684] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4687] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4688] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4690] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4699] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4701] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:26:29 server83 NetworkManager[922]: <info> [1762671389.4711] dhcp4 (eth1): dhclient started with pid 28085 Nov 9 12:26:29 server83 dhclient[28085]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x280975ce) Nov 9 12:26:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17219 SEQ=1 Nov 9 12:26:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59068 SEQ=1 Nov 9 12:26:32 server83 dhclient[28085]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x280975ce) Nov 9 12:26:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=28612 PROTO=TCP SPT=50939 DPT=7843 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:26:38 server83 dhclient[28085]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x280975ce) Nov 9 12:26:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.180.99 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=15327 DF PROTO=TCP SPT=51425 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54531 SEQ=1 Nov 9 12:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22894 SEQ=1 Nov 9 12:26:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56465 SEQ=1 Nov 9 12:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3627 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:26:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.180.99 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=15328 DF PROTO=TCP SPT=51425 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:26:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:26:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16256 PROTO=TCP SPT=51416 DPT=4569 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:26:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:26:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:26:47 server83 dhclient[28085]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x280975ce) Nov 9 12:26:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.180.99 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=15329 DF PROTO=TCP SPT=51425 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 12:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20568 SEQ=1 Nov 9 12:26:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20568 SEQ=1 Nov 9 12:26:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45028 SEQ=1 Nov 9 12:26:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63961 SEQ=1 Nov 9 12:26:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56888 SEQ=1 Nov 9 12:26:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11631 SEQ=1 Nov 9 12:26:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3619 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:26:57 server83 aibolit_wrapper[28888]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626714177176434.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626714177178604.txt --log=/tmp/malware_cleaner_log_17626714177181018.txt --progress=/tmp/malware_cleaner_progress_17626714177180416.json --csv_result=/tmp/revisium_csvfile_17626714177180696.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:26:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=13022 PROTO=TCP SPT=46360 DPT=12229 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:27:00 server83 dhclient[28085]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x280975ce) Nov 9 12:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:27:01 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 12:27:01 server83 systemd: Started Session 311806 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311807 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311808 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311809 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311810 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311811 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311812 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311814 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311815 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311813 of user root. Nov 9 12:27:01 server83 systemd: Started Session 311816 of user root. Nov 9 12:27:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:27:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44625 SEQ=1 Nov 9 12:27:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=8834 PROTO=TCP SPT=12409 DPT=14265 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:27:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57477 DF PROTO=TCP SPT=59740 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64534 PROTO=TCP SPT=45727 DPT=31315 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60845 SEQ=1 Nov 9 12:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3461 SEQ=1 Nov 9 12:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60845 SEQ=1 Nov 9 12:27:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57478 DF PROTO=TCP SPT=59740 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10406 SEQ=1 Nov 9 12:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=20112 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:27:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57479 DF PROTO=TCP SPT=59740 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3618 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:13 server83 dhclient[28085]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x280975ce) Nov 9 12:27:14 server83 NetworkManager[922]: <warn> [1762671434.4430] dhcp4 (eth1): request timed out Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4430] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4510] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 28085 Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4510] dhcp4 (eth1): state changed timeout -> done Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4513] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:27:14 server83 NetworkManager[922]: <warn> [1762671434.4519] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4521] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4554] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4559] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4560] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4564] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4574] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4577] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:27:14 server83 NetworkManager[922]: <info> [1762671434.4589] dhcp4 (eth1): dhclient started with pid 29590 Nov 9 12:27:14 server83 dhclient[29590]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x6b433c97) Nov 9 12:27:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57480 DF PROTO=TCP SPT=59740 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:18 server83 dhclient[29590]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x6b433c97) Nov 9 12:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59907 SEQ=1 Nov 9 12:27:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.148.147.222 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39425 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38104 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.149 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49412 DPT=8001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37919 SEQ=1 Nov 9 12:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28029 SEQ=1 Nov 9 12:27:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62535 SEQ=1 Nov 9 12:27:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.47 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57565 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57481 DF PROTO=TCP SPT=59740 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52803 PROTO=TCP SPT=49956 DPT=25189 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65520 PROTO=TCP SPT=45727 DPT=34841 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57482 DF PROTO=TCP SPT=60219 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.247 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54350 DPT=47002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:29 server83 dhclient[29590]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x6b433c97) Nov 9 12:27:30 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.244 DST=145.239.177.179 LEN=284 TOS=0x00 PREC=0x00 TTL=34 ID=53812 PROTO=UDP SPT=65057 DPT=8493 LEN=264 Nov 9 12:27:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57484 DF PROTO=TCP SPT=60219 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61054 SEQ=1 Nov 9 12:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62866 SEQ=1 Nov 9 12:27:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24817 SEQ=1 Nov 9 12:27:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57485 DF PROTO=TCP SPT=60219 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:38 server83 aibolit_wrapper[30099]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626714581105502.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626714581107234.txt --log=/tmp/malware_cleaner_log_17626714581109260.txt --progress=/tmp/malware_cleaner_progress_17626714581108826.json --csv_result=/tmp/revisium_csvfile_17626714581109032.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25578 SEQ=1 Nov 9 12:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41795 SEQ=1 Nov 9 12:27:40 server83 dhclient[29590]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6b433c97) Nov 9 12:27:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:27:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3626 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57486 DF PROTO=TCP SPT=60219 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:27:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=54224 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.124 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=28366 DF PROTO=TCP SPT=44911 DPT=8400 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:27:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41496 PROTO=TCP SPT=45727 DPT=30873 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:27:48 server83 dhclient[29590]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x6b433c97) Nov 9 12:27:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16688 PROTO=TCP SPT=49956 DPT=28823 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:27:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28186 PROTO=TCP SPT=38677 DPT=1044 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:27:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61622 SEQ=1 Nov 9 12:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24721 SEQ=1 Nov 9 12:27:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24721 SEQ=1 Nov 9 12:27:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.184 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56098 DPT=32015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61153 SEQ=1 Nov 9 12:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61622 SEQ=1 Nov 9 12:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5233 SEQ=1 Nov 9 12:27:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51638 PROTO=TCP SPT=53387 DPT=8032 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:27:59 server83 NetworkManager[922]: <warn> [1762671479.4377] dhcp4 (eth1): request timed out Nov 9 12:27:59 server83 NetworkManager[922]: <info> [1762671479.4377] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:27:59 server83 NetworkManager[922]: <info> [1762671479.4536] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29590 Nov 9 12:27:59 server83 NetworkManager[922]: <info> [1762671479.4537] dhcp4 (eth1): state changed timeout -> done Nov 9 12:27:59 server83 NetworkManager[922]: <info> [1762671479.4538] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:27:59 server83 NetworkManager[922]: <warn> [1762671479.4541] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:27:59 server83 NetworkManager[922]: <info> [1762671479.4543] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:28:00 server83 aibolit_wrapper[30831]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626714803892828.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626714803894736.txt --log=/tmp/malware_cleaner_log_17626714803896396.txt --progress=/tmp/malware_cleaner_progress_17626714803895926.json --csv_result=/tmp/revisium_csvfile_17626714803896146.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:28:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47916 PROTO=TCP SPT=50395 DPT=48324 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:28:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:28:01 server83 systemd: Started Session 311820 of user root. Nov 9 12:28:01 server83 systemd: Started Session 311819 of user root. Nov 9 12:28:01 server83 systemd: Started Session 311817 of user root. Nov 9 12:28:01 server83 systemd: Started Session 311821 of user root. Nov 9 12:28:01 server83 systemd: Started Session 311818 of user root. Nov 9 12:28:01 server83 systemd: Started Session 311822 of user root. Nov 9 12:28:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:28:01 server83 systemd: Started Session 311823 of user accentri. Nov 9 12:28:01 server83 systemd: Started Session 311824 of user root. Nov 9 12:28:01 server83 systemd: Started Session 311825 of user root. Nov 9 12:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 12:28:01 server83 systemd: Started Session 311826 of user metalarts. Nov 9 12:28:01 server83 systemd: Started Session 311827 of user accentri. Nov 9 12:28:01 server83 systemd: Started Session 311828 of user root. Nov 9 12:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:28:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:28:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 12:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12053 SEQ=1 Nov 9 12:28:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:28:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:28:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7648 SEQ=1 Nov 9 12:28:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.224.92.128 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47892 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60385 SEQ=1 Nov 9 12:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=63198 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=20631 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=32277 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=18086 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:28:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3625 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:28:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26938 SEQ=1 Nov 9 12:28:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32826 SEQ=1 Nov 9 12:28:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:28:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4103 SEQ=1 Nov 9 12:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 12:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 12:28:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38634 SEQ=1 Nov 9 12:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46483 SEQ=1 Nov 9 12:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21069 SEQ=1 Nov 9 12:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26938 SEQ=1 Nov 9 12:28:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.239.44.125 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=44940 SEQ=0 Nov 9 12:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56159 SEQ=1 Nov 9 12:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6385 SEQ=1 Nov 9 12:28:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6385 SEQ=1 Nov 9 12:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49143 SEQ=1 Nov 9 12:28:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57487 DF PROTO=TCP SPT=61841 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:28:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57488 DF PROTO=TCP SPT=61841 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28062 SEQ=1 Nov 9 12:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10247 SEQ=1 Nov 9 12:28:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33616 SEQ=1 Nov 9 12:28:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57489 DF PROTO=TCP SPT=61841 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:28:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=423 PROTO=TCP SPT=51933 DPT=7463 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49143 SEQ=1 Nov 9 12:28:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57490 DF PROTO=TCP SPT=61841 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:28:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:28:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:28:48 server83 aibolit_wrapper[32090]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626715286389536.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626715286391378.txt --log=/tmp/malware_cleaner_log_17626715286392966.txt --progress=/tmp/malware_cleaner_progress_17626715286392526.json --csv_result=/tmp/revisium_csvfile_17626715286392722.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:28:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=37453 PROTO=TCP SPT=20469 DPT=42397 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:28:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17728 PROTO=TCP SPT=49956 DPT=27810 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:28:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.65.87.202 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=34722 PROTO=TCP SPT=61004 DPT=8808 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:28:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57491 DF PROTO=TCP SPT=61841 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14267 SEQ=1 Nov 9 12:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14267 SEQ=1 Nov 9 12:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15926 SEQ=1 Nov 9 12:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20679 SEQ=1 Nov 9 12:28:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20679 SEQ=1 Nov 9 12:29:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3624 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:29:01 server83 systemd: Started Session 311830 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311831 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311833 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311835 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311836 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311832 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311834 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311837 of user root. Nov 9 12:29:01 server83 systemd: Started Session 311829 of user root. Nov 9 12:29:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.71 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=11658 PROTO=TCP SPT=41970 DPT=10070 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16248 SEQ=1 Nov 9 12:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19536 SEQ=1 Nov 9 12:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=100.27.25.120 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=54147 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=12421 Nov 9 12:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=44.222.107.192 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=21119 DF PROTO=ICMP TYPE=8 CODE=0 ID=2 SEQ=12881 Nov 9 12:29:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.44.185.137 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=1886 DF PROTO=ICMP TYPE=8 CODE=0 ID=14798 SEQ=41508 Nov 9 12:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3048 SEQ=1 Nov 9 12:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.83.9 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=49 ID=57546 DF PROTO=TCP SPT=58570 DPT=6060 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:29:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5531 PROTO=TCP SPT=56698 DPT=8211 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50610 SEQ=1 Nov 9 12:29:18 server83 aibolit_wrapper[304]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626715589296864.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626715589299250.txt --log=/tmp/malware_cleaner_log_17626715589301670.txt --progress=/tmp/malware_cleaner_progress_17626715589301012.json --csv_result=/tmp/revisium_csvfile_17626715589301292.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52290 SEQ=1 Nov 9 12:29:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37342 SEQ=1 Nov 9 12:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52290 SEQ=1 Nov 9 12:29:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64750 SEQ=1 Nov 9 12:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1994 SEQ=1 Nov 9 12:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4199 SEQ=1 Nov 9 12:29:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50610 SEQ=1 Nov 9 12:29:26 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:29:26 server83 systemd: Stopped Status Update Service. Nov 9 12:29:26 server83 systemd: Started Status Update Service. Nov 9 12:29:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=128.14.231.118 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=35508 DPT=6017 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:29:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.16 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=27239 DF PROTO=UDP SPT=18682 DPT=11 LEN=9 Nov 9 12:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=6108 DF PROTO=ICMP TYPE=8 CODE=0 ID=59094 SEQ=25478 Nov 9 12:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=433 SEQ=1 Nov 9 12:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26882 SEQ=1 Nov 9 12:29:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23740 SEQ=1 Nov 9 12:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18074 SEQ=1 Nov 9 12:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26882 SEQ=1 Nov 9 12:29:46 server83 aibolit_wrapper[811]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626715862762560.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626715862763804.txt --log=/tmp/malware_cleaner_log_17626715862764992.txt --progress=/tmp/malware_cleaner_progress_17626715862764686.json --csv_result=/tmp/revisium_csvfile_17626715862764814.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:29:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:29:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40643 SEQ=1 Nov 9 12:29:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59754 SEQ=1 Nov 9 12:29:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40643 SEQ=1 Nov 9 12:29:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46555 SEQ=1 Nov 9 12:29:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62356 SEQ=1 Nov 9 12:30:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22112 PROTO=TCP SPT=50395 DPT=34027 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:30:01 server83 systemd: Started Session 311838 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311842 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311841 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311843 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311845 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311839 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311846 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311840 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311847 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311844 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311848 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311849 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311854 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311850 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311855 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311852 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311853 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311851 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311856 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311857 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311859 of user root. Nov 9 12:30:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:30:01 server83 systemd: Started Session 311861 of user accentri. Nov 9 12:30:01 server83 systemd: Started Session 311858 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311862 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311860 of user root. Nov 9 12:30:01 server83 systemd: Started Session 311863 of user accentri. Nov 9 12:30:01 server83 systemd: Started Session 311864 of user root. Nov 9 12:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:01 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 12:30:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:30:02 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 12:30:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.217.194.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=53753 DPT=8899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:30:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52020 SEQ=1 Nov 9 12:30:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=854 SEQ=1 Nov 9 12:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48244 SEQ=1 Nov 9 12:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49221 SEQ=1 Nov 9 12:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54036 SEQ=1 Nov 9 12:30:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=30518 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:30:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.224.218.200 DST=51.210.113.204 LEN=74 TOS=0x00 PREC=0x00 TTL=233 ID=57570 PROTO=UDP SPT=23412 DPT=5353 LEN=54 Nov 9 12:30:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=10657 PROTO=TCP SPT=50286 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14170 PROTO=TCP SPT=41811 DPT=2637 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=10658 PROTO=TCP SPT=50286 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:10 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:30:10 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:30:10 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:30:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=3626 PROTO=TCP SPT=38592 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=10659 PROTO=TCP SPT=50286 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=3627 PROTO=TCP SPT=38592 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:12 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=3628 PROTO=TCP SPT=38592 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=3630 PROTO=TCP SPT=38592 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:15 server83 aibolit_wrapper[3613]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626716157466752.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626716157468194.txt --log=/tmp/malware_cleaner_log_17626716157469882.txt --progress=/tmp/malware_cleaner_progress_17626716157469398.json --csv_result=/tmp/revisium_csvfile_17626716157469606.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:30:16 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 12:30:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:16 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1423 SEQ=1 Nov 9 12:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48468 SEQ=1 Nov 9 12:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21965 SEQ=1 Nov 9 12:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48468 SEQ=1 Nov 9 12:30:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=62929 PROTO=TCP SPT=38439 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3889 PROTO=TCP SPT=62899 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=107.23.97.23 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=15245 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:30:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3891 PROTO=TCP SPT=62899 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61581 SEQ=1 Nov 9 12:30:23 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:23 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:30:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3892 PROTO=TCP SPT=62899 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21932 SEQ=1 Nov 9 12:30:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:26 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44088 SEQ=1 Nov 9 12:30:35 server83 aibolit_wrapper[5980]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626716350685856.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626716350687566.txt --log=/tmp/malware_cleaner_log_17626716350689180.txt --progress=/tmp/malware_cleaner_progress_17626716350688768.json --csv_result=/tmp/revisium_csvfile_17626716350688946.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:30:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61201 SEQ=1 Nov 9 12:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31505 SEQ=1 Nov 9 12:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44088 SEQ=1 Nov 9 12:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48619 SEQ=1 Nov 9 12:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52982 SEQ=1 Nov 9 12:30:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57492 DF PROTO=TCP SPT=64990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:30:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57493 DF PROTO=TCP SPT=64990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:30:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:30:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:30:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53507 PROTO=TCP SPT=40453 DPT=6338 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:30:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9371 PROTO=TCP SPT=41450 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.153 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56138 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:30:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57494 DF PROTO=TCP SPT=64990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:30:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46392 PROTO=TCP SPT=54411 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23680 SEQ=1 Nov 9 12:30:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23680 SEQ=1 Nov 9 12:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14710 SEQ=1 Nov 9 12:30:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16641 SEQ=1 Nov 9 12:30:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46394 PROTO=TCP SPT=54411 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16641 SEQ=1 Nov 9 12:30:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=46396 PROTO=TCP SPT=54411 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39098 SEQ=1 Nov 9 12:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20105 SEQ=1 Nov 9 12:30:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42568 PROTO=TCP SPT=41811 DPT=2619 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:30:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41300 PROTO=TCP SPT=37481 DPT=6052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:31:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57496 DF PROTO=TCP SPT=64990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:31:01 server83 systemd: Started Session 311868 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311866 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311865 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311867 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311870 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311869 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311871 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311872 of user root. Nov 9 12:31:01 server83 systemd: Started Session 311873 of user root. Nov 9 12:31:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:31:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21555 SEQ=1 Nov 9 12:31:04 server83 aibolit_wrapper[9401]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626716643661960.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626716643663868.txt --log=/tmp/malware_cleaner_log_17626716643666002.txt --progress=/tmp/malware_cleaner_progress_17626716643665472.json --csv_result=/tmp/revisium_csvfile_17626716643665688.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5282 SEQ=1 Nov 9 12:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=31377 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:31:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=59088 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:31:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=51137 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:31:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=42075 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:31:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:31:11 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:31:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:31:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14857 SEQ=1 Nov 9 12:31:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48311 SEQ=1 Nov 9 12:31:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14922 SEQ=1 Nov 9 12:31:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.117.57.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59366 DPT=19000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:31:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=117.199.77.239 DST=145.239.177.179 LEN=55 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=1900 DPT=8081 LEN=35 Nov 9 12:31:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26895 SEQ=1 Nov 9 12:31:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5242 SEQ=1 Nov 9 12:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6254 SEQ=1 Nov 9 12:31:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1007 PROTO=TCP SPT=37144 DPT=8753 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:31:22 server83 aibolit_wrapper[11646]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626716820762622.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626716820763970.txt --log=/tmp/malware_cleaner_log_17626716820765120.txt --progress=/tmp/malware_cleaner_progress_17626716820764796.json --csv_result=/tmp/revisium_csvfile_17626716820764942.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:31:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55713 PROTO=TCP SPT=51681 DPT=2740 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=100.26.230.58 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=27599 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:31:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.30 DST=145.239.177.179 LEN=121 TOS=0x00 PREC=0x00 TTL=48 ID=8539 PROTO=UDP SPT=57727 DPT=6881 LEN=101 Nov 9 12:31:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57427 SEQ=1 Nov 9 12:31:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28264 PROTO=TCP SPT=51461 DPT=8530 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2003 PROTO=TCP SPT=46360 DPT=43000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:31:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50136 SEQ=1 Nov 9 12:31:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54812 SEQ=1 Nov 9 12:31:33 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 12:31:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:31:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.39 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=1479 PROTO=TCP SPT=10649 DPT=17636 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:31:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19583 SEQ=1 Nov 9 12:31:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36250 SEQ=1 Nov 9 12:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19583 SEQ=1 Nov 9 12:31:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=53453 PROTO=TCP SPT=50883 DPT=7749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53749 SEQ=1 Nov 9 12:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42371 SEQ=1 Nov 9 12:31:41 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.155.75.243 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=32191 SEQ=61609 Nov 9 12:31:43 server83 aibolit_wrapper[14316]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626717035446368.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626717035447826.txt --log=/tmp/malware_cleaner_log_17626717035449222.txt --progress=/tmp/malware_cleaner_progress_17626717035448852.json --csv_result=/tmp/revisium_csvfile_17626717035449008.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:31:43 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.29 DST=145.239.177.179 LEN=58 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=53538 DPT=51 LEN=38 Nov 9 12:31:44 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.58 DST=51.210.113.204 LEN=42 TOS=0x00 PREC=0x00 TTL=46 ID=51636 DF PROTO=UDP SPT=2735 DPT=69 LEN=22 Nov 9 12:31:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9735 PROTO=TCP SPT=41811 DPT=2428 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:31:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.locked: ProactiveModel.Host should not be empty Nov 9 12:31:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:31:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:31:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43028 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27340 SEQ=1 Nov 9 12:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=163 SEQ=1 Nov 9 12:31:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54097 PROTO=TCP SPT=45727 DPT=30727 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27340 SEQ=1 Nov 9 12:31:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39684 SEQ=1 Nov 9 12:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50941 SEQ=1 Nov 9 12:31:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39684 SEQ=1 Nov 9 12:31:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.84 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=52797 PROTO=TCP SPT=53338 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:31:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:32:01 server83 systemd: Started Session 311875 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311874 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311876 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311877 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311878 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311879 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311880 of user root. Nov 9 12:32:01 server83 systemd: Started Session 311882 of user root. Nov 9 12:32:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:32:01 server83 systemd: Started Session 311883 of user accentri. Nov 9 12:32:01 server83 systemd: Started Session 311881 of user accentri. Nov 9 12:32:01 server83 systemd: Started Session 311884 of user root. Nov 9 12:32:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14544 SEQ=1 Nov 9 12:32:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.102.88.126 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=35832 DPT=8006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26356 SEQ=1 Nov 9 12:32:06 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 12:32:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20065 SEQ=1 Nov 9 12:32:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40974 SEQ=1 Nov 9 12:32:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3616 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:32:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38188 SEQ=1 Nov 9 12:32:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=52058 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:32:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.139.87 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52735 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.87 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=65185 DF PROTO=TCP SPT=19435 DPT=3690 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:32:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.242 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=35 ID=28546 PROTO=UDP SPT=20266 DPT=24298 LEN=22 Nov 9 12:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36685 SEQ=1 Nov 9 12:32:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.239.44.125 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=35449 SEQ=0 Nov 9 12:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.74.208.9 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=41752 PROTO=TCP SPT=53997 DPT=1270 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62569 SEQ=1 Nov 9 12:32:15 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.196.153.110 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=30493 DF PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=12304 Nov 9 12:32:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32793 SEQ=1 Nov 9 12:32:16 server83 aibolit_wrapper[18528]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626717368058588.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626717368059752.txt --log=/tmp/malware_cleaner_log_17626717368060842.txt --progress=/tmp/malware_cleaner_progress_17626717368060518.json --csv_result=/tmp/revisium_csvfile_17626717368060670.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:32:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52127 SEQ=1 Nov 9 12:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36484 SEQ=1 Nov 9 12:32:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.216 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=112 ID=49961 DF PROTO=ICMP TYPE=8 CODE=0 ID=35838 SEQ=60952 Nov 9 12:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20413 SEQ=1 Nov 9 12:32:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42717 SEQ=1 Nov 9 12:32:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.177 DST=145.239.177.179 LEN=53 TOS=0x08 PREC=0x40 TTL=31 ID=49633 PROTO=UDP SPT=47125 DPT=27105 LEN=33 Nov 9 12:32:37 server83 aibolit_wrapper[20893]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626717572181458.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626717572183204.txt --log=/tmp/malware_cleaner_log_17626717572184648.txt --progress=/tmp/malware_cleaner_progress_17626717572184246.json --csv_result=/tmp/revisium_csvfile_17626717572184410.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15770 SEQ=1 Nov 9 12:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41512 SEQ=1 Nov 9 12:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51330 SEQ=1 Nov 9 12:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9051 SEQ=1 Nov 9 12:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=77.90.185.234 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17160 PROTO=TCP SPT=59444 DPT=24522 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:32:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.67 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55416 DPT=9817 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3615 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:32:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64336 PROTO=TCP SPT=38317 DPT=5439 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=42688 PROTO=TCP SPT=50336 DPT=7103 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:32:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:32:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rfind: ProactiveModel.Host should not be empty Nov 9 12:32:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.requests: ProactiveModel.Host should not be empty Nov 9 12:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:32:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:32:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64360 SEQ=1 Nov 9 12:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=109 ID=12624 DF PROTO=ICMP TYPE=8 CODE=0 ID=43449 SEQ=26733 Nov 9 12:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18058 SEQ=1 Nov 9 12:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58763 SEQ=1 Nov 9 12:32:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55890 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50668 SEQ=1 Nov 9 12:32:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58111 SEQ=1 Nov 9 12:32:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58763 SEQ=1 Nov 9 12:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16446 PROTO=TCP SPT=43630 DPT=8245 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.182 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=31595 PROTO=TCP SPT=43406 DPT=8082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4380] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4386] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4387] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4391] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4402] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4405] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:32:59 server83 NetworkManager[922]: <info> [1762671779.4419] dhcp4 (eth1): dhclient started with pid 23609 Nov 9 12:32:59 server83 dhclient[23609]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x4b9b43ab) Nov 9 12:32:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.143.152.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40015 DPT=8089 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:33:01 server83 systemd: Started Session 311885 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311886 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311887 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311889 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311888 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311890 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311891 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311892 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311893 of user root. Nov 9 12:33:01 server83 systemd: Started Session 311894 of user root. Nov 9 12:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33722 SEQ=1 Nov 9 12:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40933 SEQ=1 Nov 9 12:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.66.50 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=14825 PROTO=TCP SPT=51470 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:33:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48708 SEQ=1 Nov 9 12:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40933 SEQ=1 Nov 9 12:33:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.100 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=48 ID=51036 PROTO=UDP SPT=43015 DPT=19 LEN=9 Nov 9 12:33:07 server83 dhclient[23609]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x4b9b43ab) Nov 9 12:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x04 PREC=0x00 TTL=223 ID=50731 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=45590 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45936 SEQ=1 Nov 9 12:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=63272 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.25 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=20251 DF PROTO=ICMP TYPE=8 CODE=0 ID=30587 SEQ=36127 Nov 9 12:33:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:33:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:33:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.82.47.9 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37007 DPT=87 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:33:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.104 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=108 ID=62197 DF PROTO=ICMP TYPE=8 CODE=0 ID=18628 SEQ=29609 Nov 9 12:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.74.63.114 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=42908 DF PROTO=TCP SPT=43932 DPT=12538 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:33:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46769 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:20 server83 dhclient[23609]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4b9b43ab) Nov 9 12:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24281 SEQ=1 Nov 9 12:33:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54839 DPT=9941 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17073 SEQ=1 Nov 9 12:33:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44743 SEQ=1 Nov 9 12:33:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24017 SEQ=1 Nov 9 12:33:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=9275 PROTO=TCP SPT=50784 DPT=7627 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17073 SEQ=1 Nov 9 12:33:26 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.227.45.91 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=51359 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=20145 Nov 9 12:33:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49463 DPT=9517 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3614 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:33:30 server83 aibolit_wrapper[28064]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626718109093410.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626718109094608.txt --log=/tmp/malware_cleaner_log_17626718109095814.txt --progress=/tmp/malware_cleaner_progress_17626718109095438.json --csv_result=/tmp/revisium_csvfile_17626718109095590.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:33:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55097 SEQ=1 Nov 9 12:33:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2809 SEQ=1 Nov 9 12:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40847 SEQ=1 Nov 9 12:33:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43498 SEQ=1 Nov 9 12:33:35 server83 dhclient[23609]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x4b9b43ab) Nov 9 12:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15971 SEQ=1 Nov 9 12:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2809 SEQ=1 Nov 9 12:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2436 SEQ=1 Nov 9 12:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29398 SEQ=1 Nov 9 12:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43498 SEQ=1 Nov 9 12:33:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27437 PROTO=TCP SPT=51681 DPT=1128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:33:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.29.23.140 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=64555 PROTO=TCP SPT=49306 DPT=9160 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:41 server83 scripts.sh: Sun Nov 9 12:33:41 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 12:33:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:33:44 server83 aibolit_wrapper[29877]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626718241210356.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626718241212702.txt --log=/tmp/malware_cleaner_log_17626718241215112.txt --progress=/tmp/malware_cleaner_progress_17626718241214526.json --csv_result=/tmp/revisium_csvfile_17626718241214780.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:33:44 server83 NetworkManager[922]: <warn> [1762671824.4503] dhcp4 (eth1): request timed out Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23609 Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:33:44 server83 NetworkManager[922]: <warn> [1762671824.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4619] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4622] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4623] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4625] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4635] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4636] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:33:44 server83 NetworkManager[922]: <info> [1762671824.4647] dhcp4 (eth1): dhclient started with pid 29947 Nov 9 12:33:44 server83 dhclient[29947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x15521547) Nov 9 12:33:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.reset: ProactiveModel.Host should not be empty Nov 9 12:33:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.class: ProactiveModel.Host should not be empty Nov 9 12:33:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:33:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57014 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=116.204.67.180 DST=51.210.113.204 LEN=54 TOS=0x00 PREC=0x00 TTL=40 ID=53380 DF PROTO=ICMP TYPE=8 CODE=0 ID=56688 SEQ=41522 Nov 9 12:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=180 SEQ=1 Nov 9 12:33:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31765 SEQ=1 Nov 9 12:33:50 server83 dhclient[29947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x15521547) Nov 9 12:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57583 SEQ=1 Nov 9 12:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57583 SEQ=1 Nov 9 12:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42845 SEQ=1 Nov 9 12:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54022 SEQ=1 Nov 9 12:33:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52714 DPT=9748 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:34:01 server83 systemd: Started Session 311895 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311898 of user root. Nov 9 12:34:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:34:01 server83 systemd: Started Session 311897 of user accentri. Nov 9 12:34:01 server83 systemd: Started Session 311896 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311900 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311899 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311902 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311903 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311901 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311904 of user root. Nov 9 12:34:01 server83 systemd: Started Session 311905 of user accentri. Nov 9 12:34:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:34:03 server83 dhclient[29947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x15521547) Nov 9 12:34:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45641 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=100.27.25.120 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=32441 DF PROTO=ICMP TYPE=8 CODE=0 ID=6 SEQ=12421 Nov 9 12:34:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25362 SEQ=1 Nov 9 12:34:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=97.107.141.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39693 DPT=8009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40054 SEQ=1 Nov 9 12:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=11160 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=47652 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.18.188 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=2101 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59983 SEQ=1 Nov 9 12:34:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36453 PROTO=TCP SPT=41811 DPT=2787 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:34:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=25002 DF PROTO=ICMP TYPE=8 CODE=0 ID=14816 SEQ=65060 Nov 9 12:34:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48397 PROTO=TCP SPT=45727 DPT=30173 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:34:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.157 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=20269 PROTO=TCP SPT=58944 DPT=18100 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:34:18 server83 dhclient[29947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x15521547) Nov 9 12:34:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16977 SEQ=1 Nov 9 12:34:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35510 PROTO=TCP SPT=42111 DPT=2678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=1346 DF PROTO=ICMP TYPE=8 CODE=0 ID=41484 SEQ=2229 Nov 9 12:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41275 SEQ=1 Nov 9 12:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6191 SEQ=1 Nov 9 12:34:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57513 SEQ=1 Nov 9 12:34:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.216 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=112 ID=50564 DF PROTO=ICMP TYPE=8 CODE=0 ID=27039 SEQ=38217 Nov 9 12:34:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.168.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=9460 PROTO=TCP SPT=61012 DPT=3000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:34:27 server83 aibolit_wrapper[2856]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626718675576982.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626718675577996.txt --log=/tmp/malware_cleaner_log_17626718675579052.txt --progress=/tmp/malware_cleaner_progress_17626718675578758.json --csv_result=/tmp/revisium_csvfile_17626718675578880.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:34:29 server83 NetworkManager[922]: <warn> [1762671869.4400] dhcp4 (eth1): request timed out Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4401] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4721] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29947 Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4721] dhcp4 (eth1): state changed timeout -> done Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4724] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:34:29 server83 NetworkManager[922]: <warn> [1762671869.4731] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4734] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4765] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4769] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4769] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4773] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4782] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4785] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:34:29 server83 NetworkManager[922]: <info> [1762671869.4794] dhcp4 (eth1): dhclient started with pid 3061 Nov 9 12:34:29 server83 dhclient[3061]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x20d38932) Nov 9 12:34:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62090 SEQ=1 Nov 9 12:34:33 server83 dhclient[3061]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x20d38932) Nov 9 12:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43771 SEQ=1 Nov 9 12:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63842 SEQ=1 Nov 9 12:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16630 SEQ=1 Nov 9 12:34:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1671 SEQ=1 Nov 9 12:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.198.141.178 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=12732 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=20145 Nov 9 12:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59087 SEQ=1 Nov 9 12:34:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.250.142.134 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=35514 DF PROTO=TCP SPT=36538 DPT=5001 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60034 SEQ=1 Nov 9 12:34:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59111 PROTO=TCP SPT=61386 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:34:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59112 PROTO=TCP SPT=61386 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:34:40 server83 aibolit_wrapper[4694]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626718808524968.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626718808526310.txt --log=/tmp/malware_cleaner_log_17626718808527504.txt --progress=/tmp/malware_cleaner_progress_17626718808527184.json --csv_result=/tmp/revisium_csvfile_17626718808527322.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:34:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.172.37 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=6521 DF PROTO=TCP SPT=40711 DPT=32751 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:34:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=36965 PROTO=TCP SPT=62888 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:34:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59113 PROTO=TCP SPT=61386 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:34:41 server83 dhclient[3061]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x20d38932) Nov 9 12:34:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=36966 PROTO=TCP SPT=62888 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:34:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=36968 PROTO=TCP SPT=62888 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:34:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=57009 DPT=46727 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:34:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.internal: ProactiveModel.Host should not be empty Nov 9 12:34:46 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:34:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2551 SEQ=1 Nov 9 12:34:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:34:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63478 SEQ=1 Nov 9 12:34:48 server83 aibolit_wrapper[6030]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626718884940352.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626718884942520.txt --progress=/tmp/malware_cleaner_progress_17626718884942260.json --csv_result=/tmp/revisium_csvfile_17626718884942376.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3784 SEQ=1 Nov 9 12:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13627 SEQ=1 Nov 9 12:34:54 server83 dhclient[3061]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x20d38932) Nov 9 12:34:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.246 DST=145.239.177.179 LEN=130 TOS=0x00 PREC=0x00 TTL=35 ID=34454 PROTO=UDP SPT=57665 DPT=4365 LEN=110 Nov 9 12:35:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57497 DF PROTO=TCP SPT=53149 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57498 DF PROTO=TCP SPT=53149 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:35:02 server83 systemd: Started Session 311906 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311909 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311908 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311907 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311911 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311913 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311912 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311914 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311915 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311917 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311916 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311910 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311918 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311919 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311920 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311921 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311922 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311923 of user root. Nov 9 12:35:02 server83 systemd: Started Session 311924 of user root. Nov 9 12:35:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.100 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8276 PROTO=TCP SPT=4084 DPT=39277 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:35:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2025 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:35:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57499 DF PROTO=TCP SPT=53149 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37648 SEQ=1 Nov 9 12:35:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=247 SEQ=1 Nov 9 12:35:06 server83 dhclient[3061]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x20d38932) Nov 9 12:35:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=49491 DF PROTO=ICMP TYPE=8 CODE=0 ID=11765 SEQ=37925 Nov 9 12:35:07 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:35:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:35:07 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:35:07 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:35:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57500 DF PROTO=TCP SPT=53149 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x04 PREC=0x00 TTL=223 ID=62490 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25942 SEQ=1 Nov 9 12:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.40.18 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46981 DPT=8009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=26553 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21488 SEQ=1 Nov 9 12:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37648 SEQ=1 Nov 9 12:35:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16489 PROTO=TCP SPT=42111 DPT=2789 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:35:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.37 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=6405 PROTO=TCP SPT=6833 DPT=12958 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:35:14 server83 NetworkManager[922]: <warn> [1762671914.4433] dhcp4 (eth1): request timed out Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4433] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3061 Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:35:14 server83 NetworkManager[922]: <warn> [1762671914.4599] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4601] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4633] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4637] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4638] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4641] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4651] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4653] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:35:14 server83 NetworkManager[922]: <info> [1762671914.4664] dhcp4 (eth1): dhclient started with pid 10117 Nov 9 12:35:14 server83 dhclient[10117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x716e3c42) Nov 9 12:35:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57501 DF PROTO=TCP SPT=53509 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57502 DF PROTO=TCP SPT=53509 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57503 DF PROTO=TCP SPT=53149 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57504 DF PROTO=TCP SPT=53509 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31163 PROTO=TCP SPT=49956 DPT=27623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:35:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=562 SEQ=1 Nov 9 12:35:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23637 SEQ=1 Nov 9 12:35:20 server83 dhclient[10117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x716e3c42) Nov 9 12:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15783 SEQ=1 Nov 9 12:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61306 SEQ=1 Nov 9 12:35:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57505 DF PROTO=TCP SPT=53509 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49491 SEQ=1 Nov 9 12:35:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28214 SEQ=1 Nov 9 12:35:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41437 SEQ=1 Nov 9 12:35:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37041 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:35:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=134.209.95.119 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=1871 PROTO=TCP SPT=61003 DPT=14000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:35:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57506 DF PROTO=TCP SPT=53509 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:35:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:35:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=21720 PROTO=TCP SPT=56753 DPT=8102 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:35:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60172 SEQ=1 Nov 9 12:35:36 server83 aibolit_wrapper[12695]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626719359943120.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626719359943996.txt --log=/tmp/malware_cleaner_log_17626719359944868.txt --progress=/tmp/malware_cleaner_progress_17626719359944656.json --csv_result=/tmp/revisium_csvfile_17626719359944744.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44184 SEQ=1 Nov 9 12:35:36 server83 dhclient[10117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x716e3c42) Nov 9 12:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63961 SEQ=1 Nov 9 12:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=59408 DF PROTO=ICMP TYPE=8 CODE=0 ID=18023 SEQ=11268 Nov 9 12:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65040 SEQ=1 Nov 9 12:35:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37254 PROTO=TCP SPT=51006 DPT=5635 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:35:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=39197 PROTO=TCP SPT=42422 DPT=8009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:35:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62095 SEQ=1 Nov 9 12:35:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.233.29 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=103 ID=28223 PROTO=TCP SPT=50745 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51846 PROTO=TCP SPT=63349 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.233.29 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=103 ID=28224 PROTO=TCP SPT=50745 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.28 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=51847 PROTO=TCP SPT=63349 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.95.18 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13090 PROTO=TCP SPT=52985 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.233.29 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=103 ID=28225 PROTO=TCP SPT=50745 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.95.18 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13092 PROTO=TCP SPT=52985 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:35:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:35:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:35:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.95.18 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=13094 PROTO=TCP SPT=52985 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:35:48 server83 aibolit_wrapper[14299]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626719484191466.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626719484193466.txt --log=/tmp/malware_cleaner_log_17626719484195138.txt --progress=/tmp/malware_cleaner_progress_17626719484194760.json --csv_result=/tmp/revisium_csvfile_17626719484194930.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:35:49 server83 systemd: Started Session c2880 of user root. Nov 9 12:35:49 server83 scripts.sh: Load Average: 3.99 , 3.68 Nov 9 12:35:49 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 12:35:49 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 12:35:49 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 12:35:49 server83 scripts.sh: HTTPD Status: inactive Nov 9 12:35:49 server83 scripts.sh: MySQL Status: active Nov 9 12:35:49 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 12:35:49 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 12:35:49 server83 scripts.sh: SSHD Status: active Nov 9 12:35:49 server83 scripts.sh: FTP Status: active Nov 9 12:35:49 server83 scripts.sh: LiteSpeed Status: Active Nov 9 12:35:49 server83 scripts.sh: Imunify Status: Active Nov 9 12:35:49 server83 scripts.sh: cPanel Status: active Nov 9 12:35:49 server83 scripts.sh: Memory Status: 12/31 GB - 39.75% Nov 9 12:35:49 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 12:35:49 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 12:35:49 server83 scripts.sh: Local Version: 4.4.5 Nov 9 12:35:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.140 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=14156 PROTO=TCP SPT=27712 DPT=37215 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:35:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11788 SEQ=1 Nov 9 12:35:51 server83 dhclient[10117]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x716e3c42) Nov 9 12:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33735 SEQ=1 Nov 9 12:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=375 SEQ=1 Nov 9 12:35:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=879 PROTO=TCP SPT=51775 DPT=14993 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:35:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44598 SEQ=1 Nov 9 12:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5560 SEQ=1 Nov 9 12:35:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5560 SEQ=1 Nov 9 12:35:59 server83 NetworkManager[922]: <warn> [1762671959.4473] dhcp4 (eth1): request timed out Nov 9 12:35:59 server83 NetworkManager[922]: <info> [1762671959.4473] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:35:59 server83 NetworkManager[922]: <info> [1762671959.4794] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10117 Nov 9 12:35:59 server83 NetworkManager[922]: <info> [1762671959.4794] dhcp4 (eth1): state changed timeout -> done Nov 9 12:35:59 server83 NetworkManager[922]: <info> [1762671959.4796] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:35:59 server83 NetworkManager[922]: <warn> [1762671959.4803] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:35:59 server83 NetworkManager[922]: <info> [1762671959.4806] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:36:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.120 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5111 DF PROTO=TCP SPT=40159 DPT=4691 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:36:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.139.88 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54518 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:01 server83 systemd: Started Session 311925 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311927 of user root. Nov 9 12:36:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:36:01 server83 systemd: Started Session 311929 of user accentri. Nov 9 12:36:01 server83 systemd: Started Session 311928 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311926 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311930 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311933 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311931 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311932 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311934 of user root. Nov 9 12:36:01 server83 systemd: Started Session 311935 of user accentri. Nov 9 12:36:01 server83 systemd: Started Session 311936 of user root. Nov 9 12:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:36:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:36:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:36:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50772 SEQ=1 Nov 9 12:36:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26587 SEQ=1 Nov 9 12:36:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3621 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:36:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33826 SEQ=1 Nov 9 12:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26587 SEQ=1 Nov 9 12:36:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7260 SEQ=1 Nov 9 12:36:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3622 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19779 SEQ=1 Nov 9 12:36:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31950 PROTO=TCP SPT=45727 DPT=33663 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.75.242 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=2230 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33952 SEQ=1 Nov 9 12:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x04 PREC=0x00 TTL=223 ID=4821 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=37948 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:36:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40959 SEQ=1 Nov 9 12:36:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32717 PROTO=TCP SPT=56627 DPT=5346 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.218.206.87 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59965 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40461 PROTO=TCP SPT=32973 DPT=7278 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:36:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=42352 PROTO=TCP SPT=48083 DPT=5353 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:36:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.40.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=26705 PROTO=TCP SPT=64191 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.40.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=26706 PROTO=TCP SPT=64191 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29594 PROTO=TCP SPT=38791 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.40.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=26707 PROTO=TCP SPT=64191 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55743 SEQ=1 Nov 9 12:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3036 SEQ=1 Nov 9 12:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52893 SEQ=1 Nov 9 12:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29595 PROTO=TCP SPT=38791 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.217.40.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=26708 PROTO=TCP SPT=64191 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47643 SEQ=1 Nov 9 12:36:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3036 SEQ=1 Nov 9 12:36:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29597 PROTO=TCP SPT=38791 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:36:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28602 SEQ=1 Nov 9 12:36:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.90.203.29 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=60761 DF PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=12304 Nov 9 12:36:29 server83 aibolit_wrapper[19803]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626719896169648.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626719896170726.txt --log=/tmp/malware_cleaner_log_17626719896171504.txt --progress=/tmp/malware_cleaner_progress_17626719896171278.json --csv_result=/tmp/revisium_csvfile_17626719896171368.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:36:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15610 PROTO=TCP SPT=49037 DPT=28981 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26553 SEQ=1 Nov 9 12:36:34 server83 aibolit_wrapper[20348]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626719948612342.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626719948613344.txt --log=/tmp/malware_cleaner_log_17626719948614368.txt --progress=/tmp/malware_cleaner_progress_17626719948614146.json --csv_result=/tmp/revisium_csvfile_17626719948614252.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:36:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31511 SEQ=1 Nov 9 12:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8057 SEQ=1 Nov 9 12:36:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18694 SEQ=1 Nov 9 12:36:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54331 SEQ=1 Nov 9 12:36:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57507 DF PROTO=TCP SPT=55365 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:36:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57508 DF PROTO=TCP SPT=55365 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:36:41 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:36:41 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 12:36:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57509 DF PROTO=TCP SPT=55365 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:36:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57510 DF PROTO=TCP SPT=55365 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:36:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:36:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:36:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:36:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61293 PROTO=TCP SPT=51775 DPT=43927 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32679 SEQ=1 Nov 9 12:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52261 SEQ=1 Nov 9 12:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22444 SEQ=1 Nov 9 12:36:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58320 SEQ=1 Nov 9 12:36:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=44626 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32679 SEQ=1 Nov 9 12:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32839 SEQ=1 Nov 9 12:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=222 SEQ=1 Nov 9 12:36:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57511 DF PROTO=TCP SPT=55365 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:36:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1513 PROTO=TCP SPT=51667 DPT=6306 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51129 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56055 PROTO=TCP SPT=43263 DPT=4748 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:36:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.92 DST=51.210.113.204 LEN=51 TOS=0x00 PREC=0x00 TTL=46 ID=32092 DF PROTO=UDP SPT=42534 DPT=7 LEN=31 Nov 9 12:37:01 server83 systemd: Started Session 311937 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311939 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311940 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311938 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311941 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311943 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311944 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311945 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311942 of user root. Nov 9 12:37:01 server83 systemd: Started Session 311946 of user root. Nov 9 12:37:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40930 SEQ=1 Nov 9 12:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5761 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26783 SEQ=1 Nov 9 12:37:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=14865 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:37:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.22.43 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=52537 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5762 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22013 SEQ=1 Nov 9 12:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26783 SEQ=1 Nov 9 12:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5763 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:37:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5764 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=31430 PROTO=TCP SPT=9422 DPT=29238 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:37:16 server83 aibolit_wrapper[25284]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626720360841382.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626720360843130.txt --log=/tmp/malware_cleaner_log_17626720360844748.txt --progress=/tmp/malware_cleaner_progress_17626720360844352.json --csv_result=/tmp/revisium_csvfile_17626720360844500.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:37:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.203.24.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=62849 PROTO=TCP SPT=61008 DPT=8808 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:37:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50788 PROTO=TCP SPT=50395 DPT=26139 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5253 SEQ=1 Nov 9 12:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3241 SEQ=1 Nov 9 12:37:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.214.88.107 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=4842 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:37:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5765 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27261 SEQ=1 Nov 9 12:37:24 server83 aibolit_wrapper[26316]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626720442701674.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626720442703202.txt --log=/tmp/malware_cleaner_log_17626720442704710.txt --progress=/tmp/malware_cleaner_progress_17626720442704298.json --csv_result=/tmp/revisium_csvfile_17626720442704506.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:37:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.210 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50989 DPT=19847 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:37:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4500 SEQ=1 Nov 9 12:37:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62716 SEQ=1 Nov 9 12:37:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36712 PROTO=TCP SPT=48640 DPT=5604 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:37:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37414 PROTO=TCP SPT=53917 DPT=9570 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:37:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59385 SEQ=1 Nov 9 12:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2811 SEQ=1 Nov 9 12:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26703 SEQ=1 Nov 9 12:37:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47894 PROTO=TCP SPT=37911 DPT=6957 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:37:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57512 DF PROTO=TCP SPT=56630 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26703 SEQ=1 Nov 9 12:37:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57513 DF PROTO=TCP SPT=56630 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:37:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.225.99 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=4549 DF PROTO=TCP SPT=40269 DPT=2746 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:37:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57514 DF PROTO=TCP SPT=56630 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:37:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3620 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:37:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=35716 PROTO=TCP SPT=49037 DPT=39287 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5766 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57806 SEQ=1 Nov 9 12:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2811 SEQ=1 Nov 9 12:37:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:37:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37338 SEQ=1 Nov 9 12:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13185 SEQ=1 Nov 9 12:37:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57515 DF PROTO=TCP SPT=56630 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38018 DF PROTO=TCP SPT=52800 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38020 DF PROTO=TCP SPT=52800 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25098 PROTO=TCP SPT=51647 DPT=6967 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:37:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59329 PROTO=TCP SPT=49956 DPT=29195 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:37:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:37:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38021 DF PROTO=TCP SPT=52800 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20370 PROTO=TCP SPT=55279 DPT=5649 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21956 SEQ=1 Nov 9 12:37:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15313 SEQ=1 Nov 9 12:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21956 SEQ=1 Nov 9 12:37:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2105 SEQ=1 Nov 9 12:37:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45906 SEQ=1 Nov 9 12:37:54 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:37:54 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.178 DST=51.210.113.204 LEN=45 TOS=0x08 PREC=0x40 TTL=31 ID=38514 PROTO=UDP SPT=9466 DPT=47809 LEN=25 Nov 9 12:37:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38022 DF PROTO=TCP SPT=52800 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:37:56 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=3686 DF PROTO=ICMP TYPE=8 CODE=0 ID=17352 SEQ=10221 Nov 9 12:37:56 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:38:01 server83 systemd: Started Session 311947 of user root. Nov 9 12:38:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:38:01 server83 systemd: Started Session 311948 of user accentri. Nov 9 12:38:01 server83 systemd: Started Session 311953 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311949 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311952 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311951 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311950 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311954 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311955 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311956 of user root. Nov 9 12:38:01 server83 systemd: Started Session 311957 of user accentri. Nov 9 12:38:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51990 SEQ=1 Nov 9 12:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1199 SEQ=1 Nov 9 12:38:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.18 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42873 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19640 SEQ=1 Nov 9 12:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.18.113 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49957 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7627 PROTO=TCP SPT=39011 DPT=6352 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58770 SEQ=1 Nov 9 12:38:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3619 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.83.20.164 DST=145.239.177.179 LEN=68 TOS=0x04 PREC=0x00 TTL=223 ID=22130 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:38:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=161.189.81.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=227 ID=5478 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=68.79.51.168 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=21341 DF PROTO=ICMP TYPE=8 CODE=0 ID=26 SEQ=14542 Nov 9 12:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.82.46.124 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=53373 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:38:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1199 SEQ=1 Nov 9 12:38:10 server83 aibolit_wrapper[525]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626720905156580.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626720905158050.txt --log=/tmp/malware_cleaner_log_17626720905159030.txt --progress=/tmp/malware_cleaner_progress_17626720905158804.json --csv_result=/tmp/revisium_csvfile_17626720905158898.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5767 DF PROTO=TCP SPT=49818 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38023 DF PROTO=TCP SPT=52800 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56110 SEQ=1 Nov 9 12:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1554 SEQ=1 Nov 9 12:38:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60085 PROTO=TCP SPT=50395 DPT=34027 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35937 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 12:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 12:38:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35938 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58067 PROTO=TCP SPT=40177 DPT=8948 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8564 SEQ=1 Nov 9 12:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.223.104.85 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=37482 DPT=10002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27090 SEQ=1 Nov 9 12:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25919 SEQ=1 Nov 9 12:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35939 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53912 PROTO=TCP SPT=55696 DPT=7331 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28185 SEQ=1 Nov 9 12:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=130 SEQ=1 Nov 9 12:38:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25919 SEQ=1 Nov 9 12:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10885 PROTO=TCP SPT=45727 DPT=32207 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35940 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.168 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49259 DPT=9475 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:38:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19548 SEQ=1 Nov 9 12:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3115 SEQ=1 Nov 9 12:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3115 SEQ=1 Nov 9 12:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33479 SEQ=1 Nov 9 12:38:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.250.139.9 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=44 ID=37839 DF PROTO=TCP SPT=38863 DPT=12409 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35941 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52815 SEQ=1 Nov 9 12:38:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38024 DF PROTO=TCP SPT=52800 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=38412 PROTO=TCP SPT=51074 DPT=8028 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:38:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:38:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:38:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7156 SEQ=1 Nov 9 12:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11266 SEQ=1 Nov 9 12:38:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6481 SEQ=1 Nov 9 12:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35942 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33866 SEQ=1 Nov 9 12:38:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12010 PROTO=TCP SPT=51775 DPT=40305 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6481 SEQ=1 Nov 9 12:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7156 SEQ=1 Nov 9 12:38:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:38:57 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:38:57 server83 systemd: Stopped Status Update Service. Nov 9 12:38:57 server83 systemd: Started Status Update Service. Nov 9 12:39:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.91 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55839 DPT=48990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:39:01 server83 systemd: Started Session 311959 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311961 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311960 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311958 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311962 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311966 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311967 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311963 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311965 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311964 of user root. Nov 9 12:39:01 server83 systemd: Started Session 311968 of user root. Nov 9 12:39:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63685 SEQ=1 Nov 9 12:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17328 SEQ=1 Nov 9 12:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55659 SEQ=1 Nov 9 12:39:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.155 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57258 DPT=15018 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:39:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8194 PROTO=TCP SPT=51681 DPT=1844 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:39:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.87 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40497 DPT=5985 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:39:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46635 SEQ=1 Nov 9 12:39:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=26611 PROTO=TCP SPT=51074 DPT=8036 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45713 SEQ=1 Nov 9 12:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44879 SEQ=1 Nov 9 12:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17328 SEQ=1 Nov 9 12:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1108 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46635 SEQ=1 Nov 9 12:39:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=68.79.29.233 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=229 ID=10800 DF PROTO=ICMP TYPE=8 CODE=0 ID=28 SEQ=15874 Nov 9 12:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1109 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1110 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.83.240.70 DST=145.239.177.179 LEN=419 TOS=0x00 PREC=0x00 TTL=53 ID=15289 DF PROTO=UDP SPT=5061 DPT=5060 LEN=399 Nov 9 12:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1111 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.34 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63362 PROTO=TCP SPT=37869 DPT=6678 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:39:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.142.147.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57674 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:39:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28975 SEQ=1 Nov 9 12:39:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=107.23.97.23 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=239 ID=25103 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1112 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:22 server83 aibolit_wrapper[8569]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626721628021874.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626721628023532.txt --log=/tmp/malware_cleaner_log_17626721628025062.txt --progress=/tmp/malware_cleaner_progress_17626721628024666.json --csv_result=/tmp/revisium_csvfile_17626721628024842.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:39:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28142 SEQ=1 Nov 9 12:39:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41093 SEQ=1 Nov 9 12:39:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28142 SEQ=1 Nov 9 12:39:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35943 DF PROTO=TCP SPT=56240 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=98.81.100.208 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=1464 DF PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=20669 Nov 9 12:39:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.210.66.80 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=1920 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=20145 Nov 9 12:39:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.89.124.217 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=45974 PROTO=TCP SPT=57878 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:39:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36290 SEQ=1 Nov 9 12:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36356 SEQ=1 Nov 9 12:39:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53755 SEQ=1 Nov 9 12:39:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61913 SEQ=1 Nov 9 12:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1113 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28179 SEQ=1 Nov 9 12:39:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39666 SEQ=1 Nov 9 12:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58295 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58296 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58297 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:39:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35526 SEQ=1 Nov 9 12:39:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46054 SEQ=1 Nov 9 12:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58298 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=129.82.138.31 DST=145.239.177.179 LEN=32 TOS=0x00 PREC=0x00 TTL=44 ID=46925 DF PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=3393 Nov 9 12:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46054 SEQ=1 Nov 9 12:39:48 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.81 DST=51.210.113.204 LEN=41 TOS=0x00 PREC=0x00 TTL=34 ID=22417 PROTO=UDP SPT=22986 DPT=5094 LEN=21 Nov 9 12:39:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14800 SEQ=1 Nov 9 12:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1450 SEQ=1 Nov 9 12:39:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40730 SEQ=1 Nov 9 12:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58299 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:00 server83 aibolit_wrapper[12094]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626722001108796.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626722001111250.txt --log=/tmp/malware_cleaner_log_17626722001114464.txt --progress=/tmp/malware_cleaner_progress_17626722001113406.json --csv_result=/tmp/revisium_csvfile_17626722001113844.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:40:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:40:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 12:40:01 server83 systemd: Started Session 311971 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311972 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311969 of user root. Nov 9 12:40:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:40:01 server83 systemd: Started Session 311974 of user accentri. Nov 9 12:40:01 server83 systemd: Started Session 311970 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311975 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311973 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311976 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311977 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311978 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311979 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311981 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311980 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311982 of user accentri. Nov 9 12:40:01 server83 systemd: Started Session 311983 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311986 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311987 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311985 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311984 of user root. Nov 9 12:40:01 server83 systemd: Started Session 311988 of user root. Nov 9 12:40:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:40:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12130 PROTO=TCP SPT=49956 DPT=29470 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:40:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23882 SEQ=1 Nov 9 12:40:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46611 PROTO=TCP SPT=49956 DPT=26121 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:40:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45562 SEQ=1 Nov 9 12:40:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7220 SEQ=1 Nov 9 12:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7220 SEQ=1 Nov 9 12:40:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45562 SEQ=1 Nov 9 12:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16273 SEQ=1 Nov 9 12:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=13972 DF PROTO=ICMP TYPE=8 CODE=0 ID=45899 SEQ=43099 Nov 9 12:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58307 SEQ=1 Nov 9 12:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5373 SEQ=1 Nov 9 12:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=1114 DF PROTO=TCP SPT=33440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58300 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:40:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:40:12 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:40:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:40:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=22185 PROTO=TCP SPT=49053 DPT=25129 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18477 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59424 SEQ=1 Nov 9 12:40:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38316 SEQ=1 Nov 9 12:40:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18478 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59424 SEQ=1 Nov 9 12:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13332 SEQ=1 Nov 9 12:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12611 SEQ=1 Nov 9 12:40:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18479 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21492 SEQ=1 Nov 9 12:40:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:40:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18480 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34421 PROTO=TCP SPT=33171 DPT=4383 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:40:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:40:33 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.73.23.133 DST=51.210.113.204 LEN=49 TOS=0x00 PREC=0x00 TTL=50 ID=5348 PROTO=UDP SPT=51275 DPT=5684 LEN=29 Nov 9 12:40:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=53760 DPT=5431 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18481 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63667 SEQ=1 Nov 9 12:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=21074 DF PROTO=ICMP TYPE=8 CODE=0 ID=5702 SEQ=47532 Nov 9 12:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42267 SEQ=1 Nov 9 12:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11156 SEQ=1 Nov 9 12:40:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3398 SEQ=1 Nov 9 12:40:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:40:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:40:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58301 DF PROTO=TCP SPT=36030 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:45 server83 aibolit_wrapper[16543]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626722458099656.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626722458101222.txt --log=/tmp/malware_cleaner_log_17626722458102448.txt --progress=/tmp/malware_cleaner_progress_17626722458102116.json --csv_result=/tmp/revisium_csvfile_17626722458102272.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: circuit breaker is open Nov 9 12:40:46 server83 imunify360-php-daemon[734]: connections: {total = 21185, closed_as_old = 0, dropped = 2},#012messages: {total_received = 53127, blamer_received = 53110, blamer_filtered = 1705, aggregated = 1388, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 317, send = 0, send_failed = 329, stored = 12, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 11256, fevents_total = 20217,#012#011#011#011#011 fevents_filtered = {total = 32910, wrong_id = 134446, wrong_function_name = 8664967, match_file_false = 6019380, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 3470, fevents_stored_updated = 675, fevents_send_success = 0, fevents_send_failure = 181 } Nov 9 12:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 28953384 B, totalAlloc = 801540015384 B, sys = 68965640 B, rss = 190230528 B Nov 9 12:40:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:40:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:40:46 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=85.130.136.254 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=50 ID=21456 PROTO=UDP SPT=7652 DPT=49140 LEN=520 Nov 9 12:40:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:40:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29184 SEQ=1 Nov 9 12:40:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32616 SEQ=1 Nov 9 12:40:49 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:40:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15725 PROTO=TCP SPT=50395 DPT=19717 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:40:51 server83 aibolit_wrapper[17127]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626722512070066.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626722512071300.txt --log=/tmp/malware_cleaner_log_17626722512074132.txt --progress=/tmp/malware_cleaner_progress_17626722512072770.json --csv_result=/tmp/revisium_csvfile_17626722512073566.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18482 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39328 SEQ=1 Nov 9 12:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29184 SEQ=1 Nov 9 12:40:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63044 SEQ=1 Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4497] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4501] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4501] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4504] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4513] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4515] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:40:59 server83 NetworkManager[922]: <info> [1762672259.4524] dhcp4 (eth1): dhclient started with pid 17976 Nov 9 12:40:59 server83 dhclient[17976]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x28ffc14b) Nov 9 12:41:01 server83 systemd: Started Session 311989 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311990 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311992 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311991 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311994 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311993 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311995 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311996 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311997 of user root. Nov 9 12:41:01 server83 systemd: Started Session 311998 of user root. Nov 9 12:41:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=168.243.234.43 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=13502 PROTO=TCP SPT=50728 DPT=9091 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:41:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54903 PROTO=TCP SPT=51662 DPT=8645 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62241 SEQ=1 Nov 9 12:41:04 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 12:41:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40588 SEQ=1 Nov 9 12:41:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=45201 DF PROTO=ICMP TYPE=8 CODE=0 ID=4678 SEQ=49402 Nov 9 12:41:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44321 SEQ=1 Nov 9 12:41:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:41:06 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:41:06 server83 dhclient[17976]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x28ffc14b) Nov 9 12:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.92.231.159 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=10811 DF PROTO=ICMP TYPE=8 CODE=0 ID=47305 SEQ=9815 Nov 9 12:41:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29884 SEQ=1 Nov 9 12:41:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43107 SEQ=1 Nov 9 12:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18616 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18617 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.42 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=40330 PROTO=TCP SPT=54722 DPT=3694 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.171.25.224 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=35091 DPT=9002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18618 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:13 server83 dhclient[17976]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x28ffc14b) Nov 9 12:41:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.56 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11776 PROTO=TCP SPT=45049 DPT=3161 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:41:13 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40525 PROTO=TCP SPT=50395 DPT=48324 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:41:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18619 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=39617 DF PROTO=ICMP TYPE=8 CODE=0 ID=62927 SEQ=38325 Nov 9 12:41:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29415 SEQ=1 Nov 9 12:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50757 SEQ=1 Nov 9 12:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34840 SEQ=1 Nov 9 12:41:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34840 SEQ=1 Nov 9 12:41:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42410 SEQ=1 Nov 9 12:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25559 SEQ=1 Nov 9 12:41:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18620 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:41:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=12528 PROTO=TCP SPT=41811 DPT=2695 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:41:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18483 DF PROTO=TCP SPT=60716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:26 server83 dhclient[17976]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x28ffc14b) Nov 9 12:41:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38892 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:41:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.221.137.47 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=32933 DPT=7000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:41:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48848 SEQ=1 Nov 9 12:41:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.237.26.255 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=47134 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:41:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:41:35 server83 dhclient[17976]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x28ffc14b) Nov 9 12:41:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64087 SEQ=1 Nov 9 12:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16487 SEQ=1 Nov 9 12:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31681 SEQ=1 Nov 9 12:41:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39031 SEQ=1 Nov 9 12:41:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31681 SEQ=1 Nov 9 12:41:38 server83 aibolit_wrapper[20813]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626722985899970.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626722985901616.txt --log=/tmp/malware_cleaner_log_17626722985903394.txt --progress=/tmp/malware_cleaner_progress_17626722985902838.json --csv_result=/tmp/revisium_csvfile_17626722985903106.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.230.214.19 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=47730 PROTO=TCP SPT=61002 DPT=8088 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:41:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18621 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:41:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.121.84.50 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35728 DPT=3129 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42073 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42074 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:44 server83 aibolit_wrapper[20956]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626723041577420.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626723041578764.txt --log=/tmp/malware_cleaner_log_17626723041580096.txt --progress=/tmp/malware_cleaner_progress_17626723041579740.json --csv_result=/tmp/revisium_csvfile_17626723041579904.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:41:44 server83 NetworkManager[922]: <warn> [1762672304.4504] dhcp4 (eth1): request timed out Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17976 Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:41:44 server83 NetworkManager[922]: <warn> [1762672304.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4717] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4727] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4730] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:41:44 server83 NetworkManager[922]: <info> [1762672304.4741] dhcp4 (eth1): dhclient started with pid 20975 Nov 9 12:41:44 server83 dhclient[20975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x35a6168f) Nov 9 12:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42075 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.partition: ProactiveModel.Host should not be empty Nov 9 12:41:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:41:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=26166 DF PROTO=TCP SPT=24089 DPT=22222 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:41:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:41:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42076 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39592 SEQ=1 Nov 9 12:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4519 SEQ=1 Nov 9 12:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39592 SEQ=1 Nov 9 12:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57875 SEQ=1 Nov 9 12:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=485 SEQ=1 Nov 9 12:41:52 server83 dhclient[20975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x35a6168f) Nov 9 12:41:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.196 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53955 DPT=45792 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:41:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50326 DPT=28078 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:41:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57517 DF PROTO=TCP SPT=61660 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:41:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57518 DF PROTO=TCP SPT=61660 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:41:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.41 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10843 PROTO=TCP SPT=45865 DPT=5901 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:41:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.73.23.133 DST=145.239.177.179 LEN=49 TOS=0x00 PREC=0x00 TTL=51 ID=30328 PROTO=UDP SPT=38893 DPT=5684 LEN=29 Nov 9 12:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42077 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:42:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:42:01 server83 systemd: Started Session 311999 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312000 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312001 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312003 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312004 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312005 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312006 of user root. Nov 9 12:42:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:42:01 server83 systemd: Started Session 312007 of user accentri. Nov 9 12:42:01 server83 systemd: Started Session 312008 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312002 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312009 of user root. Nov 9 12:42:01 server83 systemd: Started Session 312010 of user accentri. Nov 9 12:42:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:42:02 server83 dhclient[20975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x35a6168f) Nov 9 12:42:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57520 DF PROTO=TCP SPT=61660 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:42:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47310 SEQ=1 Nov 9 12:42:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5413 SEQ=1 Nov 9 12:42:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7040 SEQ=1 Nov 9 12:42:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5413 SEQ=1 Nov 9 12:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7040 SEQ=1 Nov 9 12:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54402 SEQ=1 Nov 9 12:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39061 SEQ=1 Nov 9 12:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1929 SEQ=1 Nov 9 12:42:10 server83 pam_imunify_daemon.bin: time="2025-11-09T12:42:10+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 12:42:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57521 DF PROTO=TCP SPT=61660 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=18622 DF PROTO=TCP SPT=48822 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:14 server83 dhclient[20975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x35a6168f) Nov 9 12:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42078 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48488 SEQ=1 Nov 9 12:42:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7224 SEQ=1 Nov 9 12:42:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3617 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:42:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62664 SEQ=1 Nov 9 12:42:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54971 SEQ=1 Nov 9 12:42:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.98 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54324 DPT=9175 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30551 SEQ=1 Nov 9 12:42:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48488 SEQ=1 Nov 9 12:42:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.168.101.27 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=233 ID=1372 PROTO=TCP SPT=53455 DPT=8005 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:42:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:42:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.45 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=2026 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=52856 PROTO=TCP SPT=40904 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.91 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51660 DPT=1194 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28438 DF PROTO=TCP SPT=60928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=24926 PROTO=TCP SPT=56765 DPT=8319 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:42:24 server83 dhclient[20975]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x35a6168f) Nov 9 12:42:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28440 DF PROTO=TCP SPT=60928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21193 PROTO=TCP SPT=40865 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:42:29 server83 NetworkManager[922]: <warn> [1762672349.4507] dhcp4 (eth1): request timed out Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4507] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4667] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20975 Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4667] dhcp4 (eth1): state changed timeout -> done Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4670] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:42:29 server83 NetworkManager[922]: <warn> [1762672349.4676] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4679] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4712] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4717] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4718] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4723] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4734] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4737] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:42:29 server83 NetworkManager[922]: <info> [1762672349.4750] dhcp4 (eth1): dhclient started with pid 22035 Nov 9 12:42:29 server83 dhclient[22035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x2761f862) Nov 9 12:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:42:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47515 PROTO=TCP SPT=55739 DPT=4732 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:42:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48744 SEQ=1 Nov 9 12:42:34 server83 dhclient[22035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x2761f862) Nov 9 12:42:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8516 SEQ=1 Nov 9 12:42:35 server83 aibolit_wrapper[22239]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626723557524704.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626723557526416.txt --log=/tmp/malware_cleaner_log_17626723557528388.txt --progress=/tmp/malware_cleaner_progress_17626723557527838.json --csv_result=/tmp/revisium_csvfile_17626723557528070.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:42:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31996 SEQ=1 Nov 9 12:42:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47649 SEQ=1 Nov 9 12:42:36 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:42:36 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 12:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.149 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43285 DPT=5443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28442 DF PROTO=TCP SPT=60928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48744 SEQ=1 Nov 9 12:42:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33946 SEQ=1 Nov 9 12:42:44 server83 aibolit_wrapper[22395]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626723641413210.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626723641415000.txt --log=/tmp/malware_cleaner_log_17626723641416618.txt --progress=/tmp/malware_cleaner_progress_17626723641416188.json --csv_result=/tmp/revisium_csvfile_17626723641416368.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:42:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.post: ProactiveModel.Host should not be empty Nov 9 12:42:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:42:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49980 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:42:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:42:47 server83 dhclient[22035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x2761f862) Nov 9 12:42:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42079 DF PROTO=TCP SPT=43546 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54900 SEQ=1 Nov 9 12:42:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3608 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17710 SEQ=1 Nov 9 12:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54900 SEQ=1 Nov 9 12:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9556 SEQ=1 Nov 9 12:42:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46320 SEQ=1 Nov 9 12:42:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.158 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45694 PROTO=TCP SPT=17608 DPT=11300 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=20160 DF PROTO=ICMP TYPE=8 CODE=0 ID=18270 SEQ=7976 Nov 9 12:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28443 DF PROTO=TCP SPT=60928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:43:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:43:01 server83 systemd: Started Session 312012 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312015 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312013 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312011 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312014 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312018 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312017 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312016 of user root. Nov 9 12:43:01 server83 systemd: Started Session 312019 of user root. Nov 9 12:43:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:43:05 server83 dhclient[22035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x2761f862) Nov 9 12:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37127 SEQ=1 Nov 9 12:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37127 SEQ=1 Nov 9 12:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46139 SEQ=1 Nov 9 12:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12697 SEQ=1 Nov 9 12:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40381 SEQ=1 Nov 9 12:43:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.195 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57209 DPT=49149 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46139 SEQ=1 Nov 9 12:43:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.235 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53135 DPT=9811 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.72.206.178 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=28442 PROTO=TCP SPT=44851 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:11 server83 scripts.sh: Sun Nov 9 12:43:11 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 12:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6223 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6224 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.83 DST=51.210.113.204 LEN=92 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=UDP SPT=55868 DPT=17185 LEN=72 Nov 9 12:43:14 server83 NetworkManager[922]: <warn> [1762672394.4503] dhcp4 (eth1): request timed out Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22035 Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:43:14 server83 NetworkManager[922]: <warn> [1762672394.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4716] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4727] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4729] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:43:14 server83 NetworkManager[922]: <info> [1762672394.4745] dhcp4 (eth1): dhclient started with pid 23509 Nov 9 12:43:14 server83 dhclient[23509]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x3a8ee3a2) Nov 9 12:43:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6225 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3616 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6226 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:19 server83 aibolit_wrapper[23730]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626723998012922.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626723998014216.txt --log=/tmp/malware_cleaner_log_17626723998015100.txt --progress=/tmp/malware_cleaner_progress_17626723998014862.json --csv_result=/tmp/revisium_csvfile_17626723998014968.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:43:20 server83 dhclient[23509]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3a8ee3a2) Nov 9 12:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57766 SEQ=1 Nov 9 12:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59306 SEQ=1 Nov 9 12:43:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35810 SEQ=1 Nov 9 12:43:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1519 PROTO=TCP SPT=51681 DPT=1441 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31011 SEQ=1 Nov 9 12:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52162 SEQ=1 Nov 9 12:43:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11411 PROTO=TCP SPT=45727 DPT=34630 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.76.116.231 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=9096 PROTO=TCP SPT=34500 DPT=9160 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.110.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41201 DPT=9480 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6227 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:27 server83 dhclient[23509]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3a8ee3a2) Nov 9 12:43:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28444 DF PROTO=TCP SPT=60928 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.92 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53475 DPT=20205 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19491 PROTO=TCP SPT=49956 DPT=29790 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45762 SEQ=1 Nov 9 12:43:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45762 SEQ=1 Nov 9 12:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22646 SEQ=1 Nov 9 12:43:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.62.193.105 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=50051 PROTO=TCP SPT=55877 DPT=5601 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42675 SEQ=1 Nov 9 12:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57954 SEQ=1 Nov 9 12:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42675 SEQ=1 Nov 9 12:43:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59015 SEQ=1 Nov 9 12:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22646 SEQ=1 Nov 9 12:43:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44193 SEQ=1 Nov 9 12:43:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6193 PROTO=TCP SPT=51461 DPT=8537 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:42 server83 dhclient[23509]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x3a8ee3a2) Nov 9 12:43:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64169 PROTO=TCP SPT=48019 DPT=4398 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6228 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3703 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 12:43:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:43:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3704 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:43:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3705 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3615 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45657 SEQ=1 Nov 9 12:43:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61973 SEQ=1 Nov 9 12:43:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3706 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:43:54 server83 dhclient[23509]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x3a8ee3a2) Nov 9 12:43:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29047 SEQ=1 Nov 9 12:43:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45657 SEQ=1 Nov 9 12:43:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.207.253.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37536 DPT=9480 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.200.116.37 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51713 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:43:59 server83 NetworkManager[922]: <warn> [1762672439.4375] dhcp4 (eth1): request timed out Nov 9 12:43:59 server83 NetworkManager[922]: <info> [1762672439.4376] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:43:59 server83 NetworkManager[922]: <info> [1762672439.4455] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23509 Nov 9 12:43:59 server83 NetworkManager[922]: <info> [1762672439.4455] dhcp4 (eth1): state changed timeout -> done Nov 9 12:43:59 server83 NetworkManager[922]: <info> [1762672439.4457] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:43:59 server83 NetworkManager[922]: <warn> [1762672439.4462] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:43:59 server83 NetworkManager[922]: <info> [1762672439.4464] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:44:01 server83 systemd: Started Session 312020 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312021 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312022 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312023 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312024 of user root. Nov 9 12:44:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:44:01 server83 systemd: Started Session 312025 of user accentri. Nov 9 12:44:01 server83 systemd: Started Session 312026 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312028 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312029 of user root. Nov 9 12:44:01 server83 systemd: Started Session 312027 of user accentri. Nov 9 12:44:01 server83 systemd: Started Session 312030 of user root. Nov 9 12:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:44:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:44:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3707 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.120.253 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4268 DF PROTO=TCP SPT=47266 DPT=2290 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17547 PROTO=TCP SPT=51791 DPT=35243 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:44:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48219 SEQ=1 Nov 9 12:44:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23454 SEQ=1 Nov 9 12:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58065 SEQ=1 Nov 9 12:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23124 SEQ=1 Nov 9 12:44:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11030 PROTO=TCP SPT=49956 DPT=25298 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23124 SEQ=1 Nov 9 12:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27465 SEQ=1 Nov 9 12:44:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20394 SEQ=1 Nov 9 12:44:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44786 PROTO=TCP SPT=38040 DPT=7852 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:44:14 server83 aibolit_wrapper[25123]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626724540297338.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626724540298860.txt --log=/tmp/malware_cleaner_log_17626724540300398.txt --progress=/tmp/malware_cleaner_progress_17626724540299988.json --csv_result=/tmp/revisium_csvfile_17626724540300164.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:44:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43101 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:44:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6229 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3708 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=49689 PROTO=TCP SPT=55652 DPT=8854 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:44:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.216.65.177 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=43596 DF PROTO=TCP SPT=44620 DPT=8433 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49686 DPT=45989 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19088 SEQ=1 Nov 9 12:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25159 SEQ=1 Nov 9 12:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23839 SEQ=1 Nov 9 12:44:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.107.113 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=50025 DPT=2376 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:44:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16807 SEQ=1 Nov 9 12:44:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16807 SEQ=1 Nov 9 12:44:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63422 SEQ=1 Nov 9 12:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10779 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.248 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33659 DF PROTO=TCP SPT=26148 DPT=8570 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:44:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10780 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.143 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=39471 PROTO=TCP SPT=44666 DPT=1024 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:44:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10781 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=44634 PROTO=TCP SPT=55917 DPT=7522 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:44:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10782 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=33795 DF PROTO=ICMP TYPE=8 CODE=0 ID=5110 SEQ=17142 Nov 9 12:44:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44580 SEQ=1 Nov 9 12:44:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29346 SEQ=1 Nov 9 12:44:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58979 SEQ=1 Nov 9 12:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8373 SEQ=1 Nov 9 12:44:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29346 SEQ=1 Nov 9 12:44:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3614 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:44:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49874 DPT=5001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10783 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:42 server83 aibolit_wrapper[25964]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626724822853498.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626724822855390.txt --log=/tmp/malware_cleaner_log_17626724822857378.txt --progress=/tmp/malware_cleaner_progress_17626724822856904.json --csv_result=/tmp/revisium_csvfile_17626724822857118.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:44:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.system: ProactiveModel.Host should not be empty Nov 9 12:44:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.content: ProactiveModel.Host should not be empty Nov 9 12:44:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:44:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57522 DF PROTO=TCP SPT=49654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:44:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:44:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57523 DF PROTO=TCP SPT=49654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=55443 DF PROTO=ICMP TYPE=8 CODE=0 ID=9760 SEQ=22879 Nov 9 12:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40969 SEQ=1 Nov 9 12:44:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57524 DF PROTO=TCP SPT=49654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64354 SEQ=1 Nov 9 12:44:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3709 DF PROTO=TCP SPT=60070 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40969 SEQ=1 Nov 9 12:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26438 SEQ=1 Nov 9 12:44:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57525 DF PROTO=TCP SPT=49654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:44:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60905 PROTO=TCP SPT=33582 DPT=6004 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10784 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29549 PROTO=TCP SPT=51810 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:44:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29550 PROTO=TCP SPT=51810 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:44:59 server83 aibolit_wrapper[26429]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626724991528918.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626724991530810.txt --log=/tmp/malware_cleaner_log_17626724991532604.txt --progress=/tmp/malware_cleaner_progress_17626724991532052.json --csv_result=/tmp/revisium_csvfile_17626724991532328.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:44:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59147 PROTO=TCP SPT=56483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:44:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=29551 PROTO=TCP SPT=51810 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:01 server83 systemd: Started Session 312032 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312033 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312037 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312036 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312035 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312031 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312034 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312038 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312039 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312041 of user root. Nov 9 12:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:45:01 server83 systemd: Started Session 312040 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312042 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312043 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312044 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312046 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312047 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312048 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312049 of user root. Nov 9 12:45:01 server83 systemd: Started Session 312045 of user root. Nov 9 12:45:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59149 PROTO=TCP SPT=56483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.2.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=59151 PROTO=TCP SPT=56483 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5845 SEQ=1 Nov 9 12:45:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32553 SEQ=1 Nov 9 12:45:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9331 SEQ=1 Nov 9 12:45:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60054 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:45:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7005 SEQ=1 Nov 9 12:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32969 SEQ=1 Nov 9 12:45:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22579 SEQ=1 Nov 9 12:45:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25355 PROTO=TCP SPT=57443 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3534 PROTO=TCP SPT=35028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=16101 PROTO=TCP SPT=39910 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25356 PROTO=TCP SPT=57443 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:45:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=16102 PROTO=TCP SPT=39910 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25357 PROTO=TCP SPT=57443 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25359 PROTO=TCP SPT=57443 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:45:12 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:45:12 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2704 PROTO=TCP SPT=61968 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:45:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38074 DF PROTO=TCP SPT=56150 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38075 DF PROTO=TCP SPT=56150 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:45:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35595 SEQ=1 Nov 9 12:45:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36395 SEQ=1 Nov 9 12:45:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35595 SEQ=1 Nov 9 12:45:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55991 SEQ=1 Nov 9 12:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38076 DF PROTO=TCP SPT=56150 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:45:19 server83 systemd: Started Session c2881 of user root. Nov 9 12:45:20 server83 scripts.sh: Load Average: 3.49 , 3.98 Nov 9 12:45:20 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 12:45:20 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 12:45:20 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 12:45:20 server83 scripts.sh: HTTPD Status: inactive Nov 9 12:45:20 server83 scripts.sh: MySQL Status: active Nov 9 12:45:20 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 12:45:20 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 12:45:20 server83 scripts.sh: SSHD Status: active Nov 9 12:45:20 server83 scripts.sh: FTP Status: active Nov 9 12:45:20 server83 scripts.sh: LiteSpeed Status: Active Nov 9 12:45:20 server83 scripts.sh: Imunify Status: Active Nov 9 12:45:20 server83 scripts.sh: cPanel Status: active Nov 9 12:45:20 server83 scripts.sh: Memory Status: 12/31 GB - 39.89% Nov 9 12:45:20 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 12:45:20 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 12:45:20 server83 scripts.sh: Local Version: 4.4.5 Nov 9 12:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29350 SEQ=1 Nov 9 12:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.237.26.255 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=13023 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:45:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38077 DF PROTO=TCP SPT=56150 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51396 SEQ=1 Nov 9 12:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3264 SEQ=1 Nov 9 12:45:25 server83 aibolit_wrapper[28064]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626725256161804.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626725256163682.txt --log=/tmp/malware_cleaner_log_17626725256165618.txt --progress=/tmp/malware_cleaner_progress_17626725256165058.json --csv_result=/tmp/revisium_csvfile_17626725256165298.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:45:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.81.124 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34876 DPT=5001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38078 DF PROTO=TCP SPT=56150 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10785 DF PROTO=TCP SPT=37044 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=31490 PROTO=TCP SPT=21623 DPT=34225 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=39948 PROTO=TCP SPT=21623 DPT=6612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=9194 PROTO=TCP SPT=21623 DPT=9347 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15265 SEQ=1 Nov 9 12:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8275 SEQ=1 Nov 9 12:45:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=41281 PROTO=TCP SPT=21623 DPT=5067 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=59235 PROTO=TCP SPT=21623 DPT=2389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=52154 PROTO=TCP SPT=21623 DPT=7443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=44271 PROTO=TCP SPT=21623 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=49996 PROTO=TCP SPT=21623 DPT=6699 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=10987 PROTO=TCP SPT=21623 DPT=30000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:35 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.182 DST=51.210.113.204 LEN=42 TOS=0x08 PREC=0x40 TTL=31 ID=10694 PROTO=UDP SPT=29972 DPT=2361 LEN=22 Nov 9 12:45:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57528 DF PROTO=TCP SPT=50823 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:45:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47212 SEQ=1 Nov 9 12:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15265 SEQ=1 Nov 9 12:45:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16183 SEQ=1 Nov 9 12:45:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57529 DF PROTO=TCP SPT=50823 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38620 SEQ=1 Nov 9 12:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31358 SEQ=1 Nov 9 12:45:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=4471 PROTO=TCP SPT=21623 DPT=32400 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57530 DF PROTO=TCP SPT=50823 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:45:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=9727 PROTO=TCP SPT=21623 DPT=6688 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:45:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:45:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=23941 PROTO=TCP SPT=21623 DPT=12096 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:45:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 12:45:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:45:47 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:45:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48449 SEQ=1 Nov 9 12:45:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=10934 PROTO=TCP SPT=21623 DPT=9909 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15330 SEQ=1 Nov 9 12:45:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48503 SEQ=1 Nov 9 12:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64549 SEQ=1 Nov 9 12:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=34975 PROTO=TCP SPT=21623 DPT=30007 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32032 SEQ=1 Nov 9 12:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32032 SEQ=1 Nov 9 12:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=63522 PROTO=TCP SPT=21623 DPT=8003 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65466 SEQ=1 Nov 9 12:45:54 server83 aibolit_wrapper[28888]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626725547802320.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626725547804350.txt --log=/tmp/malware_cleaner_log_17626725547806130.txt --progress=/tmp/malware_cleaner_progress_17626725547805674.json --csv_result=/tmp/revisium_csvfile_17626725547805896.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:45:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=5853 PROTO=TCP SPT=21623 DPT=30452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=49646 PROTO=TCP SPT=21623 DPT=3453 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:45:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=47577 PROTO=TCP SPT=21623 DPT=8444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:46:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.254.252 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=9400 PROTO=TCP SPT=21623 DPT=1888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:46:01 server83 systemd: Started Session 312050 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312054 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312053 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312051 of user root. Nov 9 12:46:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:46:01 server83 systemd: Started Session 312056 of user accentri. Nov 9 12:46:01 server83 systemd: Started Session 312057 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312052 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312055 of user accentri. Nov 9 12:46:01 server83 systemd: Started Session 312058 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312059 of user root. Nov 9 12:46:01 server83 systemd: Started Session 312060 of user root. Nov 9 12:46:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:46:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59354 SEQ=1 Nov 9 12:46:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53826 SEQ=1 Nov 9 12:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35415 DF PROTO=TCP SPT=38812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7244 SEQ=1 Nov 9 12:46:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16630 SEQ=1 Nov 9 12:46:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43738 SEQ=1 Nov 9 12:46:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26049 SEQ=1 Nov 9 12:46:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=50658 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43738 SEQ=1 Nov 9 12:46:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57532 DF PROTO=TCP SPT=51653 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:46:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57533 DF PROTO=TCP SPT=51653 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.144 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55114 DPT=9550 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57534 DF PROTO=TCP SPT=51653 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:46:15 server83 aibolit_wrapper[29542]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626725750167242.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626725750168952.txt --log=/tmp/malware_cleaner_log_17626725750170812.txt --progress=/tmp/malware_cleaner_progress_17626725750170302.json --csv_result=/tmp/revisium_csvfile_17626725750170522.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:46:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57535 DF PROTO=TCP SPT=51653 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:46:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54195 SEQ=1 Nov 9 12:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51840 PROTO=TCP SPT=45727 DPT=33960 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:46:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38080 DF PROTO=TCP SPT=56150 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56728 SEQ=1 Nov 9 12:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.158.203.159 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=41860 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62794 SEQ=1 Nov 9 12:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35416 DF PROTO=TCP SPT=38812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19310 SEQ=1 Nov 9 12:46:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43784 SEQ=1 Nov 9 12:46:22 server83 aibolit_wrapper[29762]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626725824930050.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626725824932564.txt --progress=/tmp/malware_cleaner_progress_17626725824932256.json --csv_result=/tmp/revisium_csvfile_17626725824932386.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:46:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45089 DPT=41674 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57536 DF PROTO=TCP SPT=51653 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:46:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58772 PROTO=TCP SPT=41811 DPT=2657 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46165 DF PROTO=TCP SPT=52846 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6936 PROTO=TCP SPT=50849 DPT=4938 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46166 DF PROTO=TCP SPT=52846 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10950 SEQ=1 Nov 9 12:46:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11218 SEQ=1 Nov 9 12:46:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25005 SEQ=1 Nov 9 12:46:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34214 SEQ=1 Nov 9 12:46:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46167 DF PROTO=TCP SPT=52846 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=26964 PROTO=TCP SPT=43647 DPT=4446 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24491 SEQ=1 Nov 9 12:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60468 SEQ=1 Nov 9 12:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46168 DF PROTO=TCP SPT=52846 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31117 SEQ=1 Nov 9 12:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25005 SEQ=1 Nov 9 12:46:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44776 SEQ=1 Nov 9 12:46:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3607 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:46:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49006 PROTO=TCP SPT=63760 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45180 DPT=33000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49007 PROTO=TCP SPT=63760 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:46:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5024 PROTO=TCP SPT=43468 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:46:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49008 PROTO=TCP SPT=63760 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.123 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49866 DPT=11553 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=5028 PROTO=TCP SPT=43468 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:46:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:46:49 server83 aibolit_wrapper[30613]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626726099480202.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626726099481382.txt --log=/tmp/malware_cleaner_log_17626726099482402.txt --progress=/tmp/malware_cleaner_progress_17626726099482110.json --csv_result=/tmp/revisium_csvfile_17626726099482232.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27562 SEQ=1 Nov 9 12:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10032 SEQ=1 Nov 9 12:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.205 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=33248 PROTO=TCP SPT=50106 DPT=2121 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:46:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2610 PROTO=TCP SPT=33675 DPT=7946 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2677 SEQ=1 Nov 9 12:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36206 SEQ=1 Nov 9 12:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58635 SEQ=1 Nov 9 12:46:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27562 SEQ=1 Nov 9 12:46:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35417 DF PROTO=TCP SPT=38812 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:46:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.188.231.42 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=54815 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46170 DF PROTO=TCP SPT=52846 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:47:01 server83 systemd: Started Session 312061 of user root. Nov 9 12:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:47:01 server83 systemd: Started Session 312062 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312063 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312064 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312066 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312065 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312068 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312069 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312067 of user root. Nov 9 12:47:01 server83 systemd: Started Session 312070 of user root. Nov 9 12:47:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24200 SEQ=1 Nov 9 12:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44814 SEQ=1 Nov 9 12:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24200 SEQ=1 Nov 9 12:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32794 SEQ=1 Nov 9 12:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3224 SEQ=1 Nov 9 12:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53373 SEQ=1 Nov 9 12:47:10 server83 pam_imunify_daemon.bin: time="2025-11-09T12:47:10+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 12:47:11 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:47:11 server83 aibolit_wrapper[31256]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626726311240186.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626726311241476.txt --log=/tmp/malware_cleaner_log_17626726311242744.txt --progress=/tmp/malware_cleaner_progress_17626726311242396.json --csv_result=/tmp/revisium_csvfile_17626726311242550.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:47:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=40.76.139.157 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=36368 PROTO=TCP SPT=53050 DPT=5601 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61168 SEQ=1 Nov 9 12:47:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49197 SEQ=1 Nov 9 12:47:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49197 SEQ=1 Nov 9 12:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2100 SEQ=1 Nov 9 12:47:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.89.119.154 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=49045 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:47:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39787 DPT=33000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=150.40.239.254 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=56263 DF PROTO=ICMP TYPE=8 CODE=0 ID=26880 SEQ=31941 Nov 9 12:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33664 SEQ=1 Nov 9 12:47:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.12 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=29333 PROTO=TCP SPT=26200 DPT=9458 WINDOW=59043 RES=0x00 SYN URGP=0 Nov 9 12:47:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63640 SEQ=1 Nov 9 12:47:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23103 PROTO=TCP SPT=45727 DPT=31482 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:47:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.104.47 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=34452 DPT=21300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47362 PROTO=TCP SPT=42856 DPT=4723 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3613 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=46171 DF PROTO=TCP SPT=52846 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 12:47:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57647 SEQ=1 Nov 9 12:47:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33617 SEQ=1 Nov 9 12:47:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.142.147.209 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34649 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57503 SEQ=1 Nov 9 12:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56104 SEQ=1 Nov 9 12:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1422 SEQ=1 Nov 9 12:47:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57647 SEQ=1 Nov 9 12:47:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=21467 PROTO=TCP SPT=51165 DPT=7949 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:47:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3606 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:47:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.132 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51599 DPT=4366 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40779 PROTO=TCP SPT=49956 DPT=27938 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:47:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32247 PROTO=TCP SPT=40553 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:47:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=32248 PROTO=TCP SPT=40553 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:47:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41640 PROTO=TCP SPT=54481 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:47:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41641 PROTO=TCP SPT=54481 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:47:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56092 SEQ=1 Nov 9 12:47:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:47:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:47:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.19 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41643 PROTO=TCP SPT=54481 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51699 SEQ=1 Nov 9 12:47:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48031 SEQ=1 Nov 9 12:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56092 SEQ=1 Nov 9 12:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16082 SEQ=1 Nov 9 12:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59100 SEQ=1 Nov 9 12:47:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.143 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=13810 PROTO=TCP SPT=42938 DPT=21300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:47:56 server83 aibolit_wrapper[32418]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626726762739322.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626726762741112.txt --log=/tmp/malware_cleaner_log_17626726762743260.txt --progress=/tmp/malware_cleaner_progress_17626726762742550.json --csv_result=/tmp/revisium_csvfile_17626726762742832.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:47:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.59 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51015 DPT=2869 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:48:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57265 SEQ=1 Nov 9 12:48:01 server83 systemd: Started Session 312071 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312072 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312073 of user root. Nov 9 12:48:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:48:01 server83 systemd: Started Session 312075 of user accentri. Nov 9 12:48:01 server83 systemd: Started Session 312074 of user accentri. Nov 9 12:48:01 server83 systemd: Started Session 312076 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312077 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312078 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312079 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312080 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312081 of user root. Nov 9 12:48:01 server83 systemd: Started Session 312082 of user root. Nov 9 12:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:48:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:48:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16794 SEQ=1 Nov 9 12:48:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49877 SEQ=1 Nov 9 12:48:02 server83 aibolit_wrapper[32719]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626726825171146.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626726825172692.txt --log=/tmp/malware_cleaner_log_17626726825174274.txt --progress=/tmp/malware_cleaner_progress_17626726825173866.json --csv_result=/tmp/revisium_csvfile_17626726825174056.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62091 SEQ=1 Nov 9 12:48:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30492 SEQ=1 Nov 9 12:48:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3597 SEQ=1 Nov 9 12:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23276 SEQ=1 Nov 9 12:48:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30492 SEQ=1 Nov 9 12:48:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57843 PROTO=TCP SPT=36788 DPT=7158 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:48:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27881 SEQ=1 Nov 9 12:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 12:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 12:48:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21338 SEQ=1 Nov 9 12:48:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21338 SEQ=1 Nov 9 12:48:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.253 DST=51.210.113.204 LEN=154 TOS=0x00 PREC=0x00 TTL=34 ID=6045 PROTO=UDP SPT=41373 DPT=46544 LEN=134 Nov 9 12:48:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3605 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:48:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=54.197.208.126 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=34950 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=20145 Nov 9 12:48:27 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:48:27 server83 systemd: Stopped Status Update Service. Nov 9 12:48:27 server83 systemd: Started Status Update Service. Nov 9 12:48:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.175.220.105 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35016 DPT=8058 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22373 SEQ=1 Nov 9 12:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5149 SEQ=1 Nov 9 12:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17821 SEQ=1 Nov 9 12:48:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21212 SEQ=1 Nov 9 12:48:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=22015 DF PROTO=TCP SPT=64412 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:48:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37341 SEQ=1 Nov 9 12:48:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=22016 DF PROTO=TCP SPT=64412 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:48:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.133 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56147 DPT=43566 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:48:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52909 SEQ=1 Nov 9 12:48:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:48:48 server83 aibolit_wrapper[1475]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626727287932324.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626727287934412.txt --log=/tmp/malware_cleaner_log_17626727287936246.txt --progress=/tmp/malware_cleaner_progress_17626727287935780.json --csv_result=/tmp/revisium_csvfile_17626727287935954.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:48:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.132 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54468 DPT=8005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1314 SEQ=1 Nov 9 12:48:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43990 PROTO=TCP SPT=50395 DPT=26139 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47747 SEQ=1 Nov 9 12:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47747 SEQ=1 Nov 9 12:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25217 SEQ=1 Nov 9 12:48:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49609 SEQ=1 Nov 9 12:48:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=951 PROTO=TCP SPT=45727 DPT=30794 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4875] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4879] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4880] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4883] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4893] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4895] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:48:59 server83 NetworkManager[922]: <info> [1762672739.4907] dhcp4 (eth1): dhclient started with pid 1817 Nov 9 12:48:59 server83 dhclient[1817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x6656dc8b) Nov 9 12:49:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.178 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=47554 PROTO=TCP SPT=36694 DPT=1194 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18699 SEQ=1 Nov 9 12:49:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36101 SEQ=1 Nov 9 12:49:01 server83 systemd: Started Session 312083 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312084 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312085 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312087 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312086 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312088 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312091 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312090 of user root. Nov 9 12:49:01 server83 systemd: Started Session 312089 of user root. Nov 9 12:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:49:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18699 SEQ=1 Nov 9 12:49:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58813 SEQ=1 Nov 9 12:49:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13584 SEQ=1 Nov 9 12:49:04 server83 aibolit_wrapper[2038]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626727440450222.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626727440451872.txt --log=/tmp/malware_cleaner_log_17626727440453446.txt --progress=/tmp/malware_cleaner_progress_17626727440452928.json --csv_result=/tmp/revisium_csvfile_17626727440453228.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:49:04 server83 dhclient[1817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x6656dc8b) Nov 9 12:49:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:49:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36101 SEQ=1 Nov 9 12:49:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=52013 PROTO=TCP SPT=52744 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:49:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3604 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:49:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=1405 PROTO=TCP SPT=52744 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:49:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.65.193.104 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=23343 PROTO=TCP SPT=45542 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28904 SEQ=1 Nov 9 12:49:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20950 SEQ=1 Nov 9 12:49:17 server83 dhclient[1817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x6656dc8b) Nov 9 12:49:18 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=110.46.186.51 DST=51.210.113.204 LEN=540 TOS=0x00 PREC=0x00 TTL=36 ID=18056 PROTO=UDP SPT=39622 DPT=44728 LEN=520 Nov 9 12:49:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43866 SEQ=1 Nov 9 12:49:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=6709 PROTO=TCP SPT=52744 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:49:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.114.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42179 DPT=8058 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57519 SEQ=1 Nov 9 12:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20950 SEQ=1 Nov 9 12:49:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18816 PROTO=TCP SPT=34014 DPT=5850 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36384 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58288 PROTO=TCP SPT=44327 DPT=7997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:33 server83 dhclient[1817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x6656dc8b) Nov 9 12:49:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50560 SEQ=1 Nov 9 12:49:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44372 SEQ=1 Nov 9 12:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42403 SEQ=1 Nov 9 12:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50560 SEQ=1 Nov 9 12:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54907 SEQ=1 Nov 9 12:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16730 SEQ=1 Nov 9 12:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20637 SEQ=1 Nov 9 12:49:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:49:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29497 PROTO=TCP SPT=41811 DPT=2623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:49:42 server83 aibolit_wrapper[3631]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626727823414542.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626727823416126.txt --log=/tmp/malware_cleaner_log_17626727823417758.txt --progress=/tmp/malware_cleaner_progress_17626727823417346.json --csv_result=/tmp/revisium_csvfile_17626727823417518.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:49:43 server83 dhclient[1817]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x6656dc8b) Nov 9 12:49:44 server83 NetworkManager[922]: <warn> [1762672784.4503] dhcp4 (eth1): request timed out Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 1817 Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:49:44 server83 NetworkManager[922]: <warn> [1762672784.4673] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4675] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4710] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4715] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4716] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4721] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4732] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4735] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:49:44 server83 NetworkManager[922]: <info> [1762672784.4747] dhcp4 (eth1): dhclient started with pid 3709 Nov 9 12:49:44 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x1cf0777f) Nov 9 12:49:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:49:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41419 SEQ=1 Nov 9 12:49:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.84.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33579 DPT=38520 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:49:49 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1cf0777f) Nov 9 12:49:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=11300 PROTO=TCP SPT=56259 DPT=6112 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:49:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40638 SEQ=1 Nov 9 12:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64152 SEQ=1 Nov 9 12:49:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24320 SEQ=1 Nov 9 12:49:56 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1cf0777f) Nov 9 12:49:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.172.37 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=4132 DF PROTO=TCP SPT=43053 DPT=9954 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:50:01 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=179.0.165.147 DST=145.239.177.179 LEN=59 TOS=0x00 PREC=0x00 TTL=49 ID=15075 DF PROTO=UDP SPT=52368 DPT=31069 LEN=39 Nov 9 12:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:50:01 server83 systemd: Started Session 312092 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312093 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312094 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312096 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312098 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312099 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312101 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312100 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312102 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312095 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312104 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312097 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312103 of user root. Nov 9 12:50:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:50:01 server83 systemd: Started Session 312106 of user accentri. Nov 9 12:50:01 server83 systemd: Started Session 312107 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312105 of user accentri. Nov 9 12:50:01 server83 systemd: Started Session 312108 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312109 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312110 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312111 of user root. Nov 9 12:50:01 server83 systemd: Started Session 312112 of user root. Nov 9 12:50:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:50:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.146 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=19611 PROTO=TCP SPT=55396 DPT=23123 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24195 SEQ=1 Nov 9 12:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37711 SEQ=1 Nov 9 12:50:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45184 SEQ=1 Nov 9 12:50:04 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1cf0777f) Nov 9 12:50:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51250 SEQ=1 Nov 9 12:50:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23777 SEQ=1 Nov 9 12:50:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64253 PROTO=TCP SPT=42122 DPT=7198 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37711 SEQ=1 Nov 9 12:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64714 SEQ=1 Nov 9 12:50:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:50:09 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:50:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:50:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.222 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51979 DPT=13189 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34815 PROTO=TCP SPT=57519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:13 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1cf0777f) Nov 9 12:50:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34816 PROTO=TCP SPT=57519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18820 PROTO=TCP SPT=46245 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=34817 PROTO=TCP SPT=57519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18821 PROTO=TCP SPT=46245 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:50:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:50:16 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:50:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18822 PROTO=TCP SPT=46245 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1891 SEQ=1 Nov 9 12:50:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=18824 PROTO=TCP SPT=46245 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:50:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20709 SEQ=1 Nov 9 12:50:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50271 SEQ=1 Nov 9 12:50:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54849 SEQ=1 Nov 9 12:50:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.237.126.18 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=18935 PROTO=TCP SPT=37627 DPT=1270 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57537 DF PROTO=TCP SPT=56455 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:22 server83 aibolit_wrapper[5116]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626728221724320.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626728221725734.txt --log=/tmp/malware_cleaner_log_17626728221727170.txt --progress=/tmp/malware_cleaner_progress_17626728221726832.json --csv_result=/tmp/revisium_csvfile_17626728221726980.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:50:22 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x1cf0777f) Nov 9 12:50:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57538 DF PROTO=TCP SPT=56455 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57539 DF PROTO=TCP SPT=56455 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19868 SEQ=1 Nov 9 12:50:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.22.211.105 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=13410 DF PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=12304 Nov 9 12:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57540 DF PROTO=TCP SPT=56455 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:29 server83 dhclient[3709]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1cf0777f) Nov 9 12:50:29 server83 NetworkManager[922]: <warn> [1762672829.4393] dhcp4 (eth1): request timed out Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4393] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4554] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3709 Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4554] dhcp4 (eth1): state changed timeout -> done Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4557] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:50:29 server83 NetworkManager[922]: <warn> [1762672829.4565] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4569] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4607] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4614] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4615] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4620] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4632] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4637] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:50:29 server83 NetworkManager[922]: <info> [1762672829.4651] dhcp4 (eth1): dhclient started with pid 5239 Nov 9 12:50:29 server83 dhclient[5239]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0xa59e273) Nov 9 12:50:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60472 SEQ=1 Nov 9 12:50:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14644 SEQ=1 Nov 9 12:50:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.197 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37145 DPT=16993 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8662 SEQ=1 Nov 9 12:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43429 SEQ=1 Nov 9 12:50:33 server83 dhclient[5239]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0xa59e273) Nov 9 12:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.224.9.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=32822 SEQ=0 Nov 9 12:50:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.173.104 DST=51.210.113.204 LEN=122 TOS=0x00 PREC=0x00 TTL=43 ID=17256 DF PROTO=UDP SPT=50761 DPT=3702 LEN=102 Nov 9 12:50:35 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 12:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16296 PROTO=TCP SPT=60572 DPT=6755 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57541 DF PROTO=TCP SPT=56455 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7139 SEQ=1 Nov 9 12:50:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.217 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50639 DPT=18572 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43628 DPT=38520 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:38 server83 dhclient[5239]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0xa59e273) Nov 9 12:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65411 SEQ=1 Nov 9 12:50:46 server83 pam_imunify_daemon.bin: time="2025-11-09T12:50:46+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 12:50:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57542 DF PROTO=TCP SPT=57057 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57543 DF PROTO=TCP SPT=57057 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:50:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57544 DF PROTO=TCP SPT=57057 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:51 server83 dhclient[5239]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0xa59e273) Nov 9 12:50:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=104.168.101.27 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=234 ID=36731 PROTO=TCP SPT=53455 DPT=8002 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:50:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.71 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=3496 DF PROTO=TCP SPT=26916 DPT=3375 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.80.16.161 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=22 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=14847 Nov 9 12:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18680 SEQ=1 Nov 9 12:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37888 SEQ=1 Nov 9 12:50:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57545 DF PROTO=TCP SPT=57057 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:50:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32999 SEQ=1 Nov 9 12:50:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.155 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49480 DPT=8001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:50:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.212.201.77 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=43405 PROTO=TCP SPT=52641 DPT=8098 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:51:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46851 PROTO=TCP SPT=45727 DPT=30454 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:51:01 server83 systemd: Started Session 312113 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312114 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312115 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312117 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312120 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312119 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312118 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312116 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312121 of user root. Nov 9 12:51:01 server83 systemd: Started Session 312122 of user root. Nov 9 12:51:01 server83 aibolit_wrapper[5880]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626728614540444.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626728614541924.txt --log=/tmp/malware_cleaner_log_17626728614543660.txt --progress=/tmp/malware_cleaner_progress_17626728614543058.json --csv_result=/tmp/revisium_csvfile_17626728614543364.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:51:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57546 DF PROTO=TCP SPT=57057 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:51:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26835 SEQ=1 Nov 9 12:51:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46899 SEQ=1 Nov 9 12:51:05 server83 dhclient[5239]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0xa59e273) Nov 9 12:51:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30106 PROTO=TCP SPT=56970 DPT=7204 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:51:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50877 SEQ=1 Nov 9 12:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59124 SEQ=1 Nov 9 12:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26835 SEQ=1 Nov 9 12:51:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33293 SEQ=1 Nov 9 12:51:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18267 PROTO=TCP SPT=49956 DPT=25167 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3633 SEQ=1 Nov 9 12:51:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15999 SEQ=1 Nov 9 12:51:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.20 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=46325 PROTO=TCP SPT=46099 DPT=5052 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:51:12 server83 dhclient[5239]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0xa59e273) Nov 9 12:51:14 server83 NetworkManager[922]: <warn> [1762672874.4512] dhcp4 (eth1): request timed out Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4512] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4591] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5239 Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4594] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:51:14 server83 NetworkManager[922]: <warn> [1762672874.4599] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4601] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4635] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4640] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4641] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4645] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4656] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4659] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:51:14 server83 NetworkManager[922]: <info> [1762672874.4672] dhcp4 (eth1): dhclient started with pid 6219 Nov 9 12:51:14 server83 dhclient[6219]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x65dcb6c3) Nov 9 12:51:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36870 SEQ=1 Nov 9 12:51:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60666 SEQ=1 Nov 9 12:51:19 server83 dhclient[6219]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x65dcb6c3) Nov 9 12:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56890 SEQ=1 Nov 9 12:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.160.96.5 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=22627 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:51:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34567 PROTO=TCP SPT=34613 DPT=5753 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:51:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57547 DF PROTO=TCP SPT=57988 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:51:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57548 DF PROTO=TCP SPT=57988 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:51:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57549 DF PROTO=TCP SPT=57988 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:51:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=13.216.215.7 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=40121 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=20145 Nov 9 12:51:28 server83 dhclient[6219]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x65dcb6c3) Nov 9 12:51:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57550 DF PROTO=TCP SPT=57988 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:51:34 server83 aibolit_wrapper[6913]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626728949792524.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626728949794178.txt --log=/tmp/malware_cleaner_log_17626728949795814.txt --progress=/tmp/malware_cleaner_progress_17626728949795392.json --csv_result=/tmp/revisium_csvfile_17626728949795606.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:51:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:51:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.167 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54546 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:51:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57551 DF PROTO=TCP SPT=57988 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:51:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11472 SEQ=1 Nov 9 12:51:37 server83 dhclient[6219]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x65dcb6c3) Nov 9 12:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61650 SEQ=1 Nov 9 12:51:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63995 SEQ=1 Nov 9 12:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35303 SEQ=1 Nov 9 12:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29672 SEQ=1 Nov 9 12:51:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6157 SEQ=1 Nov 9 12:51:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.180 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=29092 PROTO=TCP SPT=15015 DPT=5985 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 12:51:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:51:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.internal: ProactiveModel.Host should not be empty Nov 9 12:51:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:51:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62253 SEQ=1 Nov 9 12:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62253 SEQ=1 Nov 9 12:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34458 SEQ=1 Nov 9 12:51:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:51:51 server83 dhclient[6219]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x65dcb6c3) Nov 9 12:51:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41933 SEQ=1 Nov 9 12:51:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38048 SEQ=1 Nov 9 12:51:52 server83 aibolit_wrapper[7329]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626729124388546.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626729124390056.txt --log=/tmp/malware_cleaner_log_17626729124393434.txt --progress=/tmp/malware_cleaner_progress_17626729124392710.json --csv_result=/tmp/revisium_csvfile_17626729124393144.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:51:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53337 PROTO=TCP SPT=58594 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53338 PROTO=TCP SPT=58594 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44180 SEQ=1 Nov 9 12:51:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49754 SEQ=1 Nov 9 12:51:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29198 PROTO=TCP SPT=50034 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53339 PROTO=TCP SPT=58594 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53340 PROTO=TCP SPT=58594 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29199 PROTO=TCP SPT=50034 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.211 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=53341 PROTO=TCP SPT=58594 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:51:59 server83 NetworkManager[922]: <warn> [1762672919.4503] dhcp4 (eth1): request timed out Nov 9 12:51:59 server83 NetworkManager[922]: <info> [1762672919.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:51:59 server83 NetworkManager[922]: <info> [1762672919.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6219 Nov 9 12:51:59 server83 NetworkManager[922]: <info> [1762672919.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 12:51:59 server83 NetworkManager[922]: <info> [1762672919.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:51:59 server83 NetworkManager[922]: <warn> [1762672919.4592] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:51:59 server83 NetworkManager[922]: <info> [1762672919.4595] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:51:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29202 PROTO=TCP SPT=50034 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17185 SEQ=1 Nov 9 12:52:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45922 SEQ=1 Nov 9 12:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:52:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:52:01 server83 systemd: Started Session 312123 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312124 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312126 of user root. Nov 9 12:52:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:52:01 server83 systemd: Started Session 312128 of user accentri. Nov 9 12:52:01 server83 systemd: Started Session 312127 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312129 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312130 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312125 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312132 of user root. Nov 9 12:52:01 server83 systemd: Started Session 312133 of user accentri. Nov 9 12:52:01 server83 systemd: Started Session 312131 of user root. Nov 9 12:52:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:52:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53642 SEQ=1 Nov 9 12:52:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.81 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=4116 PROTO=TCP SPT=52599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24778 SEQ=1 Nov 9 12:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.81 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=4117 PROTO=TCP SPT=52599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56034 DPT=7080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=49760 PROTO=TCP SPT=49143 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.81 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=4118 PROTO=TCP SPT=52599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=40.124.175.26 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=44613 PROTO=TCP SPT=60737 DPT=5984 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.194.169.81 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=4119 PROTO=TCP SPT=52599 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=49763 PROTO=TCP SPT=49143 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:52:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5519 SEQ=1 Nov 9 12:52:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61710 SEQ=1 Nov 9 12:52:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57287 PROTO=TCP SPT=45727 DPT=34045 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:52:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.250.128.101 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=29531 DF PROTO=TCP SPT=30555 DPT=5555 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 12:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49062 SEQ=1 Nov 9 12:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23145 SEQ=1 Nov 9 12:52:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.133 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57018 DPT=48210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.228 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51504 DPT=1947 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=54.158.203.159 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=63103 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:52:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49062 SEQ=1 Nov 9 12:52:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25077 PROTO=TCP SPT=50395 DPT=35773 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:52:27 server83 aibolit_wrapper[8296]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626729472699096.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626729472700940.txt --log=/tmp/malware_cleaner_log_17626729472703190.txt --progress=/tmp/malware_cleaner_progress_17626729472702542.json --csv_result=/tmp/revisium_csvfile_17626729472702820.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:52:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.161 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=2544 PROTO=TCP SPT=55064 DPT=1012 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:52:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36455 PROTO=TCP SPT=61000 DPT=29086 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:52:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:52:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.159.99.101 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39547 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47865 PROTO=TCP SPT=49956 DPT=25153 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15634 SEQ=1 Nov 9 12:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64173 SEQ=1 Nov 9 12:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64173 SEQ=1 Nov 9 12:52:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12326 SEQ=1 Nov 9 12:52:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44119 DPT=6080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=43577 DPT=9222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47403 SEQ=1 Nov 9 12:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6261 SEQ=1 Nov 9 12:52:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55522 DPT=9609 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.127.173.114 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=51879 DPT=8006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44995 SEQ=1 Nov 9 12:52:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35119 SEQ=1 Nov 9 12:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24641 SEQ=1 Nov 9 12:52:42 server83 scripts.sh: Sun Nov 9 12:52:42 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 12:52:45 server83 aibolit_wrapper[8794]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626729658649676.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626729658651072.txt --log=/tmp/malware_cleaner_log_17626729658653194.txt --progress=/tmp/malware_cleaner_progress_17626729658652590.json --csv_result=/tmp/revisium_csvfile_17626729658652730.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:52:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.config: ProactiveModel.Host should not be empty Nov 9 12:52:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.lock: ProactiveModel.Host should not be empty Nov 9 12:52:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:52:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:52:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6938 SEQ=1 Nov 9 12:52:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52240 SEQ=1 Nov 9 12:52:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57552 DF PROTO=TCP SPT=60232 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:52:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57553 DF PROTO=TCP SPT=60232 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:52:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12520 SEQ=1 Nov 9 12:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56031 SEQ=1 Nov 9 12:52:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17023 SEQ=1 Nov 9 12:52:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52440 DPT=9576 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57554 DF PROTO=TCP SPT=60232 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:52:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:52:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:52:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=36168 PROTO=TCP SPT=55138 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57555 DF PROTO=TCP SPT=60232 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:52:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44190 DPT=30003 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:52:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.123 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=452 PROTO=TCP SPT=46290 DPT=6222 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.128.204 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=38 ID=0 DF PROTO=TCP SPT=37552 DPT=6018 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:53:01 server83 systemd: Started Session 312135 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312136 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312134 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312138 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312139 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312137 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312140 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312141 of user root. Nov 9 12:53:01 server83 systemd: Started Session 312142 of user root. Nov 9 12:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:53:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23795 SEQ=1 Nov 9 12:53:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47943 SEQ=1 Nov 9 12:53:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3167 SEQ=1 Nov 9 12:53:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21475 SEQ=1 Nov 9 12:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21475 SEQ=1 Nov 9 12:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52277 SEQ=1 Nov 9 12:53:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57556 DF PROTO=TCP SPT=60232 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=100.26.230.58 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=241 ID=37311 DF PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14784 Nov 9 12:53:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36793 SEQ=1 Nov 9 12:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3610 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:53:13 server83 aibolit_wrapper[9506]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626729931206276.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626729931208100.txt --log=/tmp/malware_cleaner_log_17626729931210968.txt --progress=/tmp/malware_cleaner_progress_17626729931210496.json --csv_result=/tmp/revisium_csvfile_17626729931210744.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:53:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=26180 PROTO=TCP SPT=32996 DPT=9222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20196 SEQ=1 Nov 9 12:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61441 SEQ=1 Nov 9 12:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8891 SEQ=1 Nov 9 12:53:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.95.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38446 DPT=9222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=628 SEQ=1 Nov 9 12:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=13293 PROTO=TCP SPT=49037 DPT=25129 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:53:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41173 SEQ=1 Nov 9 12:53:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6774 SEQ=1 Nov 9 12:53:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32336 SEQ=1 Nov 9 12:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64955 SEQ=1 Nov 9 12:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41173 SEQ=1 Nov 9 12:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16726 SEQ=1 Nov 9 12:53:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.201 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50903 DPT=47001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=24256 DF PROTO=TCP SPT=49971 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:53:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=24257 DF PROTO=TCP SPT=49971 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:53:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=24258 DF PROTO=TCP SPT=49971 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:38 server83 aibolit_wrapper[10317]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626730184378362.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626730184379972.txt --log=/tmp/malware_cleaner_log_17626730184381456.txt --progress=/tmp/malware_cleaner_progress_17626730184381074.json --csv_result=/tmp/revisium_csvfile_17626730184381238.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:53:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:53:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.157 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49741 DPT=8077 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:53:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=24259 DF PROTO=TCP SPT=49971 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:44 server83 aibolit_wrapper[10518]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626730246104722.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626730246106518.txt --progress=/tmp/malware_cleaner_progress_17626730246106306.json --csv_result=/tmp/revisium_csvfile_17626730246106396.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:53:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:53:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49080 SEQ=1 Nov 9 12:53:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:53:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45084 SEQ=1 Nov 9 12:53:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26296 SEQ=1 Nov 9 12:53:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=24260 DF PROTO=TCP SPT=49971 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:53:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45675 SEQ=1 Nov 9 12:53:58 server83 aibolit_wrapper[10877]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626730381081626.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626730381083756.txt --log=/tmp/malware_cleaner_log_17626730381085010.txt --progress=/tmp/malware_cleaner_progress_17626730381084692.json --csv_result=/tmp/revisium_csvfile_17626730381084834.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:54:01 server83 systemd: Started Session 312143 of user root. Nov 9 12:54:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:54:01 server83 systemd: Started Session 312144 of user accentri. Nov 9 12:54:01 server83 systemd: Started Session 312145 of user accentri. Nov 9 12:54:01 server83 systemd: Started Session 312147 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312146 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312149 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312148 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312151 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312150 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312153 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312154 of user root. Nov 9 12:54:01 server83 systemd: Started Session 312152 of user root. Nov 9 12:54:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:54:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3608 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:54:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:54:06 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:54:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35227 SEQ=1 Nov 9 12:54:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43216 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62071 SEQ=1 Nov 9 12:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62071 SEQ=1 Nov 9 12:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35227 SEQ=1 Nov 9 12:54:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62261 SEQ=1 Nov 9 12:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24576 SEQ=1 Nov 9 12:54:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53667 DPT=9990 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:54:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.227 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49806 DPT=9719 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:54:17 server83 aibolit_wrapper[11585]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626730574086588.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626730574088300.txt --log=/tmp/malware_cleaner_log_17626730574089726.txt --progress=/tmp/malware_cleaner_progress_17626730574089330.json --csv_result=/tmp/revisium_csvfile_17626730574089504.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:54:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45796 SEQ=1 Nov 9 12:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32380 SEQ=1 Nov 9 12:54:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.115.78 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2026 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 12:54:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:54:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45127 SEQ=1 Nov 9 12:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58148 SEQ=1 Nov 9 12:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1199 SEQ=1 Nov 9 12:54:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.189 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42980 DPT=31337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:54:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45127 SEQ=1 Nov 9 12:54:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56031 SEQ=1 Nov 9 12:54:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56289 SEQ=1 Nov 9 12:54:38 server83 aibolit_wrapper[12101]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626730785615030.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626730785616758.txt --log=/tmp/malware_cleaner_log_17626730785618746.txt --progress=/tmp/malware_cleaner_progress_17626730785618188.json --csv_result=/tmp/revisium_csvfile_17626730785618448.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20421 PROTO=TCP SPT=58903 DPT=9294 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:54:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=83.48.94.163 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=15687 PROTO=TCP SPT=41855 DPT=81 WINDOW=1300 RES=0x00 SYN URGP=0 Nov 9 12:54:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13360 PROTO=TCP SPT=41811 DPT=2581 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:54:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 12:54:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.class: ProactiveModel.Host should not be empty Nov 9 12:54:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:54:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:54:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26775 SEQ=1 Nov 9 12:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26989 SEQ=1 Nov 9 12:54:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23853 SEQ=1 Nov 9 12:54:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:54:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58104 SEQ=1 Nov 9 12:54:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37693 SEQ=1 Nov 9 12:54:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17309 SEQ=1 Nov 9 12:54:50 server83 systemd: Started Session c2882 of user root. Nov 9 12:54:50 server83 scripts.sh: Load Average: 3.59 , 3.55 Nov 9 12:54:50 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 12:54:50 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 12:54:50 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 12:54:50 server83 scripts.sh: HTTPD Status: inactive Nov 9 12:54:50 server83 scripts.sh: MySQL Status: active Nov 9 12:54:50 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 12:54:50 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 12:54:50 server83 scripts.sh: SSHD Status: active Nov 9 12:54:50 server83 scripts.sh: FTP Status: active Nov 9 12:54:50 server83 scripts.sh: LiteSpeed Status: Active Nov 9 12:54:50 server83 scripts.sh: Imunify Status: Active Nov 9 12:54:50 server83 scripts.sh: cPanel Status: active Nov 9 12:54:50 server83 scripts.sh: Memory Status: 12/31 GB - 38.69% Nov 9 12:54:50 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 12:54:50 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 12:54:50 server83 scripts.sh: Local Version: 4.4.5 Nov 9 12:54:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47133 PROTO=TCP SPT=42770 DPT=5985 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:54:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.155 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54659 DPT=9468 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:55:01 server83 systemd: Started Session 312156 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312157 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312158 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312159 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312160 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312155 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312163 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312164 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312162 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312161 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312165 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312166 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312167 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312168 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312170 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312169 of user root. Nov 9 12:55:01 server83 systemd: Started Session 312171 of user root. Nov 9 12:55:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46071 SEQ=1 Nov 9 12:55:05 server83 aibolit_wrapper[12833]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626731059222720.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626731059224622.txt --log=/tmp/malware_cleaner_log_17626731059226500.txt --progress=/tmp/malware_cleaner_progress_17626731059226074.json --csv_result=/tmp/revisium_csvfile_17626731059226270.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:55:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35948 SEQ=1 Nov 9 12:55:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30664 SEQ=1 Nov 9 12:55:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45979 SEQ=1 Nov 9 12:55:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46071 SEQ=1 Nov 9 12:55:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38183 SEQ=1 Nov 9 12:55:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5006 PROTO=TCP SPT=49956 DPT=29792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:55:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57367 PROTO=TCP SPT=50395 DPT=44354 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:55:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 12:55:14 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 12:55:14 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 12:55:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51859 PROTO=TCP SPT=45727 DPT=30612 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:55:16 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:55:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46463 PROTO=TCP SPT=50395 DPT=35773 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40970 SEQ=1 Nov 9 12:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21652 SEQ=1 Nov 9 12:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40970 SEQ=1 Nov 9 12:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61434 SEQ=1 Nov 9 12:55:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54093 SEQ=1 Nov 9 12:55:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=1321 PROTO=TCP SPT=51791 DPT=21 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:55:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.64.105.148 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=61258 PROTO=TCP SPT=43637 DPT=4118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17336 PROTO=TCP SPT=34050 DPT=4280 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:33 server83 aibolit_wrapper[13556]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626731331386500.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626731331387806.txt --log=/tmp/malware_cleaner_log_17626731331388652.txt --progress=/tmp/malware_cleaner_progress_17626731331388442.json --csv_result=/tmp/revisium_csvfile_17626731331388538.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34480 SEQ=1 Nov 9 12:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1900 SEQ=1 Nov 9 12:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39284 SEQ=1 Nov 9 12:55:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30250 SEQ=1 Nov 9 12:55:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37502 SEQ=1 Nov 9 12:55:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38469 SEQ=1 Nov 9 12:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10452 SEQ=1 Nov 9 12:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34480 SEQ=1 Nov 9 12:55:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35513 DPT=9785 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.0.20 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57106 DPT=9785 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30017 PROTO=TCP SPT=40848 DPT=4411 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rindex: ProactiveModel.Host should not be empty Nov 9 12:55:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:55:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 12:55:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=29396 PROTO=TCP SPT=51775 DPT=47340 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32226 SEQ=1 Nov 9 12:55:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:55:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45060 SEQ=1 Nov 9 12:55:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15959 SEQ=1 Nov 9 12:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=223.199.165.51 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=40675 PROTO=TCP SPT=12286 DPT=7687 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:55:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5196 SEQ=1 Nov 9 12:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52080 SEQ=1 Nov 9 12:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45060 SEQ=1 Nov 9 12:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.80.181.183 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=22 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=14847 Nov 9 12:55:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=140.179.236.218 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=16 SEQ=17318 Nov 9 12:55:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14483 PROTO=TCP SPT=47710 DPT=4333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17878 PROTO=TCP SPT=48285 DPT=7912 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:55:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.180.99 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=30094 DF PROTO=TCP SPT=52607 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.50.188 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=60849 PROTO=TCP SPT=39117 DPT=1527 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3602 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.101 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=54885 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.180.99 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=30095 DF PROTO=TCP SPT=52607 DPT=21 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 Nov 9 12:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:56:01 server83 systemd: Started Session 312173 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312174 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312172 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312175 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312177 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312178 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312176 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312179 of user root. Nov 9 12:56:01 server83 systemd: Created slice User Slice of accentri. Nov 9 12:56:01 server83 systemd: Started Session 312180 of user accentri. Nov 9 12:56:01 server83 systemd: Started Session 312181 of user root. Nov 9 12:56:01 server83 systemd: Started Session 312182 of user accentri. Nov 9 12:56:01 server83 systemd: Started Session 312183 of user root. Nov 9 12:56:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:56:01 server83 aibolit_wrapper[14192]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626731614124338.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626731614125512.txt --log=/tmp/malware_cleaner_log_17626731614126720.txt --progress=/tmp/malware_cleaner_progress_17626731614126412.json --csv_result=/tmp/revisium_csvfile_17626731614126554.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:56:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34794 PROTO=TCP SPT=49956 DPT=25929 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29957 SEQ=1 Nov 9 12:56:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33208 PROTO=TCP SPT=47860 DPT=8373 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6872 SEQ=1 Nov 9 12:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62948 SEQ=1 Nov 9 12:56:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.237.180.99 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=30096 DF PROTO=TCP SPT=52607 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 9 12:56:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44827 SEQ=1 Nov 9 12:56:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:56:16 server83 aibolit_wrapper[14566]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626731765867496.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626731765868918.txt --log=/tmp/malware_cleaner_log_17626731765870646.txt --progress=/tmp/malware_cleaner_progress_17626731765870326.json --csv_result=/tmp/revisium_csvfile_17626731765870466.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:56:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3601 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.120 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55372 PROTO=TCP SPT=45653 DPT=1880 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=4.227.178.199 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=15792 PROTO=TCP SPT=51315 DPT=109 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42949 SEQ=1 Nov 9 12:56:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=39313 PROTO=TCP SPT=53178 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=52573 PROTO=TCP SPT=53178 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28282 SEQ=1 Nov 9 12:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32905 SEQ=1 Nov 9 12:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16029 SEQ=1 Nov 9 12:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28171 SEQ=1 Nov 9 12:56:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17481 SEQ=1 Nov 9 12:56:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.32 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=63640 PROTO=TCP SPT=48206 DPT=9785 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=29050 PROTO=TCP SPT=53178 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:27 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 12:56:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.104.19.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=58811 DPT=31107 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:29 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.119 DST=145.239.177.179 LEN=125 TOS=0x00 PREC=0x00 TTL=46 ID=428 DF PROTO=UDP SPT=17465 DPT=1900 LEN=105 Nov 9 12:56:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20788 PROTO=TCP SPT=45504 DPT=1148 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:56:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57544 SEQ=1 Nov 9 12:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36424 SEQ=1 Nov 9 12:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10111 SEQ=1 Nov 9 12:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44938 SEQ=1 Nov 9 12:56:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44938 SEQ=1 Nov 9 12:56:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.154.95.236 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=65442 PROTO=TCP SPT=48612 DPT=458 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:56:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:56:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:56:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:56:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.174.27 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=47 ID=6668 DF PROTO=TCP SPT=40145 DPT=32414 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 12:56:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11006 SEQ=1 Nov 9 12:56:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3467 SEQ=1 Nov 9 12:56:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31370 SEQ=1 Nov 9 12:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63598 SEQ=1 Nov 9 12:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63598 SEQ=1 Nov 9 12:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8769 SEQ=1 Nov 9 12:56:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.15 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=43826 PROTO=TCP SPT=26200 DPT=10036 WINDOW=6104 RES=0x00 SYN URGP=0 Nov 9 12:56:56 server83 aibolit_wrapper[15500]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626732167406898.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626732167408546.txt --log=/tmp/malware_cleaner_log_17626732167410236.txt --progress=/tmp/malware_cleaner_progress_17626732167409838.json --csv_result=/tmp/revisium_csvfile_17626732167410042.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:56:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46719 PROTO=TCP SPT=38842 DPT=9772 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:56:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42927 PROTO=TCP SPT=42111 DPT=2742 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4914] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4918] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4919] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4921] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4931] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4935] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:56:59 server83 NetworkManager[922]: <info> [1762673219.4946] dhcp4 (eth1): dhclient started with pid 15573 Nov 9 12:56:59 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x33620238) Nov 9 12:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:57:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:57:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 12:57:01 server83 systemd: Started Session 312184 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312185 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312188 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312186 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312187 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312189 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312190 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312191 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312192 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312193 of user root. Nov 9 12:57:01 server83 systemd: Started Session 312194 of user root. Nov 9 12:57:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=49667 PROTO=TCP SPT=36059 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36951 SEQ=1 Nov 9 12:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18439 SEQ=1 Nov 9 12:57:02 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x33620238) Nov 9 12:57:05 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x33620238) Nov 9 12:57:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26048 SEQ=1 Nov 9 12:57:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=692 SEQ=1 Nov 9 12:57:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28369 PROTO=TCP SPT=50280 DPT=4597 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:57:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37499 SEQ=1 Nov 9 12:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12724 SEQ=1 Nov 9 12:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10446 SEQ=1 Nov 9 12:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58883 SEQ=1 Nov 9 12:57:09 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x33620238) Nov 9 12:57:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=71.6.147.254 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=109 ID=16420 PROTO=TCP SPT=26200 DPT=8884 WINDOW=49471 RES=0x00 SYN URGP=0 Nov 9 12:57:12 server83 aibolit_wrapper[16048]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626732329744866.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626732329746506.txt --log=/tmp/malware_cleaner_log_17626732329747924.txt --progress=/tmp/malware_cleaner_progress_17626732329747524.json --csv_result=/tmp/revisium_csvfile_17626732329747688.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:57:15 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x33620238) Nov 9 12:57:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=41368 PROTO=TCP SPT=53111 DPT=23690 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:57:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:57:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57557 DF PROTO=TCP SPT=64908 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:57:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16600 SEQ=1 Nov 9 12:57:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57558 DF PROTO=TCP SPT=64908 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:57:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46466 SEQ=1 Nov 9 12:57:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15337 SEQ=1 Nov 9 12:57:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57559 DF PROTO=TCP SPT=64908 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22 SEQ=1 Nov 9 12:57:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46340 SEQ=1 Nov 9 12:57:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57560 DF PROTO=TCP SPT=64908 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:57:28 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.235.176.50 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=60721 DPT=123 LEN=200 Nov 9 12:57:30 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x33620238) Nov 9 12:57:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=52523 PROTO=TCP SPT=51791 DPT=39657 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 12:57:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17882 SEQ=1 Nov 9 12:57:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3800 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57561 DF PROTO=TCP SPT=64908 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:57:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.81.14 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=4374 PROTO=TCP SPT=47431 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:57:38 server83 dhclient[15573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x33620238) Nov 9 12:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13001 SEQ=1 Nov 9 12:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53653 SEQ=1 Nov 9 12:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62077 SEQ=1 Nov 9 12:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17514 SEQ=1 Nov 9 12:57:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13001 SEQ=1 Nov 9 12:57:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.81.46.39 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=32787 DPT=4333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:57:44 server83 aibolit_wrapper[16843]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626732643765812.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626732643766776.txt --log=/tmp/malware_cleaner_log_17626732643767724.txt --progress=/tmp/malware_cleaner_progress_17626732643767458.json --csv_result=/tmp/revisium_csvfile_17626732643767580.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:57:44 server83 NetworkManager[922]: <warn> [1762673264.4503] dhcp4 (eth1): request timed out Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15573 Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:57:44 server83 NetworkManager[922]: <warn> [1762673264.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4708] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4713] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4714] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4718] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4728] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4731] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:57:44 server83 NetworkManager[922]: <info> [1762673264.4745] dhcp4 (eth1): dhclient started with pid 16857 Nov 9 12:57:44 server83 dhclient[16857]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x78da4ed0) Nov 9 12:57:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22077 SEQ=1 Nov 9 12:57:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:57:48 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58598 SEQ=1 Nov 9 12:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39888 SEQ=1 Nov 9 12:57:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3607 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8150 SEQ=1 Nov 9 12:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60737 SEQ=1 Nov 9 12:57:52 server83 dhclient[16857]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x78da4ed0) Nov 9 12:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8150 SEQ=1 Nov 9 12:57:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46712 SEQ=1 Nov 9 12:57:58 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 12:57:58 server83 systemd: Stopped Status Update Service. Nov 9 12:57:58 server83 systemd: Started Status Update Service. Nov 9 12:58:02 server83 systemd: Started Session 312195 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312196 of user root. Nov 9 12:58:02 server83 systemd: Created slice User Slice of accentri. Nov 9 12:58:02 server83 systemd: Started Session 312198 of user accentri. Nov 9 12:58:02 server83 systemd: Started Session 312197 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312199 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312201 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312200 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312202 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312205 of user root. Nov 9 12:58:02 server83 systemd: Started Session 312204 of user root. Nov 9 12:58:02 server83 systemd: Created slice User Slice of metalarts. Nov 9 12:58:02 server83 systemd: Started Session 312206 of user metalarts. Nov 9 12:58:02 server83 systemd: Started Session 312203 of user accentri. Nov 9 12:58:02 server83 aibolit_wrapper[17300]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626732820465780.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626732820467744.txt --log=/tmp/malware_cleaner_log_17626732820469590.txt --progress=/tmp/malware_cleaner_progress_17626732820469074.json --csv_result=/tmp/revisium_csvfile_17626732820469308.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:58:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:58:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 12:58:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 12:58:02 server83 systemd: Removed slice User Slice of metalarts. Nov 9 12:58:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2787 SEQ=1 Nov 9 12:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32581 SEQ=1 Nov 9 12:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41974 SEQ=1 Nov 9 12:58:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3799 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:58:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:58:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57562 DF PROTO=TCP SPT=49842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31696 SEQ=1 Nov 9 12:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57563 DF PROTO=TCP SPT=49842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.93 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52351 DPT=20256 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:58:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9560 SEQ=1 Nov 9 12:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2787 SEQ=1 Nov 9 12:58:07 server83 dhclient[16857]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x78da4ed0) Nov 9 12:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36031 SEQ=1 Nov 9 12:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20040 SEQ=1 Nov 9 12:58:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57564 DF PROTO=TCP SPT=49842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57565 DF PROTO=TCP SPT=49842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39752 PROTO=TCP SPT=57024 DPT=6564 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:58:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.245 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52153 DPT=9715 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:58:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57566 DF PROTO=TCP SPT=49842 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 12:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 12:58:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36707 SEQ=1 Nov 9 12:58:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=187.236.123.252 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=12037 PROTO=UDP SPT=5683 DPT=15471 LEN=520 Nov 9 12:58:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9306 SEQ=1 Nov 9 12:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2398 SEQ=1 Nov 9 12:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22180 SEQ=1 Nov 9 12:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64369 SEQ=1 Nov 9 12:58:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57567 DF PROTO=TCP SPT=50189 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:23 server83 aibolit_wrapper[17858]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626733033492460.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626733033494124.txt --log=/tmp/malware_cleaner_log_17626733033495430.txt --progress=/tmp/malware_cleaner_progress_17626733033495088.json --csv_result=/tmp/revisium_csvfile_17626733033495226.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:58:23 server83 dhclient[16857]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x78da4ed0) Nov 9 12:58:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57568 DF PROTO=TCP SPT=50189 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22180 SEQ=1 Nov 9 12:58:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57569 DF PROTO=TCP SPT=50189 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:26 server83 imunify-auditd-log-reader[9638]: error messages suppressed: 53 Nov 9 12:58:26 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 12:58:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.50.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52074 DPT=7800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:58:29 server83 NetworkManager[922]: <warn> [1762673309.4443] dhcp4 (eth1): request timed out Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4443] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4522] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 16857 Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4522] dhcp4 (eth1): state changed timeout -> done Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4525] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:58:29 server83 NetworkManager[922]: <warn> [1762673309.4531] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4533] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4567] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4571] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4571] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4574] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4584] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4587] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:58:29 server83 NetworkManager[922]: <info> [1762673309.4601] dhcp4 (eth1): dhclient started with pid 17994 Nov 9 12:58:29 server83 dhclient[17994]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7c6e2c2e) Nov 9 12:58:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57570 DF PROTO=TCP SPT=50189 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3798 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:58:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56614 SEQ=1 Nov 9 12:58:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2153 SEQ=1 Nov 9 12:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19180 PROTO=TCP SPT=41811 DPT=2563 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:58:37 server83 dhclient[17994]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x7c6e2c2e) Nov 9 12:58:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57571 DF PROTO=TCP SPT=50189 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 12:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56614 SEQ=1 Nov 9 12:58:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34853 SEQ=1 Nov 9 12:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48683 SEQ=1 Nov 9 12:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41939 SEQ=1 Nov 9 12:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19945 SEQ=1 Nov 9 12:58:41 server83 pam_imunify_daemon.bin: time="2025-11-09T12:58:41+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 12:58:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21243 PROTO=TCP SPT=50395 DPT=19717 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:58:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:58:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.164.107.4 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=47281 PROTO=TCP SPT=45095 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:58:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:58:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37916 SEQ=1 Nov 9 12:58:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60285 SEQ=1 Nov 9 12:58:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48866 SEQ=1 Nov 9 12:58:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3606 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:58:50 server83 dhclient[17994]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x7c6e2c2e) Nov 9 12:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29782 SEQ=1 Nov 9 12:58:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37043 SEQ=1 Nov 9 12:58:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44563 PROTO=TCP SPT=61000 DPT=29410 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:58:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24415 PROTO=TCP SPT=59288 DPT=9568 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:58:57 server83 aibolit_wrapper[18606]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626733375893518.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626733375894616.txt --log=/tmp/malware_cleaner_log_17626733375895450.txt --progress=/tmp/malware_cleaner_progress_17626733375895246.json --csv_result=/tmp/revisium_csvfile_17626733375895334.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:58:58 server83 dhclient[17994]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7c6e2c2e) Nov 9 12:59:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:59:01 server83 systemd: Started Session 312208 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312207 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312209 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312210 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312211 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312212 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312213 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312214 of user root. Nov 9 12:59:01 server83 systemd: Started Session 312215 of user root. Nov 9 12:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8530 SEQ=1 Nov 9 12:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38325 SEQ=1 Nov 9 12:59:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61719 SEQ=1 Nov 9 12:59:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38325 SEQ=1 Nov 9 12:59:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64867 SEQ=1 Nov 9 12:59:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.125 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50743 DPT=7722 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34900 PROTO=TCP SPT=41811 DPT=2556 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:59:09 server83 aibolit_wrapper[18939]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626733498595002.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626733498596452.txt --log=/tmp/malware_cleaner_log_17626733498598016.txt --progress=/tmp/malware_cleaner_progress_17626733498597538.json --csv_result=/tmp/revisium_csvfile_17626733498597718.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 12:59:13 server83 dhclient[17994]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7c6e2c2e) Nov 9 12:59:14 server83 NetworkManager[922]: <warn> [1762673354.4503] dhcp4 (eth1): request timed out Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 17994 Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:59:14 server83 NetworkManager[922]: <warn> [1762673354.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4707] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4711] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4712] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4716] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4727] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4730] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 12:59:14 server83 NetworkManager[922]: <info> [1762673354.4741] dhcp4 (eth1): dhclient started with pid 19104 Nov 9 12:59:14 server83 dhclient[19104]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x1b5c5028) Nov 9 12:59:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.121.84.49 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58255 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42326 SEQ=1 Nov 9 12:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32406 SEQ=1 Nov 9 12:59:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22743 SEQ=1 Nov 9 12:59:20 server83 dhclient[19104]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x1b5c5028) Nov 9 12:59:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.184.76.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=65517 DF PROTO=TCP SPT=11494 DPT=32768 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 12:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21914 SEQ=1 Nov 9 12:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17170 SEQ=1 Nov 9 12:59:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13307 SEQ=1 Nov 9 12:59:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.240 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51103 DPT=9861 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23680 PROTO=TCP SPT=35306 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23681 PROTO=TCP SPT=35306 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42281 PROTO=TCP SPT=36542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=23682 PROTO=TCP SPT=35306 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.52.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51363 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42282 PROTO=TCP SPT=36542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42283 PROTO=TCP SPT=36542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:33 server83 dhclient[19104]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x1b5c5028) Nov 9 12:59:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=42285 PROTO=TCP SPT=36542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 12:59:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3605 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 12:59:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2950 SEQ=1 Nov 9 12:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14106 SEQ=1 Nov 9 12:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18547 SEQ=1 Nov 9 12:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2950 SEQ=1 Nov 9 12:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33988 SEQ=1 Nov 9 12:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28806 SEQ=1 Nov 9 12:59:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.123 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56207 DPT=37044 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 12:59:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53207 DPT=8883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.160 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54554 DPT=8867 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 12:59:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.classes: ProactiveModel.Host should not be empty Nov 9 12:59:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 12:59:47 server83 dhclient[19104]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x1b5c5028) Nov 9 12:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58903 SEQ=1 Nov 9 12:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47799 SEQ=1 Nov 9 12:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32619 SEQ=1 Nov 9 12:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49770 SEQ=1 Nov 9 12:59:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 12:59:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64086 SEQ=1 Nov 9 12:59:59 server83 NetworkManager[922]: <warn> [1762673399.4503] dhcp4 (eth1): request timed out Nov 9 12:59:59 server83 NetworkManager[922]: <info> [1762673399.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 12:59:59 server83 NetworkManager[922]: <info> [1762673399.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19104 Nov 9 12:59:59 server83 NetworkManager[922]: <info> [1762673399.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 12:59:59 server83 NetworkManager[922]: <info> [1762673399.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 12:59:59 server83 NetworkManager[922]: <warn> [1762673399.4668] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 12:59:59 server83 NetworkManager[922]: <info> [1762673399.4669] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:00:01 server83 systemd: Started Session 312217 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312216 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312218 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312220 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312219 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312221 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312224 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312223 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312225 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312226 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312227 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312222 of user root. Nov 9 13:00:01 server83 systemd: Created slice User Slice of sanatanhinduvahi. Nov 9 13:00:01 server83 systemd: Started Session 312230 of user sanatanhinduvahi. Nov 9 13:00:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:00:01 server83 systemd: Started Session 312228 of user accentri. Nov 9 13:00:01 server83 systemd: Started Session 312233 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312232 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312235 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312237 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312236 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312229 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312231 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312240 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312234 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312238 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312241 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312239 of user accentri. Nov 9 13:00:01 server83 systemd: Started Session 312242 of user root. Nov 9 13:00:01 server83 systemd: Started Session 312243 of user sanatanhinduvahi. Nov 9 13:00:01 server83 systemd: Started Session 312244 of user root. Nov 9 13:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:00:01 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 13:00:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14607 SEQ=1 Nov 9 13:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64741 SEQ=1 Nov 9 13:00:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:00:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:00:05 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:00:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=870 SEQ=1 Nov 9 13:00:06 server83 aibolit_wrapper[21366]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626734065333514.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626734065335210.txt --log=/tmp/malware_cleaner_log_17626734065337034.txt --progress=/tmp/malware_cleaner_progress_17626734065336524.json --csv_result=/tmp/revisium_csvfile_17626734065336778.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:00:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43149 SEQ=1 Nov 9 13:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43149 SEQ=1 Nov 9 13:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=870 SEQ=1 Nov 9 13:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64741 SEQ=1 Nov 9 13:00:10 server83 aibolit_wrapper[21997]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626734108076098.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626734108077310.txt --log=/tmp/malware_cleaner_log_17626734108078548.txt --progress=/tmp/malware_cleaner_progress_17626734108078246.json --csv_result=/tmp/revisium_csvfile_17626734108078384.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:00:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.116.240 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=59398 DF PROTO=TCP SPT=60422 DPT=9796 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:00:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:00:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:00:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:00:16 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=44544 DF PROTO=ICMP TYPE=8 CODE=0 ID=45350 SEQ=17220 Nov 9 13:00:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5102 SEQ=1 Nov 9 13:00:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.50.16.198 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=53078 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:00:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5102 SEQ=1 Nov 9 13:00:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.21 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=26893 PROTO=TCP SPT=44925 DPT=7444 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:00:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3604 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14321 SEQ=1 Nov 9 13:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55306 SEQ=1 Nov 9 13:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30086 SEQ=1 Nov 9 13:00:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62809 SEQ=1 Nov 9 13:00:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.99.13.2 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=59268 DF PROTO=ICMP TYPE=8 CODE=0 ID=26971 SEQ=49735 Nov 9 13:00:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=50561 PROTO=TCP SPT=51074 DPT=8026 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=63246 DF PROTO=ICMP TYPE=8 CODE=0 ID=42285 SEQ=6660 Nov 9 13:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19683 SEQ=1 Nov 9 13:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30816 SEQ=1 Nov 9 13:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19683 SEQ=1 Nov 9 13:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25395 SEQ=1 Nov 9 13:00:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49551 SEQ=1 Nov 9 13:00:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44421 PROTO=TCP SPT=41120 DPT=5298 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:00:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.250.80.183 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=46723 DF PROTO=TCP SPT=47747 DPT=4643 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:00:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62823 PROTO=TCP SPT=49956 DPT=28361 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:00:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=194.180.48.63 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18478 PROTO=TCP SPT=48169 DPT=2222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:00:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.ibase_pconnection: ProactiveModel.Host should not be empty Nov 9 13:00:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:00:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=25067 PROTO=TCP SPT=32750 DPT=4840 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:00:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=59933 PROTO=TCP SPT=51775 DPT=40305 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49417 SEQ=1 Nov 9 13:00:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27995 SEQ=1 Nov 9 13:00:49 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:00:49 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 13:00:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=44916 DF PROTO=ICMP TYPE=8 CODE=0 ID=13202 SEQ=22107 Nov 9 13:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49417 SEQ=1 Nov 9 13:00:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52903 DPT=11553 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:00:50 server83 aibolit_wrapper[27072]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626734505891958.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626734505893366.txt --log=/tmp/malware_cleaner_log_17626734505894756.txt --progress=/tmp/malware_cleaner_progress_17626734505894456.json --csv_result=/tmp/revisium_csvfile_17626734505894580.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22162 SEQ=1 Nov 9 13:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56415 SEQ=1 Nov 9 13:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.81.3.216 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=22 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=9 SEQ=14847 Nov 9 13:00:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57572 DF PROTO=TCP SPT=54044 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10353 SEQ=1 Nov 9 13:00:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57573 DF PROTO=TCP SPT=54044 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:00:56 server83 aibolit_wrapper[27937]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626734563201802.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626734563202874.txt --log=/tmp/malware_cleaner_log_17626734563204774.txt --progress=/tmp/malware_cleaner_progress_17626734563204444.json --csv_result=/tmp/revisium_csvfile_17626734563204600.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:00:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61176 PROTO=TCP SPT=45727 DPT=32046 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:00:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57574 DF PROTO=TCP SPT=54044 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:00:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42156 PROTO=TCP SPT=49956 DPT=28363 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:01:01 server83 systemd: Started Session 312245 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312246 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312247 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312248 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312249 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312250 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312251 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312252 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312253 of user root. Nov 9 13:01:01 server83 systemd: Started Session 312254 of user root. Nov 9 13:01:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56642 SEQ=1 Nov 9 13:01:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57575 DF PROTO=TCP SPT=54044 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:01:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5271 SEQ=1 Nov 9 13:01:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64174 SEQ=1 Nov 9 13:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25251 SEQ=1 Nov 9 13:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25251 SEQ=1 Nov 9 13:01:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.185 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56386 DPT=9793 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:01:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57576 DF PROTO=TCP SPT=54044 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:01:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=43.98.167.122 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=22215 DF PROTO=TCP SPT=53085 DPT=8081 WINDOW=4816 RES=0x00 SYN URGP=0 Nov 9 13:01:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=150.107.38.251 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=33177 PROTO=TCP SPT=45845 DPT=2003 WINDOW=64337 RES=0x00 SYN URGP=0 Nov 9 13:01:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8651 PROTO=TCP SPT=43021 DPT=6419 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:01:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50557 SEQ=1 Nov 9 13:01:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15656 SEQ=1 Nov 9 13:01:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54396 SEQ=1 Nov 9 13:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23174 SEQ=1 Nov 9 13:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1887 SEQ=1 Nov 9 13:01:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15656 SEQ=1 Nov 9 13:01:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.140.206 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=4142 DF PROTO=TCP SPT=42525 DPT=4206 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=43552 PROTO=TCP SPT=50883 DPT=7745 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:01:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.208.133.114 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=232 ID=36043 PROTO=TCP SPT=51637 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:01:29 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:01:31 server83 aibolit_wrapper[32263]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d short_open_tag=on -d extension=posix -d extension=zip -d extension=hyperscan -d disable_functions=pcntl_exec,popen,exec,system,passthru,proc_open,shell_exec,ftp_exec,phpinfo,ini_restore,dl,symlink,chgrp,putenv,getmyuid,posix_setsid,posix_setpgid,apache_child_terminate,virtual,proc_close,proc_get_status,proc_terminate,proc_nice,getmygid,proc_getstatus,escapeshellarg,show_source,pclose,get_current_user,getmyid,pfsockopen,syslog,phpcredits,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_getpriority,pcntl_setpriority /opt/ai-bolit/ai-bolit-hoster.php --smart --deobfuscate --avdb /var/imunify360/files/sigs/v1/aibolit/ai-bolit-hoster-full.db --no-html --memory 2048M --progress /var/imunify360/tmp/progress_file_17626734917407094 --use-filters --hs /var/imunify360/files/sigs/v1/aibolit/hyperscan --detect-admin-tools --listing /tmp/tmpv5cp48ks --with-suspicious --size 1048576 --cloudscan-size 104857600 --json_report . --json-stdout --shared-mem-progress 4802887814495674866 --create-shared-mem Nov 9 13:01:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15943 SEQ=1 Nov 9 13:01:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7920 SEQ=1 Nov 9 13:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7920 SEQ=1 Nov 9 13:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4344 SEQ=1 Nov 9 13:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4344 SEQ=1 Nov 9 13:01:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54147 SEQ=1 Nov 9 13:01:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12217 SEQ=1 Nov 9 13:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.35 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50857 DPT=14875 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:01:40 server83 aibolit_wrapper[811]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626735005575094.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626735005576126.txt --log=/tmp/malware_cleaner_log_17626735005576946.txt --progress=/tmp/malware_cleaner_progress_17626735005576730.json --csv_result=/tmp/revisium_csvfile_17626735005576814.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:01:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4165 PROTO=TCP SPT=51662 DPT=8634 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:01:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.created: ProactiveModel.Host should not be empty Nov 9 13:01:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:01:46 server83 aibolit_wrapper[1657]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626735068250142.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626735068251662.txt --log=/tmp/malware_cleaner_log_17626735068253062.txt --progress=/tmp/malware_cleaner_progress_17626735068252652.json --csv_result=/tmp/revisium_csvfile_17626735068252802.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:01:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:01:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=61620 DF PROTO=ICMP TYPE=8 CODE=0 ID=64982 SEQ=53222 Nov 9 13:01:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16452 SEQ=1 Nov 9 13:01:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56905 SEQ=1 Nov 9 13:01:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.193 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=60582 DPT=8038 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:01:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56905 SEQ=1 Nov 9 13:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6013 SEQ=1 Nov 9 13:01:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.234 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51867 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:01:52 server83 aibolit_wrapper[2380]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626735129539512.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626735129543114.txt --progress=/tmp/malware_cleaner_progress_17626735129542546.json --csv_result=/tmp/revisium_csvfile_17626735129542734.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:01:54 server83 PAM-hulk[2491]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES Nov 9 13:01:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27325 SEQ=1 Nov 9 13:01:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.191.178 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41254 DPT=8038 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:02:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:02:01 server83 systemd: Started Session 312256 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312255 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312257 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312258 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312259 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312260 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312261 of user root. Nov 9 13:02:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:02:01 server83 systemd: Started Session 312263 of user accentri. Nov 9 13:02:01 server83 systemd: Started Session 312262 of user root. Nov 9 13:02:01 server83 systemd: Started Session 312264 of user accentri. Nov 9 13:02:01 server83 systemd: Started Session 312265 of user root. Nov 9 13:02:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12310 SEQ=1 Nov 9 13:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=66 SEQ=1 Nov 9 13:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=66 SEQ=1 Nov 9 13:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12310 SEQ=1 Nov 9 13:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46542 SEQ=1 Nov 9 13:02:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51948 SEQ=1 Nov 9 13:02:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61616 PROTO=TCP SPT=49956 DPT=29373 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:02:12 server83 scripts.sh: Sun Nov 9 13:02:12 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:02:15 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:02:15 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:02:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3797 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=6489 DF PROTO=ICMP TYPE=8 CODE=0 ID=23357 SEQ=14113 Nov 9 13:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62814 SEQ=1 Nov 9 13:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62814 SEQ=1 Nov 9 13:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5637 SEQ=1 Nov 9 13:02:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35437 SEQ=1 Nov 9 13:02:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53989 SEQ=1 Nov 9 13:02:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12792 SEQ=1 Nov 9 13:02:27 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 13:02:28 server83 aibolit_wrapper[6911]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626735484001520.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626735484002946.txt --log=/tmp/malware_cleaner_log_17626735484004490.txt --progress=/tmp/malware_cleaner_progress_17626735484004136.json --csv_result=/tmp/revisium_csvfile_17626735484004278.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:02:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:02:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27347 SEQ=1 Nov 9 13:02:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6048 PROTO=TCP SPT=33574 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6049 PROTO=TCP SPT=33574 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=62667 PROTO=TCP SPT=41471 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6050 PROTO=TCP SPT=33574 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=62668 PROTO=TCP SPT=41471 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6051 PROTO=TCP SPT=33574 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=62669 PROTO=TCP SPT=41471 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55661 SEQ=1 Nov 9 13:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49008 SEQ=1 Nov 9 13:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27660 SEQ=1 Nov 9 13:02:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15516 SEQ=1 Nov 9 13:02:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=62671 PROTO=TCP SPT=41471 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:02:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.classes: ProactiveModel.Host should not be empty Nov 9 13:02:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:02:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19676 SEQ=1 Nov 9 13:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19676 SEQ=1 Nov 9 13:02:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1148 SEQ=1 Nov 9 13:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11471 SEQ=1 Nov 9 13:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4497 SEQ=1 Nov 9 13:02:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1148 SEQ=1 Nov 9 13:02:57 server83 aibolit_wrapper[10674]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626735778343472.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626735778345074.txt --log=/tmp/malware_cleaner_log_17626735778346540.txt --progress=/tmp/malware_cleaner_progress_17626735778346146.json --csv_result=/tmp/revisium_csvfile_17626735778346320.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:02:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.154.95.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=16704 PROTO=TCP SPT=35660 DPT=1080 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:03:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:03:01 server83 systemd: Started Session 312269 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312270 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312268 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312271 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312266 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312272 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312267 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312273 of user root. Nov 9 13:03:01 server83 systemd: Started Session 312274 of user root. Nov 9 13:03:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36822 PROTO=TCP SPT=38059 DPT=9980 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8086 SEQ=1 Nov 9 13:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4908 SEQ=1 Nov 9 13:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57234 SEQ=1 Nov 9 13:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24878 SEQ=1 Nov 9 13:03:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38332 PROTO=TCP SPT=61000 DPT=29091 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62644 SEQ=1 Nov 9 13:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8086 SEQ=1 Nov 9 13:03:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31688 PROTO=TCP SPT=42111 DPT=2541 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.172.191.62 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=46449 DPT=9000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:03:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3603 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46194 SEQ=1 Nov 9 13:03:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:03:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3796 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35451 SEQ=1 Nov 9 13:03:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25111 SEQ=1 Nov 9 13:03:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33242 SEQ=1 Nov 9 13:03:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28519 PROTO=TCP SPT=45727 DPT=32972 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:20 server83 aibolit_wrapper[13578]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626736000336962.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626736000338654.txt --log=/tmp/malware_cleaner_log_17626736000340602.txt --progress=/tmp/malware_cleaner_progress_17626736000340080.json --csv_result=/tmp/revisium_csvfile_17626736000340338.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:03:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36363 SEQ=1 Nov 9 13:03:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.86.246 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2036 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38334 SEQ=1 Nov 9 13:03:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=23276 DF PROTO=TCP SPT=62971 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49516 SEQ=1 Nov 9 13:03:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=23277 DF PROTO=TCP SPT=62971 DPT=2222 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=23278 DF PROTO=TCP SPT=62971 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:03:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=23279 DF PROTO=TCP SPT=62971 DPT=2222 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:03:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11967 PROTO=TCP SPT=53608 DPT=8989 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55361 SEQ=1 Nov 9 13:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57152 SEQ=1 Nov 9 13:03:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=23301 DF PROTO=TCP SPT=64007 DPT=8090 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:03:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=23303 DF PROTO=TCP SPT=64007 DPT=8090 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44025 SEQ=1 Nov 9 13:03:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54414 PROTO=TCP SPT=51791 DPT=23736 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:03:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10760 PROTO=TCP SPT=53608 DPT=1080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16342 SEQ=1 Nov 9 13:03:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=23304 DF PROTO=TCP SPT=64007 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:03:40 server83 aibolit_wrapper[16148]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626736202021318.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626736202022716.txt --log=/tmp/malware_cleaner_log_17626736202024004.txt --progress=/tmp/malware_cleaner_progress_17626736202023690.json --csv_result=/tmp/revisium_csvfile_17626736202023824.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25324 PROTO=TCP SPT=53608 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=15.235.145.92 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=23305 DF PROTO=TCP SPT=64007 DPT=8090 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:03:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22487 PROTO=TCP SPT=53608 DPT=5678 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.ob_iconv_handle: ProactiveModel.Host should not be empty Nov 9 13:03:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:03:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23996 SEQ=1 Nov 9 13:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24589 SEQ=1 Nov 9 13:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47641 SEQ=1 Nov 9 13:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23996 SEQ=1 Nov 9 13:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35434 SEQ=1 Nov 9 13:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21338 SEQ=1 Nov 9 13:03:53 server83 pam_imunify_daemon.bin: time="2025-11-09T13:03:53+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:03:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54489 PROTO=TCP SPT=53608 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7225 PROTO=TCP SPT=45796 DPT=6574 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49008 PROTO=TCP SPT=53608 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=66.132.153.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=53080 PROTO=TCP SPT=55395 DPT=101 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:03:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.16 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=27930 PROTO=TCP SPT=26200 DPT=5853 WINDOW=28646 RES=0x00 SYN URGP=0 Nov 9 13:03:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30714 PROTO=TCP SPT=53608 DPT=8090 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:03:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:03:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26076 PROTO=TCP SPT=53608 DPT=8118 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:01 server83 systemd: Started Session 312276 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312277 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312278 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312275 of user root. Nov 9 13:04:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:04:01 server83 systemd: Started Session 312279 of user accentri. Nov 9 13:04:01 server83 systemd: Started Session 312280 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312281 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312282 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312283 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312284 of user root. Nov 9 13:04:01 server83 systemd: Started Session 312285 of user accentri. Nov 9 13:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:04:01 server83 imunify-auditd-log-reader[9638]: lost 7 message sequences Nov 9 13:04:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54024 SEQ=1 Nov 9 13:04:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=32653 PROTO=TCP SPT=52911 DPT=8022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46484 SEQ=1 Nov 9 13:04:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62981 SEQ=1 Nov 9 13:04:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.65 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49331 DPT=32795 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3795 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52120 PROTO=TCP SPT=50395 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.31 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=27183 PROTO=TCP SPT=4404 DPT=8081 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:04:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1850 PROTO=TCP SPT=53608 DPT=1111 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17238 PROTO=TCP SPT=53608 DPT=4145 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62981 SEQ=1 Nov 9 13:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46484 SEQ=1 Nov 9 13:04:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.204 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50753 DPT=2022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:04:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42954 PROTO=TCP SPT=53608 DPT=4153 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=90.151.171.106 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2675 PROTO=TCP SPT=53608 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1758 SEQ=1 Nov 9 13:04:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52088 SEQ=1 Nov 9 13:04:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22991 SEQ=1 Nov 9 13:04:19 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=75.2.18.233 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20135 DF PROTO=TCP SPT=45440 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=4578 GID=4579 Nov 9 13:04:20 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=75.2.18.233 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20136 DF PROTO=TCP SPT=45440 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=4578 GID=4579 Nov 9 13:04:20 server83 systemd: Started Session c2883 of user root. Nov 9 13:04:21 server83 scripts.sh: Load Average: 4.16 , 3.87 Nov 9 13:04:21 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 13:04:21 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 13:04:21 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 13:04:21 server83 scripts.sh: HTTPD Status: inactive Nov 9 13:04:21 server83 scripts.sh: MySQL Status: active Nov 9 13:04:21 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 13:04:21 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 13:04:21 server83 scripts.sh: SSHD Status: active Nov 9 13:04:21 server83 scripts.sh: FTP Status: active Nov 9 13:04:21 server83 scripts.sh: LiteSpeed Status: Active Nov 9 13:04:21 server83 scripts.sh: Imunify Status: Active Nov 9 13:04:21 server83 scripts.sh: cPanel Status: active Nov 9 13:04:21 server83 scripts.sh: Memory Status: 12/31 GB - 40.52% Nov 9 13:04:21 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 13:04:21 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 13:04:21 server83 scripts.sh: Local Version: 4.4.5 Nov 9 13:04:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20260 SEQ=1 Nov 9 13:04:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=39263 PROTO=TCP SPT=43479 DPT=4051 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:04:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26893 SEQ=1 Nov 9 13:04:27 server83 aibolit_wrapper[22435]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626736675042860.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626736675044734.txt --log=/tmp/malware_cleaner_log_17626736675047274.txt --progress=/tmp/malware_cleaner_progress_17626736675046796.json --csv_result=/tmp/revisium_csvfile_17626736675047012.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:04:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:04:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9870 PROTO=TCP SPT=50945 DPT=9430 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:04:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.156 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54481 DPT=38520 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:04:31 server83 aibolit_wrapper[22950]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626736717639968.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626736717641264.txt --log=/tmp/malware_cleaner_log_17626736717642668.txt --progress=/tmp/malware_cleaner_progress_17626736717642332.json --csv_result=/tmp/revisium_csvfile_17626736717642484.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:04:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22597 SEQ=1 Nov 9 13:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20329 SEQ=1 Nov 9 13:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20329 SEQ=1 Nov 9 13:04:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34090 PROTO=TCP SPT=41811 DPT=2632 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.218 DST=145.239.177.179 LEN=65 TOS=0x00 PREC=0x00 TTL=112 ID=7485 DF PROTO=ICMP TYPE=8 CODE=0 ID=48682 SEQ=30460 Nov 9 13:04:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.196.152.231 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=16399 DF PROTO=TCP SPT=61846 DPT=3388 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:04:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.partition: ProactiveModel.Host should not be empty Nov 9 13:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:04:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.18 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=62067 PROTO=TCP SPT=26200 DPT=9066 WINDOW=53851 RES=0x00 SYN URGP=0 Nov 9 13:04:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:04:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2730 SEQ=1 Nov 9 13:04:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:04:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3295 SEQ=1 Nov 9 13:04:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2151 SEQ=1 Nov 9 13:04:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3794 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:04:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.172 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54899 DPT=20446 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:04:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11767 SEQ=1 Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4466] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4470] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4471] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4474] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4483] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4485] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:04:59 server83 NetworkManager[922]: <info> [1762673699.4496] dhcp4 (eth1): dhclient started with pid 26654 Nov 9 13:04:59 server83 dhclient[26654]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x35831734) Nov 9 13:05:01 server83 systemd: Started Session 312286 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312288 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312287 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312289 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312290 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312292 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312291 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312293 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312295 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312294 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312296 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312297 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312299 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312298 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312300 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312302 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312301 of user root. Nov 9 13:05:01 server83 systemd: Started Session 312303 of user root. Nov 9 13:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36456 SEQ=1 Nov 9 13:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36456 SEQ=1 Nov 9 13:05:03 server83 dhclient[26654]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x35831734) Nov 9 13:05:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:05:04 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 13:05:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57577 DF PROTO=TCP SPT=58079 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57578 DF PROTO=TCP SPT=58079 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:07 server83 dhclient[26654]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x35831734) Nov 9 13:05:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57579 DF PROTO=TCP SPT=58079 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45389 PROTO=TCP SPT=49956 DPT=25292 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:05:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54332 SEQ=1 Nov 9 13:05:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9372 SEQ=1 Nov 9 13:05:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23176 SEQ=1 Nov 9 13:05:11 server83 aibolit_wrapper[28230]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626737110670872.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626737110672424.txt --log=/tmp/malware_cleaner_log_17626737110673928.txt --progress=/tmp/malware_cleaner_progress_17626737110673540.json --csv_result=/tmp/revisium_csvfile_17626737110673714.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:05:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57580 DF PROTO=TCP SPT=58079 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=44107 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:12 server83 dhclient[26654]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x35831734) Nov 9 13:05:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:05:16 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:05:16 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:05:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=12479 PROTO=TCP SPT=53111 DPT=47896 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:05:18 server83 aibolit_wrapper[29401]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626737184181610.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626737184184466.txt --progress=/tmp/malware_cleaner_progress_17626737184184126.json --csv_result=/tmp/revisium_csvfile_17626737184184280.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:05:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56039 SEQ=1 Nov 9 13:05:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65051 SEQ=1 Nov 9 13:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30092 SEQ=1 Nov 9 13:05:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33593 SEQ=1 Nov 9 13:05:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57581 DF PROTO=TCP SPT=58079 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.88 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38679 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44326 SEQ=1 Nov 9 13:05:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30092 SEQ=1 Nov 9 13:05:23 server83 aibolit_wrapper[29899]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626737237123992.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626737237125752.txt --log=/tmp/malware_cleaner_log_17626737237127668.txt --progress=/tmp/malware_cleaner_progress_17626737237127138.json --csv_result=/tmp/revisium_csvfile_17626737237127368.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:05:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40986 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:25 server83 dhclient[26654]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x35831734) Nov 9 13:05:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:05:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57582 DF PROTO=TCP SPT=58821 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.23.177 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=7864 DF PROTO=TCP SPT=41010 DPT=3724 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57583 DF PROTO=TCP SPT=58821 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57584 DF PROTO=TCP SPT=58821 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.120.149 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=49232 DPT=4333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.184 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53497 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57585 DF PROTO=TCP SPT=58821 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47671 SEQ=1 Nov 9 13:05:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.165.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56297 DPT=5984 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58715 SEQ=1 Nov 9 13:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46366 SEQ=1 Nov 9 13:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33726 SEQ=1 Nov 9 13:05:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57586 DF PROTO=TCP SPT=58821 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.112 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=61703 PROTO=TCP SPT=35962 DPT=40000 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:05:44 server83 NetworkManager[922]: <warn> [1762673744.4473] dhcp4 (eth1): request timed out Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4473] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4633] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26654 Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4633] dhcp4 (eth1): state changed timeout -> done Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4635] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:05:44 server83 NetworkManager[922]: <warn> [1762673744.4640] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4642] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4675] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4679] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4680] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4683] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4693] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4696] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:05:44 server83 NetworkManager[922]: <info> [1762673744.4710] dhcp4 (eth1): dhclient started with pid 32260 Nov 9 13:05:44 server83 dhclient[32260]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x25d8b553) Nov 9 13:05:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:05:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:05:47 server83 dhclient[32260]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x25d8b553) Nov 9 13:05:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.210 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50239 DPT=18080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25365 PROTO=TCP SPT=44977 DPT=5473 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39096 SEQ=1 Nov 9 13:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36413 SEQ=1 Nov 9 13:05:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.192 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53820 DPT=20257 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30057 SEQ=1 Nov 9 13:05:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=225 SEQ=1 Nov 9 13:05:54 server83 dhclient[32260]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x25d8b553) Nov 9 13:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39096 SEQ=1 Nov 9 13:05:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23494 SEQ=1 Nov 9 13:05:54 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:05:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.81.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33040 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:06:00 server83 aibolit_wrapper[1751]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626737600551838.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626737600553402.txt --log=/tmp/malware_cleaner_log_17626737600554648.txt --progress=/tmp/malware_cleaner_progress_17626737600554314.json --csv_result=/tmp/revisium_csvfile_17626737600554464.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:06:01 server83 systemd: Started Session 312304 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312305 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312307 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312306 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312308 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312310 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312311 of user root. Nov 9 13:06:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:06:01 server83 systemd: Started Session 312312 of user accentri. Nov 9 13:06:01 server83 systemd: Started Session 312309 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312313 of user root. Nov 9 13:06:01 server83 systemd: Started Session 312314 of user accentri. Nov 9 13:06:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39709 SEQ=1 Nov 9 13:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24189 SEQ=1 Nov 9 13:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22522 SEQ=1 Nov 9 13:06:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43772 SEQ=1 Nov 9 13:06:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=134.209.183.166 DST=51.210.113.204 LEN=122 TOS=0x00 PREC=0x00 TTL=50 ID=28003 DF PROTO=UDP SPT=5060 DPT=8082 LEN=102 Nov 9 13:06:07 server83 dhclient[32260]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x25d8b553) Nov 9 13:06:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=38818 PROTO=TCP SPT=47310 DPT=7436 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55884 SEQ=1 Nov 9 13:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64102 SEQ=1 Nov 9 13:06:14 server83 aibolit_wrapper[3642]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626737743362882.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626737743364658.txt --log=/tmp/malware_cleaner_log_17626737743366582.txt --progress=/tmp/malware_cleaner_progress_17626737743366072.json --csv_result=/tmp/revisium_csvfile_17626737743366328.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:06:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.67.107 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33635 DPT=444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:06:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41928 SEQ=1 Nov 9 13:06:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33716 SEQ=1 Nov 9 13:06:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63012 SEQ=1 Nov 9 13:06:22 server83 dhclient[32260]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x25d8b553) Nov 9 13:06:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.138.20.120 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=50084 DF PROTO=ICMP TYPE=8 CODE=0 ID=57637 SEQ=61206 Nov 9 13:06:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41928 SEQ=1 Nov 9 13:06:29 server83 NetworkManager[922]: <warn> [1762673789.4513] dhcp4 (eth1): request timed out Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4513] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4673] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32260 Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4674] dhcp4 (eth1): state changed timeout -> done Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4676] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:06:29 server83 NetworkManager[922]: <warn> [1762673789.4682] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4684] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4719] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4724] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4725] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4730] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4740] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4744] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:06:29 server83 NetworkManager[922]: <info> [1762673789.4756] dhcp4 (eth1): dhclient started with pid 5612 Nov 9 13:06:29 server83 dhclient[5612]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x7fff1562) Nov 9 13:06:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.81 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=7425 DF PROTO=TCP SPT=1260 DPT=44783 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:06:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=33390 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:06:32 server83 dhclient[5612]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7fff1562) Nov 9 13:06:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52664 SEQ=1 Nov 9 13:06:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34718 SEQ=1 Nov 9 13:06:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52664 SEQ=1 Nov 9 13:06:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14944 SEQ=1 Nov 9 13:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13068 SEQ=1 Nov 9 13:06:39 server83 dhclient[5612]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x7fff1562) Nov 9 13:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55079 SEQ=1 Nov 9 13:06:46 server83 dhclient[5612]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7fff1562) Nov 9 13:06:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:06:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:06:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.221.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32857 DPT=10011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55601 SEQ=1 Nov 9 13:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15499 SEQ=1 Nov 9 13:06:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11699 SEQ=1 Nov 9 13:06:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.59 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=60504 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45830 SEQ=1 Nov 9 13:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22023 SEQ=1 Nov 9 13:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11256 SEQ=1 Nov 9 13:06:54 server83 aibolit_wrapper[8317]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626738140879096.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626738140880774.txt --log=/tmp/malware_cleaner_log_17626738140882852.txt --progress=/tmp/malware_cleaner_progress_17626738140882306.json --csv_result=/tmp/revisium_csvfile_17626738140882554.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:06:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:06:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9659 PROTO=TCP SPT=33157 DPT=6687 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:06:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.146 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56423 DPT=210 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:07:01 server83 aibolit_wrapper[9125]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626738213702292.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626738213704416.txt --log=/tmp/malware_cleaner_log_17626738213705964.txt --progress=/tmp/malware_cleaner_progress_17626738213705550.json --csv_result=/tmp/revisium_csvfile_17626738213705750.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:07:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:07:01 server83 systemd: Started Session 312315 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312316 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312317 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312318 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312322 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312321 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312319 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312320 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312323 of user root. Nov 9 13:07:01 server83 systemd: Started Session 312324 of user root. Nov 9 13:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42898 SEQ=1 Nov 9 13:07:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8008 SEQ=1 Nov 9 13:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55490 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:07:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46887 DPT=3333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:07:04 server83 dhclient[5612]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7fff1562) Nov 9 13:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7384 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7385 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37866 SEQ=1 Nov 9 13:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24400 PROTO=TCP SPT=40627 DPT=4481 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:07:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9659 SEQ=1 Nov 9 13:07:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7386 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59742 SEQ=1 Nov 9 13:07:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3602 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:07:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.29 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=59165 PROTO=TCP SPT=14451 DPT=10252 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:07:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7387 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:14 server83 NetworkManager[922]: <warn> [1762673834.4433] dhcp4 (eth1): request timed out Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4433] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5612 Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4594] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:07:14 server83 NetworkManager[922]: <warn> [1762673834.4597] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4598] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4626] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4628] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4629] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4631] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4640] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4641] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:07:14 server83 NetworkManager[922]: <info> [1762673834.4650] dhcp4 (eth1): dhclient started with pid 10627 Nov 9 13:07:14 server83 dhclient[10627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x14f7b99e) Nov 9 13:07:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57587 DF PROTO=TCP SPT=61497 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57588 DF PROTO=TCP SPT=61497 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:20 server83 dhclient[10627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x14f7b99e) Nov 9 13:07:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38214 SEQ=1 Nov 9 13:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7388 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23479 PROTO=TCP SPT=50395 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.154 DST=51.210.113.204 LEN=61 TOS=0x00 PREC=0x00 TTL=108 ID=26034 DF PROTO=ICMP TYPE=8 CODE=0 ID=55646 SEQ=58434 Nov 9 13:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33198 SEQ=1 Nov 9 13:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57589 DF PROTO=TCP SPT=61497 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25243 SEQ=1 Nov 9 13:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47471 SEQ=1 Nov 9 13:07:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7685 SEQ=1 Nov 9 13:07:25 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:07:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57590 DF PROTO=TCP SPT=61497 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57591 DF PROTO=TCP SPT=61669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3601 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:07:29 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 13:07:29 server83 systemd: Stopped Status Update Service. Nov 9 13:07:29 server83 systemd: Started Status Update Service. Nov 9 13:07:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57593 DF PROTO=TCP SPT=61669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:30 server83 dhclient[10627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x14f7b99e) Nov 9 13:07:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51710 SEQ=1 Nov 9 13:07:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57594 DF PROTO=TCP SPT=61669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3793 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:07:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57595 DF PROTO=TCP SPT=61497 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54099 SEQ=1 Nov 9 13:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12677 SEQ=1 Nov 9 13:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7389 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4226 SEQ=1 Nov 9 13:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4226 SEQ=1 Nov 9 13:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51710 SEQ=1 Nov 9 13:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30365 SEQ=1 Nov 9 13:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=92 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=41268 PROTO=TCP SPT=39445 DPT=42345 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=93 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57596 DF PROTO=TCP SPT=61669 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:07:42 server83 dhclient[10627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x14f7b99e) Nov 9 13:07:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=94 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:07:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=95 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:07:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1154 SEQ=1 Nov 9 13:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61462 SEQ=1 Nov 9 13:07:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.84.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53689 DPT=10011 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:07:52 server83 aibolit_wrapper[15629]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626738726303862.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626738726305030.txt --log=/tmp/malware_cleaner_log_17626738726306136.txt --progress=/tmp/malware_cleaner_progress_17626738726305898.json --csv_result=/tmp/revisium_csvfile_17626738726306002.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:07:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18792 SEQ=1 Nov 9 13:07:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28042 SEQ=1 Nov 9 13:07:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57731 SEQ=1 Nov 9 13:07:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=49453 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=96 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:07:55 server83 dhclient[10627]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x14f7b99e) Nov 9 13:07:58 server83 aibolit_wrapper[16349]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626738781805760.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626738781807290.txt --log=/tmp/malware_cleaner_log_17626738781808994.txt --progress=/tmp/malware_cleaner_progress_17626738781808600.json --csv_result=/tmp/revisium_csvfile_17626738781808794.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:07:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=664 PROTO=TCP SPT=45727 DPT=33057 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:07:59 server83 NetworkManager[922]: <warn> [1762673879.4419] dhcp4 (eth1): request timed out Nov 9 13:07:59 server83 NetworkManager[922]: <info> [1762673879.4419] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:07:59 server83 NetworkManager[922]: <info> [1762673879.4578] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10627 Nov 9 13:07:59 server83 NetworkManager[922]: <info> [1762673879.4578] dhcp4 (eth1): state changed timeout -> done Nov 9 13:07:59 server83 NetworkManager[922]: <info> [1762673879.4580] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:07:59 server83 NetworkManager[922]: <warn> [1762673879.4583] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:07:59 server83 NetworkManager[922]: <info> [1762673879.4584] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:08:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50353 PROTO=TCP SPT=58106 DPT=7860 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:08:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 13:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:08:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:08:01 server83 systemd: Started Session 312326 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312325 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312328 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312329 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312330 of user root. Nov 9 13:08:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:08:01 server83 systemd: Started Session 312331 of user accentri. Nov 9 13:08:01 server83 systemd: Started Session 312332 of user accentri. Nov 9 13:08:01 server83 systemd: Started Session 312327 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312333 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312334 of user root. Nov 9 13:08:01 server83 systemd: Started Session 312335 of user root. Nov 9 13:08:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:08:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:08:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.82.47.54 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38152 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13524 SEQ=1 Nov 9 13:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6424 SEQ=1 Nov 9 13:08:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42958 SEQ=1 Nov 9 13:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51505 SEQ=1 Nov 9 13:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56421 SEQ=1 Nov 9 13:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51505 SEQ=1 Nov 9 13:08:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=7390 DF PROTO=TCP SPT=46502 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=97 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.194.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=59037 PROTO=TCP SPT=59880 DPT=30001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22794 SEQ=1 Nov 9 13:08:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60501 PROTO=TCP SPT=45727 DPT=30790 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61518 SEQ=1 Nov 9 13:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41729 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39257 SEQ=1 Nov 9 13:08:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21640 SEQ=1 Nov 9 13:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 13:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 13:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41730 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50220 DPT=22001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34634 SEQ=1 Nov 9 13:08:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33443 SEQ=1 Nov 9 13:08:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41731 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41732 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.111 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=51018 DPT=8445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44784 SEQ=1 Nov 9 13:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5675 SEQ=1 Nov 9 13:08:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37422 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.122 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=53725 DF PROTO=TCP SPT=3312 DPT=9686 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41733 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44784 SEQ=1 Nov 9 13:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5776 SEQ=1 Nov 9 13:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53913 SEQ=1 Nov 9 13:08:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.20 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57206 DPT=1913 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2376 SEQ=1 Nov 9 13:08:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.10.188 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=44 ID=0 DF PROTO=TCP SPT=57850 DPT=6018 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:08:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3800 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=38242 PROTO=TCP SPT=62294 DPT=7170 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=98 DF PROTO=TCP SPT=47052 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.237 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51909 DPT=8152 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:45 server83 aibolit_wrapper[21383]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626739255525356.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626739255527184.txt --log=/tmp/malware_cleaner_log_17626739255529044.txt --progress=/tmp/malware_cleaner_progress_17626739255528542.json --csv_result=/tmp/revisium_csvfile_17626739255528748.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:08:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.request: ProactiveModel.Host should not be empty Nov 9 13:08:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 13:08:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:08:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:08:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=54459 PROTO=TCP SPT=42647 DPT=9304 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:08:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41734 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:08:51 server83 aibolit_wrapper[21982]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626739312151330.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626739312152764.txt --log=/tmp/malware_cleaner_log_17626739312154632.txt --progress=/tmp/malware_cleaner_progress_17626739312154246.json --csv_result=/tmp/revisium_csvfile_17626739312154432.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39056 SEQ=1 Nov 9 13:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32806 SEQ=1 Nov 9 13:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30660 SEQ=1 Nov 9 13:08:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50791 SEQ=1 Nov 9 13:08:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56698 SEQ=1 Nov 9 13:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:09:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:09:01 server83 systemd: Started Session 312336 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312338 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312339 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312337 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312340 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312341 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312342 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312343 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312344 of user root. Nov 9 13:09:01 server83 systemd: Started Session 312345 of user root. Nov 9 13:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21589 SEQ=1 Nov 9 13:09:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37103 SEQ=1 Nov 9 13:09:02 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:09:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.62 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51214 DPT=7822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:09:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:09:05 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:09:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52458 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55385 SEQ=1 Nov 9 13:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52459 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41771 SEQ=1 Nov 9 13:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27626 SEQ=1 Nov 9 13:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44848 SEQ=1 Nov 9 13:09:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52460 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56272 PROTO=TCP SPT=51791 DPT=47340 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:09:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.235.121.84 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=43221 PROTO=TCP SPT=57202 DPT=30001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52461 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3799 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:09:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34486 SEQ=1 Nov 9 13:09:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10057 SEQ=1 Nov 9 13:09:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.8.238.163 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=24765 DF PROTO=ICMP TYPE=8 CODE=0 ID=62715 SEQ=40981 Nov 9 13:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47686 SEQ=1 Nov 9 13:09:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.230 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59797 DPT=8888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52462 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56579 SEQ=1 Nov 9 13:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25043 PROTO=TCP SPT=49956 DPT=26887 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:09:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.153 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52209 DPT=86 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41735 DF PROTO=TCP SPT=47556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:26 server83 aibolit_wrapper[25259]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626739665526464.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626739665527514.txt --log=/tmp/malware_cleaner_log_17626739665528436.txt --progress=/tmp/malware_cleaner_progress_17626739665528210.json --csv_result=/tmp/revisium_csvfile_17626739665528316.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:09:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42741 DPT=8123 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:09:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.40 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=52824 PROTO=TCP SPT=22322 DPT=33428 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:09:30 server83 aibolit_wrapper[25633]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626739707336988.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626739707338354.txt --log=/tmp/malware_cleaner_log_17626739707340158.txt --progress=/tmp/malware_cleaner_progress_17626739707339766.json --csv_result=/tmp/revisium_csvfile_17626739707339972.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:09:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.127 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=53432 PROTO=TCP SPT=55661 DPT=10240 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:09:36 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47647 SEQ=1 Nov 9 13:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9934 SEQ=1 Nov 9 13:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7421 SEQ=1 Nov 9 13:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52463 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=24587 DF PROTO=ICMP TYPE=8 CODE=0 ID=58205 SEQ=53171 Nov 9 13:09:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4851 SEQ=1 Nov 9 13:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27550 PROTO=TCP SPT=44169 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46996 DPT=7822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4365 DF PROTO=TCP SPT=38920 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27551 PROTO=TCP SPT=44169 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4366 DF PROTO=TCP SPT=38920 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:09:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27552 PROTO=TCP SPT=44169 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:09:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29377 PROTO=TCP SPT=48621 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:09:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.dba_insertion: ProactiveModel.Host should not be empty Nov 9 13:09:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:09:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.212 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29379 PROTO=TCP SPT=48621 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:09:49 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15003 SEQ=1 Nov 9 13:09:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13052 PROTO=TCP SPT=51662 DPT=8625 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:09:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.71 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=33890 DF PROTO=TCP SPT=764 DPT=548 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31158 SEQ=1 Nov 9 13:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42699 SEQ=1 Nov 9 13:09:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59915 SEQ=1 Nov 9 13:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26493 SEQ=1 Nov 9 13:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10195 SEQ=1 Nov 9 13:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4369 DF PROTO=TCP SPT=38920 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:10:01 server83 systemd: Started Session 312347 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312348 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312346 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312350 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312352 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312353 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312349 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312354 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312355 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312351 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312356 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312357 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312358 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312359 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312360 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312361 of user root. Nov 9 13:10:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:10:01 server83 systemd: Started Session 312362 of user accentri. Nov 9 13:10:01 server83 systemd: Started Session 312363 of user root. Nov 9 13:10:01 server83 systemd: Started Session 312364 of user accentri. Nov 9 13:10:01 server83 systemd: Started Session 312365 of user root. Nov 9 13:10:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:10:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14606 SEQ=1 Nov 9 13:10:02 server83 aibolit_wrapper[28905]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626740024531744.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626740024533234.txt --log=/tmp/malware_cleaner_log_17626740024534574.txt --progress=/tmp/malware_cleaner_progress_17626740024534212.json --csv_result=/tmp/revisium_csvfile_17626740024534366.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:10:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.254 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56418 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.158 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49398 DPT=3000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:06 server83 aibolit_wrapper[29333]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626740066926704.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626740066927530.txt --log=/tmp/malware_cleaner_log_17626740066928316.txt --progress=/tmp/malware_cleaner_progress_17626740066928100.json --csv_result=/tmp/revisium_csvfile_17626740066928194.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29324 SEQ=1 Nov 9 13:10:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20064 SEQ=1 Nov 9 13:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54300 SEQ=1 Nov 9 13:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23463 SEQ=1 Nov 9 13:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11407 SEQ=1 Nov 9 13:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4370 DF PROTO=TCP SPT=38920 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52464 DF PROTO=TCP SPT=40064 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42778 SEQ=1 Nov 9 13:10:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16492 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40054 SEQ=1 Nov 9 13:10:21 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.42 DST=51.210.113.204 LEN=35 TOS=0x00 PREC=0x00 TTL=46 ID=20747 DF PROTO=UDP SPT=22421 DPT=177 LEN=15 Nov 9 13:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16493 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:22 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:10:22 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:10:22 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:10:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30589 SEQ=1 Nov 9 13:10:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35359 DPT=7822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16494 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.54.31.34 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=60687 PROTO=TCP SPT=23320 DPT=9943 WINDOW=23581 RES=0x00 SYN URGP=0 Nov 9 13:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60385 SEQ=1 Nov 9 13:10:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35709 SEQ=1 Nov 9 13:10:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.117.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=28817 PROTO=TCP SPT=48609 DPT=999 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:10:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.128 DST=51.210.113.204 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=62482 PROTO=UDP SPT=55527 DPT=7780 LEN=17 Nov 9 13:10:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16495 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:10:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.149 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=7183 PROTO=TCP SPT=41769 DPT=7822 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26129 SEQ=1 Nov 9 13:10:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36933 DPT=3333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16496 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45180 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53966 SEQ=1 Nov 9 13:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38660 SEQ=1 Nov 9 13:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43552 SEQ=1 Nov 9 13:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4044 SEQ=1 Nov 9 13:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10473 SEQ=1 Nov 9 13:10:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36919 PROTO=TCP SPT=49956 DPT=26800 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:10:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49304 DPT=1900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:10:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4371 DF PROTO=TCP SPT=38920 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:10:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:10:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:10:50 server83 aibolit_wrapper[1133]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626740500920134.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626740500921866.txt --log=/tmp/malware_cleaner_log_17626740500923504.txt --progress=/tmp/malware_cleaner_progress_17626740500923120.json --csv_result=/tmp/revisium_csvfile_17626740500923302.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:10:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28213 SEQ=1 Nov 9 13:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16497 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35434 SEQ=1 Nov 9 13:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3250 SEQ=1 Nov 9 13:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48543 SEQ=1 Nov 9 13:10:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1788 SEQ=1 Nov 9 13:10:54 server83 aibolit_wrapper[1631]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626740543362666.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626740543364284.txt --log=/tmp/malware_cleaner_log_17626740543366212.txt --progress=/tmp/malware_cleaner_progress_17626740543365644.json --csv_result=/tmp/revisium_csvfile_17626740543365918.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:10:59 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:11:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:11:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:11:01 server83 systemd: Started Session 312367 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312368 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312366 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312372 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312370 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312369 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312373 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312371 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312374 of user root. Nov 9 13:11:01 server83 systemd: Started Session 312375 of user root. Nov 9 13:11:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38119 SEQ=1 Nov 9 13:11:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1432 SEQ=1 Nov 9 13:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=97.107.134.31 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=27002 PROTO=TCP SPT=56593 DPT=144 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=60492 DPT=2049 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13893 SEQ=1 Nov 9 13:11:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6558 SEQ=1 Nov 9 13:11:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2950 SEQ=1 Nov 9 13:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59837 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48384 SEQ=1 Nov 9 13:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59838 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.57.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=7678 DF PROTO=TCP SPT=42772 DPT=2945 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:11:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59839 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59840 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=5958 PROTO=TCP SPT=56972 DPT=8422 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:11:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.129 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=17575 PROTO=TCP SPT=55723 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20013 SEQ=1 Nov 9 13:11:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.74.58.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60765 DPT=2049 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35481 SEQ=1 Nov 9 13:11:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22303 SEQ=1 Nov 9 13:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59841 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41292 PROTO=TCP SPT=49956 DPT=26245 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:11:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20013 SEQ=1 Nov 9 13:11:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59353 SEQ=1 Nov 9 13:11:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59353 SEQ=1 Nov 9 13:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=16498 DF PROTO=TCP SPT=40782 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.181 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56223 DPT=8834 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40779 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:27 server83 aibolit_wrapper[5077]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626740878475480.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626740878477536.txt --log=/tmp/malware_cleaner_log_17626740878479752.txt --progress=/tmp/malware_cleaner_progress_17626740878479278.json --csv_result=/tmp/revisium_csvfile_17626740878479492.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:11:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65083 SEQ=1 Nov 9 13:11:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1329 SEQ=1 Nov 9 13:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41304 SEQ=1 Nov 9 13:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48568 SEQ=1 Nov 9 13:11:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22237 PROTO=TCP SPT=49956 DPT=29340 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2770 SEQ=1 Nov 9 13:11:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:11:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.169.107.128 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=33008 DPT=8086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:40 server83 aibolit_wrapper[5542]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626741000519238.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626741000520412.txt --log=/tmp/malware_cleaner_log_17626741000521438.txt --progress=/tmp/malware_cleaner_progress_17626741000521162.json --csv_result=/tmp/revisium_csvfile_17626741000521280.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59842 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20928 DF PROTO=TCP SPT=51556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:43 server83 scripts.sh: Sun Nov 9 13:11:43 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20929 DF PROTO=TCP SPT=51556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20930 DF PROTO=TCP SPT=51556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.parle_tokens: ProactiveModel.Host should not be empty Nov 9 13:11:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.locked: ProactiveModel.Host should not be empty Nov 9 13:11:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:11:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21004 SEQ=1 Nov 9 13:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65271 SEQ=1 Nov 9 13:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32759 SEQ=1 Nov 9 13:11:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.217.194.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34836 DPT=8899 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:11:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20931 DF PROTO=TCP SPT=51556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=190 SEQ=1 Nov 9 13:11:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29735 SEQ=1 Nov 9 13:11:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:11:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21004 SEQ=1 Nov 9 13:11:51 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:11:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29735 SEQ=1 Nov 9 13:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20932 DF PROTO=TCP SPT=51556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3791 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:12:01 server83 systemd: Started Session 312377 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312376 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312379 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312378 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312380 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312381 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312382 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312383 of user root. Nov 9 13:12:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:12:01 server83 systemd: Started Session 312384 of user accentri. Nov 9 13:12:01 server83 systemd: Started Session 312385 of user root. Nov 9 13:12:01 server83 systemd: Started Session 312386 of user accentri. Nov 9 13:12:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:12:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13540 SEQ=1 Nov 9 13:12:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.55 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53182 DPT=28658 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8537 SEQ=1 Nov 9 13:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8537 SEQ=1 Nov 9 13:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47092 SEQ=1 Nov 9 13:12:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=29583 PROTO=TCP SPT=53087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=29584 PROTO=TCP SPT=53087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54547 PROTO=TCP SPT=46239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=29585 PROTO=TCP SPT=53087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44016 SEQ=1 Nov 9 13:12:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54548 PROTO=TCP SPT=46239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=29586 PROTO=TCP SPT=53087 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2426 SEQ=1 Nov 9 13:12:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54549 PROTO=TCP SPT=46239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47092 SEQ=1 Nov 9 13:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27690 SEQ=1 Nov 9 13:12:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42535 SEQ=1 Nov 9 13:12:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.17 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54551 PROTO=TCP SPT=46239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:12:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59843 DF PROTO=TCP SPT=49610 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:14 server83 aibolit_wrapper[6388]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626741345413544.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626741345414682.txt --log=/tmp/malware_cleaner_log_17626741345416018.txt --progress=/tmp/malware_cleaner_progress_17626741345415676.json --csv_result=/tmp/revisium_csvfile_17626741345415816.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:12:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.148.234 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37313 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24214 SEQ=1 Nov 9 13:12:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23618 SEQ=1 Nov 9 13:12:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.62 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=7655 PROTO=TCP SPT=40760 DPT=2049 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=20997 PROTO=TCP SPT=36570 DPT=4075 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39714 SEQ=1 Nov 9 13:12:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32105 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32106 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7293 SEQ=1 Nov 9 13:12:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15879 SEQ=1 Nov 9 13:12:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32107 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.74 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=59025 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:29 server83 aibolit_wrapper[6719]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626741498258670.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626741498260222.txt --log=/tmp/malware_cleaner_log_17626741498261626.txt --progress=/tmp/malware_cleaner_progress_17626741498261258.json --csv_result=/tmp/revisium_csvfile_17626741498261418.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32108 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=286 SEQ=1 Nov 9 13:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20049 SEQ=1 Nov 9 13:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44030 SEQ=1 Nov 9 13:12:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=286 SEQ=1 Nov 9 13:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.206 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54152 DPT=3905 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32109 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:12:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42147 PROTO=TCP SPT=56601 DPT=7152 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56843 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:12:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.uconvert: ProactiveModel.Host should not be empty Nov 9 13:12:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:12:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=20934 DF PROTO=TCP SPT=51556 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45210 SEQ=1 Nov 9 13:12:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:12:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4597 SEQ=1 Nov 9 13:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5253 SEQ=1 Nov 9 13:12:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39692 SEQ=1 Nov 9 13:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45210 SEQ=1 Nov 9 13:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38965 SEQ=1 Nov 9 13:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32110 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4876] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4880] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4881] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4884] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4893] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4896] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:12:59 server83 NetworkManager[922]: <info> [1762674179.4908] dhcp4 (eth1): dhclient started with pid 7573 Nov 9 13:12:59 server83 dhclient[7573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0xe626144) Nov 9 13:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:13:01 server83 systemd: Started Session 312389 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312390 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312387 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312388 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312391 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312392 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312393 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312394 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312395 of user root. Nov 9 13:13:01 server83 systemd: Started Session 312396 of user root. Nov 9 13:13:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21032 PROTO=TCP SPT=49956 DPT=29715 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:13:01 server83 imunify360-watchdog: imunify360 is healthy: all is ok Nov 9 13:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5894 SEQ=1 Nov 9 13:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48793 SEQ=1 Nov 9 13:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21866 SEQ=1 Nov 9 13:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3468 PROTO=TCP SPT=42266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.246 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52824 DPT=10255 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21866 SEQ=1 Nov 9 13:13:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35813 SEQ=1 Nov 9 13:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3469 PROTO=TCP SPT=42266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40408 PROTO=TCP SPT=40098 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3470 PROTO=TCP SPT=42266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40409 PROTO=TCP SPT=40098 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3471 PROTO=TCP SPT=42266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:05 server83 dhclient[7573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0xe626144) Nov 9 13:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35813 SEQ=1 Nov 9 13:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3790 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:13:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40410 PROTO=TCP SPT=40098 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36399 SEQ=1 Nov 9 13:13:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40412 PROTO=TCP SPT=40098 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:09 server83 aibolit_wrapper[8012]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626741890513580.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626741890514684.txt --log=/tmp/malware_cleaner_log_17626741890515568.txt --progress=/tmp/malware_cleaner_progress_17626741890515342.json --csv_result=/tmp/revisium_csvfile_17626741890515428.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:13:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.130 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32850 DPT=4444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65494 DF PROTO=TCP SPT=59160 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:12 server83 dhclient[7573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0xe626144) Nov 9 13:13:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65495 DF PROTO=TCP SPT=59160 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:16 server83 aibolit_wrapper[8162]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626741964395694.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626741964398586.txt --progress=/tmp/malware_cleaner_progress_17626741964398128.json --csv_result=/tmp/revisium_csvfile_17626741964398314.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:13:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35913 PROTO=TCP SPT=47275 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65496 DF PROTO=TCP SPT=59160 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46302 SEQ=1 Nov 9 13:13:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16666 SEQ=1 Nov 9 13:13:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=54821 PROTO=TCP SPT=42668 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:13:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.13 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51316 DPT=38520 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:23 server83 dhclient[7573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0xe626144) Nov 9 13:13:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63467 SEQ=1 Nov 9 13:13:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32284 SEQ=1 Nov 9 13:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53370 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32111 DF PROTO=TCP SPT=47328 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:13:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.137 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54891 DPT=47989 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22821 SEQ=1 Nov 9 13:13:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40288 SEQ=1 Nov 9 13:13:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12967 SEQ=1 Nov 9 13:13:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15933 SEQ=1 Nov 9 13:13:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=106.75.153.202 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=18087 PROTO=TCP SPT=58914 DPT=9200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21477 SEQ=1 Nov 9 13:13:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:13:34 server83 dhclient[7573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0xe626144) Nov 9 13:13:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20804 SEQ=1 Nov 9 13:13:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=170.187.163.117 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=59469 DPT=7218 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3789 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:13:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=58007 PROTO=TCP SPT=57246 DPT=9223 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:40 server83 aibolit_wrapper[8890]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626742207487276.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626742207489364.txt --log=/tmp/malware_cleaner_log_17626742207491458.txt --progress=/tmp/malware_cleaner_progress_17626742207490866.json --csv_result=/tmp/revisium_csvfile_17626742207491126.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65498 DF PROTO=TCP SPT=59160 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:43 server83 dhclient[7573]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0xe626144) Nov 9 13:13:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49242 DPT=7218 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:13:44 server83 NetworkManager[922]: <warn> [1762674224.4453] dhcp4 (eth1): request timed out Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4614] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7573 Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4614] dhcp4 (eth1): state changed timeout -> done Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4617] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:13:44 server83 NetworkManager[922]: <warn> [1762674224.4622] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4625] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4701] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4708] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4709] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4714] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4726] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4730] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:13:44 server83 NetworkManager[922]: <info> [1762674224.4742] dhcp4 (eth1): dhclient started with pid 8947 Nov 9 13:13:44 server83 dhclient[8947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x4875f8b1) Nov 9 13:13:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45925 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:46 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.203.57.27 DST=145.239.177.179 LEN=88 TOS=0x00 PREC=0x00 TTL=242 ID=45637 PROTO=UDP SPT=46161 DPT=1701 LEN=68 Nov 9 13:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45926 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:13:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:13:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45927 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65160 SEQ=1 Nov 9 13:13:50 server83 dhclient[8947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4875f8b1) Nov 9 13:13:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65160 SEQ=1 Nov 9 13:13:51 server83 systemd: Started Session c2884 of user root. Nov 9 13:13:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.33 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=63121 PROTO=TCP SPT=37213 DPT=2599 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:13:52 server83 scripts.sh: Load Average: 3.47 , 3.73 Nov 9 13:13:52 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 13:13:52 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 13:13:52 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 13:13:52 server83 scripts.sh: HTTPD Status: inactive Nov 9 13:13:52 server83 scripts.sh: MySQL Status: active Nov 9 13:13:52 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 13:13:52 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 13:13:52 server83 scripts.sh: SSHD Status: active Nov 9 13:13:52 server83 scripts.sh: FTP Status: active Nov 9 13:13:52 server83 scripts.sh: LiteSpeed Status: Active Nov 9 13:13:52 server83 scripts.sh: Imunify Status: Active Nov 9 13:13:52 server83 scripts.sh: cPanel Status: active Nov 9 13:13:52 server83 scripts.sh: Memory Status: 12/31 GB - 38.91% Nov 9 13:13:52 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 13:13:52 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 13:13:52 server83 scripts.sh: Local Version: 4.4.5 Nov 9 13:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10697 SEQ=1 Nov 9 13:13:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45928 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:13:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34028 SEQ=1 Nov 9 13:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45929 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6799 PROTO=TCP SPT=49956 DPT=27596 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:14:01 server83 systemd: Started Session 312397 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312398 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312400 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312401 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312399 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312402 of user root. Nov 9 13:14:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:14:01 server83 systemd: Started Session 312403 of user accentri. Nov 9 13:14:01 server83 systemd: Started Session 312404 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312406 of user accentri. Nov 9 13:14:01 server83 systemd: Started Session 312405 of user root. Nov 9 13:14:01 server83 systemd: Started Session 312407 of user root. Nov 9 13:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:02 server83 aibolit_wrapper[9404]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626742420968816.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626742420970750.txt --log=/tmp/malware_cleaner_log_17626742420972584.txt --progress=/tmp/malware_cleaner_progress_17626742420972074.json --csv_result=/tmp/revisium_csvfile_17626742420972328.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:14:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:14:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1061 PROTO=TCP SPT=39657 DPT=8638 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41286 SEQ=1 Nov 9 13:14:05 server83 dhclient[8947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x4875f8b1) Nov 9 13:14:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.248 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54759 DPT=9556 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64131 SEQ=1 Nov 9 13:14:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60911 SEQ=1 Nov 9 13:14:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40172 SEQ=1 Nov 9 13:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60911 SEQ=1 Nov 9 13:14:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3788 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:14:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16277 SEQ=1 Nov 9 13:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.89 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=44639 PROTO=TCP SPT=39491 DPT=7218 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47369 PROTO=TCP SPT=37775 DPT=9560 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:15 server83 dhclient[8947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x4875f8b1) Nov 9 13:14:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2036 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65499 DF PROTO=TCP SPT=59160 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=6335 PROTO=TCP SPT=53762 DPT=44380 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45930 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:18 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:14:18 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:18 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:14:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:14:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34119 SEQ=1 Nov 9 13:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26179 SEQ=1 Nov 9 13:14:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26179 SEQ=1 Nov 9 13:14:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56110 PROTO=TCP SPT=53111 DPT=26242 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15396 SEQ=1 Nov 9 13:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17773 SEQ=1 Nov 9 13:14:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45422 SEQ=1 Nov 9 13:14:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=187.236.123.252 DST=145.239.177.179 LEN=540 TOS=0x00 PREC=0x00 TTL=49 ID=12037 PROTO=UDP SPT=5683 DPT=15471 LEN=520 Nov 9 13:14:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3796 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:14:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8189 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8190 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:27 server83 dhclient[8947]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x4875f8b1) Nov 9 13:14:28 server83 aibolit_wrapper[10133]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626742679843872.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626742679845514.txt --log=/tmp/malware_cleaner_log_17626742679847404.txt --progress=/tmp/malware_cleaner_progress_17626742679846864.json --csv_result=/tmp/revisium_csvfile_17626742679847106.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:14:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8191 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:29 server83 NetworkManager[922]: <warn> [1762674269.4503] dhcp4 (eth1): request timed out Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8947 Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:14:29 server83 NetworkManager[922]: <warn> [1762674269.4670] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4672] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4703] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4707] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4708] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4712] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4722] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4724] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:14:29 server83 NetworkManager[922]: <info> [1762674269.4735] dhcp4 (eth1): dhclient started with pid 10171 Nov 9 13:14:29 server83 dhclient[10171]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x6de2e929) Nov 9 13:14:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56534 DPT=8093 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:32 server83 dhclient[10171]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x6de2e929) Nov 9 13:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14920 SEQ=1 Nov 9 13:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48295 SEQ=1 Nov 9 13:14:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8192 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16790 PROTO=TCP SPT=45727 DPT=32129 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:14:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23631 SEQ=1 Nov 9 13:14:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56464 SEQ=1 Nov 9 13:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42161 SEQ=1 Nov 9 13:14:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14278 SEQ=1 Nov 9 13:14:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=140.228.21.27 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x20 TTL=44 ID=24822 DF PROTO=TCP SPT=42611 DPT=7 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:14:40 server83 dhclient[10171]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x6de2e929) Nov 9 13:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8193 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35449 PROTO=TCP SPT=50368 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:14:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35450 PROTO=TCP SPT=50368 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:14:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.228.23.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48177 PROTO=TCP SPT=45432 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:14:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53925 PROTO=TCP SPT=63951 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35451 PROTO=TCP SPT=50368 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:14:44 server83 aibolit_wrapper[10507]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626742846411574.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626742846412924.txt --log=/tmp/malware_cleaner_log_17626742846414750.txt --progress=/tmp/malware_cleaner_progress_17626742846414268.json --csv_result=/tmp/revisium_csvfile_17626742846414466.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:14:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=53927 PROTO=TCP SPT=63951 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:14:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:14:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=976 PROTO=TCP SPT=39213 DPT=9696 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:14:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=45931 DF PROTO=TCP SPT=56834 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59897 SEQ=1 Nov 9 13:14:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7751 SEQ=1 Nov 9 13:14:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34015 SEQ=1 Nov 9 13:14:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36000 SEQ=1 Nov 9 13:14:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=57124 DF PROTO=ICMP TYPE=8 CODE=0 ID=31381 SEQ=38953 Nov 9 13:14:53 server83 dhclient[10171]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x6de2e929) Nov 9 13:14:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28423 SEQ=1 Nov 9 13:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.100 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55630 DPT=9192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8194 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:15:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:15:01 server83 systemd: Started Session 312409 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312410 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312411 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312408 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312412 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312413 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312415 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312414 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312416 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312417 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312419 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312418 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312420 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312422 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312421 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312424 of user root. Nov 9 13:15:01 server83 systemd: Started Session 312423 of user root. Nov 9 13:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2007 SEQ=1 Nov 9 13:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45665 SEQ=1 Nov 9 13:15:04 server83 pam_imunify_daemon.bin: time="2025-11-09T13:15:04+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:15:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35394 SEQ=1 Nov 9 13:15:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37138 SEQ=1 Nov 9 13:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15227 SEQ=1 Nov 9 13:15:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49700 SEQ=1 Nov 9 13:15:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.124 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=7797 PROTO=TCP SPT=36694 DPT=1027 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64737 SEQ=1 Nov 9 13:15:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64952 PROTO=TCP SPT=42111 DPT=2579 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:15:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.134 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44141 DPT=9192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:12 server83 dhclient[10171]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x6de2e929) Nov 9 13:15:14 server83 aibolit_wrapper[11455]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626743140641624.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626743140643254.txt --log=/tmp/malware_cleaner_log_17626743140644684.txt --progress=/tmp/malware_cleaner_progress_17626743140644296.json --csv_result=/tmp/revisium_csvfile_17626743140644474.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:15:14 server83 NetworkManager[922]: <warn> [1762674314.4413] dhcp4 (eth1): request timed out Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4413] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4574] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 10171 Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4574] dhcp4 (eth1): state changed timeout -> done Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4576] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:15:14 server83 NetworkManager[922]: <warn> [1762674314.4582] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4584] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4615] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4618] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4618] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4621] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4630] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4633] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:15:14 server83 NetworkManager[922]: <info> [1762674314.4644] dhcp4 (eth1): dhclient started with pid 11480 Nov 9 13:15:14 server83 dhclient[11480]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x414a9a00) Nov 9 13:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58282 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=194.50.16.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=47775 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3795 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58283 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.247 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=10053 PROTO=TCP SPT=51558 DPT=1027 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15110 SEQ=1 Nov 9 13:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58284 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47260 SEQ=1 Nov 9 13:15:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27332 SEQ=1 Nov 9 13:15:20 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:15:20 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:15:20 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:15:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=48.216.243.151 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=44310 DPT=8047 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:22 server83 dhclient[11480]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x414a9a00) Nov 9 13:15:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58285 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54011 SEQ=1 Nov 9 13:15:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.155 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55651 DPT=47752 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=48345 PROTO=TCP SPT=52306 DPT=9189 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8195 DF PROTO=TCP SPT=39688 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57602 DF PROTO=TCP SPT=55176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:15:31 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.171 DST=145.239.177.179 LEN=36 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=50582 DPT=4800 LEN=16 Nov 9 13:15:31 server83 dhclient[11480]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x414a9a00) Nov 9 13:15:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57604 DF PROTO=TCP SPT=55176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:15:33 server83 aibolit_wrapper[11968]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626743332975602.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626743332977040.txt --log=/tmp/malware_cleaner_log_17626743332978742.txt --progress=/tmp/malware_cleaner_progress_17626743332978216.json --csv_result=/tmp/revisium_csvfile_17626743332978442.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65197 SEQ=1 Nov 9 13:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9834 SEQ=1 Nov 9 13:15:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43957 SEQ=1 Nov 9 13:15:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46457 SEQ=1 Nov 9 13:15:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57605 DF PROTO=TCP SPT=55176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:15:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:15:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23276 PROTO=TCP SPT=49956 DPT=29434 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:15:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35431 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57606 DF PROTO=TCP SPT=55176 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16258 PROTO=TCP SPT=45727 DPT=34357 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:15:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rjust: ProactiveModel.Host should not be empty Nov 9 13:15:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:15:47 server83 dhclient[11480]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x414a9a00) Nov 9 13:15:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58287 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:47 server83 aibolit_wrapper[12362]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626743474877142.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626743474878314.txt --log=/tmp/malware_cleaner_log_17626743474879306.txt --progress=/tmp/malware_cleaner_progress_17626743474879022.json --csv_result=/tmp/revisium_csvfile_17626743474879122.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:15:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53764 SEQ=1 Nov 9 13:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.126 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=36115 PROTO=TCP SPT=53623 DPT=2280 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62753 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57350 SEQ=1 Nov 9 13:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15771 SEQ=1 Nov 9 13:15:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39398 SEQ=1 Nov 9 13:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22025 SEQ=1 Nov 9 13:15:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62754 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=8046 PROTO=TCP SPT=53095 DPT=44292 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:15:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62755 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61909 SEQ=1 Nov 9 13:15:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39398 SEQ=1 Nov 9 13:15:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62756 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:15:59 server83 NetworkManager[922]: <warn> [1762674359.4383] dhcp4 (eth1): request timed out Nov 9 13:15:59 server83 NetworkManager[922]: <info> [1762674359.4383] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:15:59 server83 NetworkManager[922]: <info> [1762674359.4544] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 11480 Nov 9 13:15:59 server83 NetworkManager[922]: <info> [1762674359.4544] dhcp4 (eth1): state changed timeout -> done Nov 9 13:15:59 server83 NetworkManager[922]: <info> [1762674359.4546] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:15:59 server83 NetworkManager[922]: <warn> [1762674359.4551] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:15:59 server83 NetworkManager[922]: <info> [1762674359.4553] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:16:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.58 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=54267 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:16:01 server83 systemd: Started Session 312426 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312425 of user root. Nov 9 13:16:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:16:01 server83 systemd: Started Session 312428 of user accentri. Nov 9 13:16:01 server83 systemd: Started Session 312427 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312431 of user accentri. Nov 9 13:16:01 server83 systemd: Started Session 312429 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312433 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312432 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312435 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312434 of user root. Nov 9 13:16:01 server83 systemd: Started Session 312430 of user root. Nov 9 13:16:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:16:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3794 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:16:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49757 SEQ=1 Nov 9 13:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62757 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56396 SEQ=1 Nov 9 13:16:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=14176 DF PROTO=ICMP TYPE=8 CODE=0 ID=35163 SEQ=28605 Nov 9 13:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64891 SEQ=1 Nov 9 13:16:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:16:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22244 SEQ=1 Nov 9 13:16:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55437 SEQ=1 Nov 9 13:16:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.193.59.4 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=46 ID=3714 DF PROTO=TCP SPT=42995 DPT=5308 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:16:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=16873 PROTO=TCP SPT=52166 DPT=4213 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:16:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15129 PROTO=TCP SPT=56956 DPT=8418 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:16:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26033 SEQ=1 Nov 9 13:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.209 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52946 DPT=9652 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=58288 DF PROTO=TCP SPT=45638 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62758 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57609 SEQ=1 Nov 9 13:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57609 SEQ=1 Nov 9 13:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29416 SEQ=1 Nov 9 13:16:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=381 SEQ=1 Nov 9 13:16:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.210 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=108 ID=15795 DF PROTO=ICMP TYPE=8 CODE=0 ID=37180 SEQ=46014 Nov 9 13:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54198 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54199 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48238 SEQ=1 Nov 9 13:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21119 SEQ=1 Nov 9 13:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5137 SEQ=1 Nov 9 13:16:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1563 SEQ=1 Nov 9 13:16:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54200 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4488 PROTO=TCP SPT=49956 DPT=29282 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9537 SEQ=1 Nov 9 13:16:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8467 SEQ=1 Nov 9 13:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54201 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30864 SEQ=1 Nov 9 13:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48798 PROTO=TCP SPT=45727 DPT=32780 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:16:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.138.134.199 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=42426 DF PROTO=ICMP TYPE=8 CODE=0 ID=19442 SEQ=58932 Nov 9 13:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32875 SEQ=1 Nov 9 13:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32875 SEQ=1 Nov 9 13:16:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57607 DF PROTO=TCP SPT=56917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:16:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.239 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=42173 DF PROTO=TCP SPT=28693 DPT=4001 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:16:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57608 DF PROTO=TCP SPT=56917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57609 DF PROTO=TCP SPT=56917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54202 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:16:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8561 SEQ=1 Nov 9 13:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10869 SEQ=1 Nov 9 13:16:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28652 SEQ=1 Nov 9 13:16:48 server83 aibolit_wrapper[14089]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626744089359400.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626744089360602.txt --log=/tmp/malware_cleaner_log_17626744089361500.txt --progress=/tmp/malware_cleaner_progress_17626744089361250.json --csv_result=/tmp/revisium_csvfile_17626744089361356.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:16:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57610 DF PROTO=TCP SPT=56917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22627 SEQ=1 Nov 9 13:16:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28294 PROTO=TCP SPT=45727 DPT=32122 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:16:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:16:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10869 SEQ=1 Nov 9 13:16:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28486 SEQ=1 Nov 9 13:16:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52932 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:16:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:16:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62759 DF PROTO=TCP SPT=41428 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:16:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57611 DF PROTO=TCP SPT=56917 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:16:59 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 13:16:59 server83 systemd: Stopped Status Update Service. Nov 9 13:16:59 server83 systemd: Started Status Update Service. Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:01 server83 systemd: Started Session 312438 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312436 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312440 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312439 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312437 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312443 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312444 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312442 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312441 of user root. Nov 9 13:17:01 server83 systemd: Started Session 312445 of user root. Nov 9 13:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54203 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:17:05 server83 aibolit_wrapper[14495]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626744256143112.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626744256144752.txt --log=/tmp/malware_cleaner_log_17626744256146020.txt --progress=/tmp/malware_cleaner_progress_17626744256145704.json --csv_result=/tmp/revisium_csvfile_17626744256145842.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:17:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64171 SEQ=1 Nov 9 13:17:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13022 SEQ=1 Nov 9 13:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56546 SEQ=1 Nov 9 13:17:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35347 SEQ=1 Nov 9 13:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51257 SEQ=1 Nov 9 13:17:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54086 SEQ=1 Nov 9 13:17:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57612 DF PROTO=TCP SPT=57728 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:17:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57613 DF PROTO=TCP SPT=57728 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:17:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57614 DF PROTO=TCP SPT=57728 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:17:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57615 DF PROTO=TCP SPT=57728 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:17:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34147 SEQ=1 Nov 9 13:17:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29766 SEQ=1 Nov 9 13:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10617 SEQ=1 Nov 9 13:17:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31645 SEQ=1 Nov 9 13:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10062 SEQ=1 Nov 9 13:17:20 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 13:17:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:17:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23550 SEQ=1 Nov 9 13:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31645 SEQ=1 Nov 9 13:17:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.122.207 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45707 DPT=8800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:17:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.168.34.145 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=54881 PROTO=TCP SPT=3390 DPT=11801 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:17:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57616 DF PROTO=TCP SPT=57728 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:17:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36635 SEQ=1 Nov 9 13:17:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34030 SEQ=1 Nov 9 13:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10988 SEQ=1 Nov 9 13:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22949 SEQ=1 Nov 9 13:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.2 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=7998 DF PROTO=ICMP TYPE=8 CODE=0 ID=50840 SEQ=49789 Nov 9 13:17:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=54204 DF PROTO=TCP SPT=51740 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61809 PROTO=TCP SPT=45727 DPT=31123 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:17:40 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=49.12.219.178 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=38843 DF PROTO=ICMP TYPE=8 CODE=0 ID=41177 SEQ=34151 Nov 9 13:17:43 server83 aibolit_wrapper[15510]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626744638212774.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626744638214402.txt --log=/tmp/malware_cleaner_log_17626744638215850.txt --progress=/tmp/malware_cleaner_progress_17626744638215468.json --csv_result=/tmp/revisium_csvfile_17626744638215632.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:17:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.content: ProactiveModel.Host should not be empty Nov 9 13:17:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.accept: ProactiveModel.Host should not be empty Nov 9 13:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:17:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.247 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=46281 DF PROTO=TCP SPT=27950 DPT=449 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:17:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:17:49 server83 aibolit_wrapper[15632]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626744690161316.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626744690162880.txt --log=/tmp/malware_cleaner_log_17626744690164442.txt --progress=/tmp/malware_cleaner_progress_17626744690164042.json --csv_result=/tmp/revisium_csvfile_17626744690164230.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:17:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:17:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.40.205 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3663 DF PROTO=TCP SPT=43080 DPT=5556 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:17:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3787 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:17:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29861 SEQ=1 Nov 9 13:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31217 SEQ=1 Nov 9 13:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39582 SEQ=1 Nov 9 13:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58724 SEQ=1 Nov 9 13:17:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58724 SEQ=1 Nov 9 13:17:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17302 PROTO=TCP SPT=53120 DPT=2450 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:17:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13069 PROTO=TCP SPT=49956 DPT=26449 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35933 DPT=33333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:18:02 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:18:02 server83 systemd: Started Session 312446 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312448 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312447 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312449 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312451 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312450 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312452 of user root. Nov 9 13:18:02 server83 systemd: Created slice User Slice of accentri. Nov 9 13:18:02 server83 systemd: Started Session 312453 of user accentri. Nov 9 13:18:02 server83 systemd: Started Session 312455 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312454 of user root. Nov 9 13:18:02 server83 systemd: Started Session 312456 of user accentri. Nov 9 13:18:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:18:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3066 PROTO=TCP SPT=64992 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.65 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55859 DPT=9751 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51747 SEQ=1 Nov 9 13:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41226 SEQ=1 Nov 9 13:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51724 SEQ=1 Nov 9 13:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.180 DST=145.239.177.179 LEN=63 TOS=0x00 PREC=0x00 TTL=112 ID=12328 DF PROTO=ICMP TYPE=8 CODE=0 ID=35551 SEQ=7846 Nov 9 13:18:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58954 SEQ=1 Nov 9 13:18:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3067 PROTO=TCP SPT=64992 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30881 PROTO=TCP SPT=38630 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3068 PROTO=TCP SPT=64992 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30882 PROTO=TCP SPT=38630 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30883 PROTO=TCP SPT=38630 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.23 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=30885 PROTO=TCP SPT=38630 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:18:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29818 SEQ=1 Nov 9 13:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25090 SEQ=1 Nov 9 13:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21564 SEQ=1 Nov 9 13:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5208 SEQ=1 Nov 9 13:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29818 SEQ=1 Nov 9 13:18:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28214 PROTO=TCP SPT=49956 DPT=26784 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.40 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51351 DPT=8050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 13:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 13:18:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7689 SEQ=1 Nov 9 13:18:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.249 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=49375 DF PROTO=TCP SPT=49855 DPT=9714 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:18:26 server83 aibolit_wrapper[16515]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626745066614328.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626745066615300.txt --log=/tmp/malware_cleaner_log_17626745066616442.txt --progress=/tmp/malware_cleaner_progress_17626745066616152.json --csv_result=/tmp/revisium_csvfile_17626745066616294.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:18:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.27 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53203 DPT=8883 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:33 server83 aibolit_wrapper[16718]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626745130631246.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626745130635174.txt --progress=/tmp/malware_cleaner_progress_17626745130634704.json --csv_result=/tmp/revisium_csvfile_17626745130634954.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:18:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38947 PROTO=TCP SPT=61000 DPT=29380 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56534 PROTO=TCP SPT=49956 DPT=27621 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:18:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10342 SEQ=1 Nov 9 13:18:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56961 SEQ=1 Nov 9 13:18:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42681 SEQ=1 Nov 9 13:18:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22436 SEQ=1 Nov 9 13:18:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40718 PROTO=TCP SPT=45727 DPT=33394 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58087 SEQ=1 Nov 9 13:18:38 server83 aibolit_wrapper[16885]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626745184094862.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626745184096360.txt --log=/tmp/malware_cleaner_log_17626745184098058.txt --progress=/tmp/malware_cleaner_progress_17626745184097672.json --csv_result=/tmp/revisium_csvfile_17626745184097858.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22436 SEQ=1 Nov 9 13:18:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=32601 PROTO=TCP SPT=51791 DPT=14993 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:18:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59540 PROTO=TCP SPT=52906 DPT=4623 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36279 DPT=122 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.81.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42060 DPT=222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3793 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9115 PROTO=TCP SPT=45659 DPT=6541 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32825 PROTO=TCP SPT=45727 DPT=33665 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:18:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32833 SEQ=1 Nov 9 13:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55140 SEQ=1 Nov 9 13:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23963 SEQ=1 Nov 9 13:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14707 SEQ=1 Nov 9 13:18:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55769 SEQ=1 Nov 9 13:18:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3786 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:18:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:18:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.20 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=28468 PROTO=TCP SPT=10695 DPT=5061 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55769 SEQ=1 Nov 9 13:18:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.204 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=53381 DPT=8050 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19512 SEQ=1 Nov 9 13:18:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26758 SEQ=1 Nov 9 13:18:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=24965 DF PROTO=TCP SPT=41494 DPT=9635 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:18:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44635 PROTO=TCP SPT=34505 DPT=7390 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:19:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:19:01 server83 systemd: Started Session 312458 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312457 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312459 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312460 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312461 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312462 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312463 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312464 of user root. Nov 9 13:19:01 server83 systemd: Started Session 312465 of user root. Nov 9 13:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12287 SEQ=1 Nov 9 13:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55010 SEQ=1 Nov 9 13:19:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=4601 PROTO=TCP SPT=50784 DPT=7635 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:19:07 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:19:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29337 SEQ=1 Nov 9 13:19:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49983 SEQ=1 Nov 9 13:19:20 server83 aibolit_wrapper[17847]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626745605549082.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626745605550768.txt --log=/tmp/malware_cleaner_log_17626745605552496.txt --progress=/tmp/malware_cleaner_progress_17626745605552022.json --csv_result=/tmp/revisium_csvfile_17626745605552252.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62040 SEQ=1 Nov 9 13:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35179 SEQ=1 Nov 9 13:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9225 SEQ=1 Nov 9 13:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35179 SEQ=1 Nov 9 13:19:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8707 SEQ=1 Nov 9 13:19:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.99.78.165 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=5450 PROTO=TCP SPT=40339 DPT=28237 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:19:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=33129 PROTO=TCP SPT=46984 DPT=5358 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:19:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.120 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=11744 DF PROTO=TCP SPT=38313 DPT=9853 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:19:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56878 SEQ=1 Nov 9 13:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29797 SEQ=1 Nov 9 13:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27311 SEQ=1 Nov 9 13:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36853 SEQ=1 Nov 9 13:19:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37029 SEQ=1 Nov 9 13:19:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44173 SEQ=1 Nov 9 13:19:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3785 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:19:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.system: ProactiveModel.Host should not be empty Nov 9 13:19:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:19:49 server83 aibolit_wrapper[18640]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626745890709906.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626745890711270.txt --log=/tmp/malware_cleaner_log_17626745890712578.txt --progress=/tmp/malware_cleaner_progress_17626745890712216.json --csv_result=/tmp/revisium_csvfile_17626745890712376.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:19:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:19:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8569 SEQ=1 Nov 9 13:19:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35756 SEQ=1 Nov 9 13:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17828 SEQ=1 Nov 9 13:19:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8569 SEQ=1 Nov 9 13:19:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.66.50 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=53781 PROTO=TCP SPT=54364 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:19:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.150.103.88 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=57063 DPT=6019 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53552 DPT=48807 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:20:01 server83 systemd: Started Session 312466 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312470 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312467 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312468 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312471 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312474 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312469 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312473 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312475 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312476 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312472 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312477 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312479 of user root. Nov 9 13:20:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:20:01 server83 systemd: Started Session 312480 of user accentri. Nov 9 13:20:01 server83 systemd: Started Session 312478 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312481 of user accentri. Nov 9 13:20:01 server83 systemd: Started Session 312483 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312482 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312484 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312485 of user root. Nov 9 13:20:01 server83 systemd: Started Session 312486 of user root. Nov 9 13:20:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:20:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14871 PROTO=TCP SPT=56506 DPT=3395 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65394 PROTO=TCP SPT=51461 DPT=8540 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19665 SEQ=1 Nov 9 13:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17028 SEQ=1 Nov 9 13:20:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.123 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50393 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59483 SEQ=1 Nov 9 13:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59483 SEQ=1 Nov 9 13:20:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23652 SEQ=1 Nov 9 13:20:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.74 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29846 PROTO=TCP SPT=40469 DPT=38500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31485 SEQ=1 Nov 9 13:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16956 SEQ=1 Nov 9 13:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31431 SEQ=1 Nov 9 13:20:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.138.133.91 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=39660 DF PROTO=ICMP TYPE=8 CODE=0 ID=13067 SEQ=56221 Nov 9 13:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.95 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57121 DPT=8073 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:20:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16985 PROTO=TCP SPT=49956 DPT=25238 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:19 server83 aibolit_wrapper[19585]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626746192908596.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626746192910450.txt --log=/tmp/malware_cleaner_log_17626746192912328.txt --progress=/tmp/malware_cleaner_progress_17626746192911894.json --csv_result=/tmp/revisium_csvfile_17626746192912104.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:20:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47088 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:20:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31485 SEQ=1 Nov 9 13:20:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28531 SEQ=1 Nov 9 13:20:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50860 SEQ=1 Nov 9 13:20:24 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:20:24 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:20:24 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:20:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.154 DST=51.210.113.204 LEN=42 TOS=0x00 PREC=0x00 TTL=35 ID=58490 PROTO=UDP SPT=47049 DPT=2362 LEN=22 Nov 9 13:20:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:20:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46304 SEQ=1 Nov 9 13:20:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=19046 PROTO=TCP SPT=34028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=52698 DF PROTO=ICMP TYPE=8 CODE=0 ID=19661 SEQ=61548 Nov 9 13:20:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34617 SEQ=1 Nov 9 13:20:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=19047 PROTO=TCP SPT=34028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3218 SEQ=1 Nov 9 13:20:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17583 PROTO=TCP SPT=45727 DPT=34230 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46304 SEQ=1 Nov 9 13:20:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=11452 PROTO=TCP SPT=44215 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=19048 PROTO=TCP SPT=34028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=11453 PROTO=TCP SPT=44215 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=19049 PROTO=TCP SPT=34028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:35 server83 aibolit_wrapper[20182]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626746359135170.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626746359136830.txt --log=/tmp/malware_cleaner_log_17626746359138250.txt --progress=/tmp/malware_cleaner_progress_17626746359137880.json --csv_result=/tmp/revisium_csvfile_17626746359138042.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:20:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=11454 PROTO=TCP SPT=44215 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=19050 PROTO=TCP SPT=34028 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51310 PROTO=TCP SPT=49956 DPT=29011 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34617 SEQ=1 Nov 9 13:20:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=11455 PROTO=TCP SPT=44215 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:20:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54341 PROTO=TCP SPT=49956 DPT=29276 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rindex: ProactiveModel.Host should not be empty Nov 9 13:20:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:20:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34917 SEQ=1 Nov 9 13:20:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=28968 PROTO=TCP SPT=48625 DPT=8898 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19553 SEQ=1 Nov 9 13:20:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27194 SEQ=1 Nov 9 13:20:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30503 SEQ=1 Nov 9 13:20:52 server83 pam_imunify_daemon.bin: time="2025-11-09T13:20:52+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17668 SEQ=1 Nov 9 13:20:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.200 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=52047 PROTO=TCP SPT=53171 DPT=9001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4404] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4409] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4410] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4415] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4426] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4429] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:20:59 server83 NetworkManager[922]: <info> [1762674659.4441] dhcp4 (eth1): dhclient started with pid 20606 Nov 9 13:20:59 server83 dhclient[20606]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x36ddbc2) Nov 9 13:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:21:01 server83 systemd: Started Session 312487 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312489 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312491 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312488 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312490 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312492 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312493 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312494 of user root. Nov 9 13:21:01 server83 systemd: Started Session 312495 of user root. Nov 9 13:21:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55264 SEQ=1 Nov 9 13:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48912 SEQ=1 Nov 9 13:21:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57963 SEQ=1 Nov 9 13:21:03 server83 dhclient[20606]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x36ddbc2) Nov 9 13:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61216 SEQ=1 Nov 9 13:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9615 SEQ=1 Nov 9 13:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61216 SEQ=1 Nov 9 13:21:08 server83 aibolit_wrapper[20822]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626746681561850.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626746681563750.txt --log=/tmp/malware_cleaner_log_17626746681565764.txt --progress=/tmp/malware_cleaner_progress_17626746681565302.json --csv_result=/tmp/revisium_csvfile_17626746681565526.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:21:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52597 PROTO=TCP SPT=45727 DPT=34051 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44719 SEQ=1 Nov 9 13:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11181 SEQ=1 Nov 9 13:21:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25373 PROTO=TCP SPT=55588 DPT=8861 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:21:10 server83 dhclient[20606]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x36ddbc2) Nov 9 13:21:14 server83 scripts.sh: Sun Nov 9 13:21:14 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47201 SEQ=1 Nov 9 13:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64768 SEQ=1 Nov 9 13:21:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:21:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:21:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8552 SEQ=1 Nov 9 13:21:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.192 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54505 DPT=9811 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12912 SEQ=1 Nov 9 13:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64768 SEQ=1 Nov 9 13:21:24 server83 dhclient[20606]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x36ddbc2) Nov 9 13:21:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38342 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:21:28 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:21:29 server83 aibolit_wrapper[22279]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626746893307426.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626746893309130.txt --log=/tmp/malware_cleaner_log_17626746893311146.txt --progress=/tmp/malware_cleaner_progress_17626746893310576.json --csv_result=/tmp/revisium_csvfile_17626746893310824.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:21:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30490 SEQ=1 Nov 9 13:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30490 SEQ=1 Nov 9 13:21:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28379 SEQ=1 Nov 9 13:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13791 SEQ=1 Nov 9 13:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52421 SEQ=1 Nov 9 13:21:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.192 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53241 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:21:43 server83 dhclient[20606]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x36ddbc2) Nov 9 13:21:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57617 DF PROTO=TCP SPT=62847 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:21:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57618 DF PROTO=TCP SPT=62847 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:21:44 server83 NetworkManager[922]: <warn> [1762674704.4503] dhcp4 (eth1): request timed out Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20606 Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:21:44 server83 NetworkManager[922]: <warn> [1762674704.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4673] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4707] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4718] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4729] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4732] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:21:44 server83 NetworkManager[922]: <info> [1762674704.4745] dhcp4 (eth1): dhclient started with pid 22694 Nov 9 13:21:44 server83 dhclient[22694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x42841169) Nov 9 13:21:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.143.152.247 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46882 DPT=8093 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:21:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57619 DF PROTO=TCP SPT=62847 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:21:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.class: ProactiveModel.Host should not be empty Nov 9 13:21:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:21:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39904 SEQ=1 Nov 9 13:21:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24905 SEQ=1 Nov 9 13:21:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=52767 PROTO=TCP SPT=45528 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:21:48 server83 dhclient[22694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x42841169) Nov 9 13:21:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=52768 PROTO=TCP SPT=45528 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:21:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17485 PROTO=TCP SPT=52882 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:21:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=52769 PROTO=TCP SPT=45528 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:21:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57620 DF PROTO=TCP SPT=62847 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:21:50 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65523 SEQ=1 Nov 9 13:21:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14450 SEQ=1 Nov 9 13:21:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=17488 PROTO=TCP SPT=52882 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7580 SEQ=1 Nov 9 13:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.135 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=108 ID=9099 DF PROTO=ICMP TYPE=8 CODE=0 ID=25248 SEQ=25445 Nov 9 13:21:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24905 SEQ=1 Nov 9 13:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3069 SEQ=1 Nov 9 13:21:54 server83 aibolit_wrapper[22906]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626747146534118.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626747146535688.txt --log=/tmp/malware_cleaner_log_17626747146538084.txt --progress=/tmp/malware_cleaner_progress_17626747146537446.json --csv_result=/tmp/revisium_csvfile_17626747146537734.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:21:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57621 DF PROTO=TCP SPT=62847 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:21:59 server83 dhclient[22694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x42841169) Nov 9 13:22:00 server83 aibolit_wrapper[23036]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626747208399208.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626747208403534.txt --progress=/tmp/malware_cleaner_progress_17626747208402832.json --csv_result=/tmp/revisium_csvfile_17626747208403258.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:22:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11083 SEQ=1 Nov 9 13:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:22:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:22:01 server83 systemd: Started Session 312499 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312498 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312496 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312500 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312497 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312502 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312501 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312503 of user root. Nov 9 13:22:01 server83 systemd: Started Session 312504 of user root. Nov 9 13:22:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:22:01 server83 systemd: Started Session 312505 of user accentri. Nov 9 13:22:01 server83 systemd: Started Session 312506 of user accentri. Nov 9 13:22:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63933 SEQ=1 Nov 9 13:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15729 SEQ=1 Nov 9 13:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57931 SEQ=1 Nov 9 13:22:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57622 DF PROTO=TCP SPT=63380 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=7239 PROTO=TCP SPT=53111 DPT=30796 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:22:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57623 DF PROTO=TCP SPT=63380 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:22:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32175 SEQ=1 Nov 9 13:22:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57624 DF PROTO=TCP SPT=63380 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:22:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44717 SEQ=1 Nov 9 13:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.218.206.88 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48724 DPT=8015 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:22:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=43905 PROTO=TCP SPT=51791 DPT=23736 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:22:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.98 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=58978 PROTO=TCP SPT=52133 DPT=31491 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:22:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57625 DF PROTO=TCP SPT=63380 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:22:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57626 DF PROTO=TCP SPT=63380 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25170 SEQ=1 Nov 9 13:22:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=59596 DF PROTO=ICMP TYPE=8 CODE=0 ID=14037 SEQ=22651 Nov 9 13:22:20 server83 dhclient[22694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x42841169) Nov 9 13:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15710 SEQ=1 Nov 9 13:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=39221 DF PROTO=ICMP TYPE=8 CODE=0 ID=15032 SEQ=42440 Nov 9 13:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25170 SEQ=1 Nov 9 13:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14606 SEQ=1 Nov 9 13:22:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56832 PROTO=TCP SPT=38599 DPT=7172 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:22:27 server83 dhclient[22694]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x42841169) Nov 9 13:22:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60992 PROTO=TCP SPT=45727 DPT=34572 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:22:29 server83 NetworkManager[922]: <warn> [1762674749.4504] dhcp4 (eth1): request timed out Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22694 Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:22:29 server83 NetworkManager[922]: <warn> [1762674749.4591] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4593] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4627] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4631] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4632] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4637] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4647] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4650] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:22:29 server83 NetworkManager[922]: <info> [1762674749.4663] dhcp4 (eth1): dhclient started with pid 23679 Nov 9 13:22:29 server83 dhclient[23679]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x65eb4e68) Nov 9 13:22:34 server83 dhclient[23679]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x65eb4e68) Nov 9 13:22:34 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:22:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33191 SEQ=1 Nov 9 13:22:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33191 SEQ=1 Nov 9 13:22:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41290 SEQ=1 Nov 9 13:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6376 SEQ=1 Nov 9 13:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55253 SEQ=1 Nov 9 13:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3563 SEQ=1 Nov 9 13:22:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6018 SEQ=1 Nov 9 13:22:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.84.144.113 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=12636 PROTO=TCP SPT=54101 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:22:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34284 PROTO=TCP SPT=49956 DPT=29892 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:22:45 server83 dhclient[23679]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x65eb4e68) Nov 9 13:22:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3792 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:22:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:22:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16154 SEQ=1 Nov 9 13:22:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26578 SEQ=1 Nov 9 13:22:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19597 SEQ=1 Nov 9 13:22:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.83 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=38339 PROTO=TCP SPT=18974 DPT=6697 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:22:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53868 SEQ=1 Nov 9 13:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62095 SEQ=1 Nov 9 13:22:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32563 SEQ=1 Nov 9 13:22:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.63 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49812 DPT=9377 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:22:56 server83 dhclient[23679]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x65eb4e68) Nov 9 13:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.40 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54013 DPT=30005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62622 PROTO=TCP SPT=45727 DPT=34611 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.102 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=41654 PROTO=TCP SPT=21130 DPT=14080 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.224.218.78 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=48494 PROTO=TCP SPT=31496 DPT=25000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:23:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:23:01 server83 systemd: Started Session 312507 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312508 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312510 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312509 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312512 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312511 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312514 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312513 of user root. Nov 9 13:23:01 server83 systemd: Started Session 312515 of user root. Nov 9 13:23:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16494 SEQ=1 Nov 9 13:23:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19826 SEQ=1 Nov 9 13:23:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54039 SEQ=1 Nov 9 13:23:08 server83 aibolit_wrapper[25008]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626747882783614.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626747882785344.txt --log=/tmp/malware_cleaner_log_17626747882786918.txt --progress=/tmp/malware_cleaner_progress_17626747882786520.json --csv_result=/tmp/revisium_csvfile_17626747882786696.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27982 SEQ=1 Nov 9 13:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15180 SEQ=1 Nov 9 13:23:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3783 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:23:10 server83 dhclient[23679]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x65eb4e68) Nov 9 13:23:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3791 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:23:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29644 PROTO=TCP SPT=51662 DPT=8644 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:23:14 server83 NetworkManager[922]: <warn> [1762674794.4493] dhcp4 (eth1): request timed out Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4493] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4572] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23679 Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4573] dhcp4 (eth1): state changed timeout -> done Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4574] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:23:14 server83 NetworkManager[922]: <warn> [1762674794.4578] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4581] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4611] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4614] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4615] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4617] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4626] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4628] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:23:14 server83 NetworkManager[922]: <info> [1762674794.4639] dhcp4 (eth1): dhclient started with pid 25149 Nov 9 13:23:14 server83 dhclient[25149]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x7592d519) Nov 9 13:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.164 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52309 DPT=1587 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:23:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=27242 PROTO=TCP SPT=53513 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:23:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6235 SEQ=1 Nov 9 13:23:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3071 SEQ=1 Nov 9 13:23:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:23:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9586 SEQ=1 Nov 9 13:23:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35597 PROTO=TCP SPT=55850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:20 server83 dhclient[25149]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x7592d519) Nov 9 13:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35598 PROTO=TCP SPT=55850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=61726 PROTO=TCP SPT=57820 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35599 PROTO=TCP SPT=55850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:22 server83 systemd: Started Session c2885 of user root. Nov 9 13:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18629 SEQ=1 Nov 9 13:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18674 SEQ=1 Nov 9 13:23:22 server83 scripts.sh: Load Average: 3.74 , 3.51 Nov 9 13:23:22 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 13:23:22 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 13:23:22 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 13:23:22 server83 scripts.sh: HTTPD Status: inactive Nov 9 13:23:22 server83 scripts.sh: MySQL Status: active Nov 9 13:23:22 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 13:23:22 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 13:23:22 server83 scripts.sh: SSHD Status: active Nov 9 13:23:22 server83 scripts.sh: FTP Status: active Nov 9 13:23:22 server83 scripts.sh: LiteSpeed Status: Active Nov 9 13:23:22 server83 scripts.sh: Imunify Status: Active Nov 9 13:23:22 server83 scripts.sh: cPanel Status: active Nov 9 13:23:22 server83 scripts.sh: Memory Status: 12/31 GB - 40.28% Nov 9 13:23:22 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 13:23:22 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 13:23:22 server83 scripts.sh: Local Version: 4.4.5 Nov 9 13:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=61727 PROTO=TCP SPT=57820 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35600 PROTO=TCP SPT=55850 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57399 SEQ=1 Nov 9 13:23:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37811 SEQ=1 Nov 9 13:23:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=61729 PROTO=TCP SPT=57820 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:23:25 server83 aibolit_wrapper[25534]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626748054911278.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626748054913178.txt --log=/tmp/malware_cleaner_log_17626748054916220.txt --progress=/tmp/malware_cleaner_progress_17626748054915716.json --csv_result=/tmp/revisium_csvfile_17626748054915986.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:23:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15510 PROTO=TCP SPT=45727 DPT=34749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:23:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24826 PROTO=TCP SPT=38072 DPT=6147 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24121 SEQ=1 Nov 9 13:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8199 SEQ=1 Nov 9 13:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42250 SEQ=1 Nov 9 13:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=202 SEQ=1 Nov 9 13:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59518 SEQ=1 Nov 9 13:23:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.78.70 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50301 DPT=30010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:23:35 server83 dhclient[25149]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x7592d519) Nov 9 13:23:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.251.34 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=20616 DF PROTO=TCP SPT=21640 DPT=30000 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:23:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:23:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.43 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=45631 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:23:47 server83 aibolit_wrapper[26143]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626748278335822.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626748278337372.txt --log=/tmp/malware_cleaner_log_17626748278338826.txt --progress=/tmp/malware_cleaner_progress_17626748278338430.json --csv_result=/tmp/revisium_csvfile_17626748278338608.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:23:49 server83 dhclient[25149]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x7592d519) Nov 9 13:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32681 SEQ=1 Nov 9 13:23:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32681 SEQ=1 Nov 9 13:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54797 SEQ=1 Nov 9 13:23:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50316 SEQ=1 Nov 9 13:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51003 SEQ=1 Nov 9 13:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40113 SEQ=1 Nov 9 13:23:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=60341 DF PROTO=ICMP TYPE=8 CODE=0 ID=43202 SEQ=7929 Nov 9 13:23:59 server83 NetworkManager[922]: <warn> [1762674839.4505] dhcp4 (eth1): request timed out Nov 9 13:23:59 server83 NetworkManager[922]: <info> [1762674839.4506] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:23:59 server83 NetworkManager[922]: <info> [1762674839.4585] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 25149 Nov 9 13:23:59 server83 NetworkManager[922]: <info> [1762674839.4585] dhcp4 (eth1): state changed timeout -> done Nov 9 13:23:59 server83 NetworkManager[922]: <info> [1762674839.4588] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:23:59 server83 NetworkManager[922]: <warn> [1762674839.4592] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:23:59 server83 NetworkManager[922]: <info> [1762674839.4595] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:24:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:24:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=15855 PROTO=TCP SPT=39108 DPT=7096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:24:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=11441 PROTO=TCP SPT=51165 DPT=7932 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:24:01 server83 systemd: Started Session 312516 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312517 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312519 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312518 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312521 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312522 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312520 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312524 of user root. Nov 9 13:24:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:24:01 server83 systemd: Started Session 312523 of user accentri. Nov 9 13:24:01 server83 systemd: Started Session 312525 of user root. Nov 9 13:24:01 server83 systemd: Started Session 312526 of user accentri. Nov 9 13:24:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29696 SEQ=1 Nov 9 13:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=945 SEQ=1 Nov 9 13:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15082 SEQ=1 Nov 9 13:24:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65248 SEQ=1 Nov 9 13:24:04 server83 aibolit_wrapper[26569]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626748444656392.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626748444657634.txt --log=/tmp/malware_cleaner_log_17626748444658852.txt --progress=/tmp/malware_cleaner_progress_17626748444658570.json --csv_result=/tmp/revisium_csvfile_17626748444658706.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:24:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.221.137.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46522 DPT=7000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29696 SEQ=1 Nov 9 13:24:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2130 SEQ=1 Nov 9 13:24:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=945 SEQ=1 Nov 9 13:24:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=40348 PROTO=TCP SPT=56972 DPT=8411 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:24:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3790 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:24:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15834 SEQ=1 Nov 9 13:24:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57627 DF PROTO=TCP SPT=50275 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5674 SEQ=1 Nov 9 13:24:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57628 DF PROTO=TCP SPT=50275 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25163 SEQ=1 Nov 9 13:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15834 SEQ=1 Nov 9 13:24:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.89 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=3383 PROTO=TCP SPT=40974 DPT=502 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26263 SEQ=1 Nov 9 13:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49793 SEQ=1 Nov 9 13:24:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57629 DF PROTO=TCP SPT=50275 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:24:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57630 DF PROTO=TCP SPT=50275 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:24:29 server83 aibolit_wrapper[27085]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626748697324788.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626748697326234.txt --log=/tmp/malware_cleaner_log_17626748697327160.txt --progress=/tmp/malware_cleaner_progress_17626748697326894.json --csv_result=/tmp/revisium_csvfile_17626748697326994.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:24:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.165.32 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=32 ID=0 DF PROTO=TCP SPT=58611 DPT=6019 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:24:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.139 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8603 PROTO=TCP SPT=10750 DPT=35637 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:24:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15448 SEQ=1 Nov 9 13:24:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57631 DF PROTO=TCP SPT=50275 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:24:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18720 SEQ=1 Nov 9 13:24:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.58 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51663 DPT=13978 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12041 SEQ=1 Nov 9 13:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65360 SEQ=1 Nov 9 13:24:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38191 SEQ=1 Nov 9 13:24:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:24:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=11420 PROTO=TCP SPT=53111 DPT=41998 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:24:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.118.232.75 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=42586 PROTO=TCP SPT=57781 DPT=5984 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:24:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:24:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3789 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:24:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:24:52 server83 aibolit_wrapper[27732]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626748929004576.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626748929006266.txt --log=/tmp/malware_cleaner_log_17626748929007860.txt --progress=/tmp/malware_cleaner_progress_17626748929007470.json --csv_result=/tmp/revisium_csvfile_17626748929007650.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6866 SEQ=1 Nov 9 13:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21275 SEQ=1 Nov 9 13:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7670 SEQ=1 Nov 9 13:24:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39160 SEQ=1 Nov 9 13:24:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.114.175.11 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10352 PROTO=TCP SPT=59524 DPT=304 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:24:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.126.149 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=254 PROTO=TCP SPT=58848 DPT=8087 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:24:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:24:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:24:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57632 DF PROTO=TCP SPT=51235 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:24:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57633 DF PROTO=TCP SPT=51235 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:25:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57634 DF PROTO=TCP SPT=51235 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:25:01 server83 systemd: Started Session 312528 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312531 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312529 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312532 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312527 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312533 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312530 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312534 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312535 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312536 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312538 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312537 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312540 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312539 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312541 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312542 of user root. Nov 9 13:25:01 server83 systemd: Started Session 312543 of user root. Nov 9 13:25:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=64820 PROTO=TCP SPT=53171 DPT=9001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47143 PROTO=TCP SPT=49956 DPT=28365 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55026 SEQ=1 Nov 9 13:25:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=36505 PROTO=TCP SPT=46113 DPT=5700 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57635 DF PROTO=TCP SPT=51235 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:25:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53134 PROTO=TCP SPT=56698 DPT=8222 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:07 server83 aibolit_wrapper[28288]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626749071085448.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626749071086922.txt --log=/tmp/malware_cleaner_log_17626749071088186.txt --progress=/tmp/malware_cleaner_progress_17626749071087850.json --csv_result=/tmp/revisium_csvfile_17626749071087990.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23832 SEQ=1 Nov 9 13:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35683 SEQ=1 Nov 9 13:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25196 SEQ=1 Nov 9 13:25:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26884 PROTO=TCP SPT=41811 DPT=2571 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35683 SEQ=1 Nov 9 13:25:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13036 PROTO=TCP SPT=58526 DPT=9479 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=10130 PROTO=TCP SPT=38573 DPT=9865 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:12 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:25:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57636 DF PROTO=TCP SPT=51235 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:25:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3788 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19945 SEQ=1 Nov 9 13:25:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41746 SEQ=1 Nov 9 13:25:23 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 13:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44838 SEQ=1 Nov 9 13:25:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=837 SEQ=1 Nov 9 13:25:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8099 SEQ=1 Nov 9 13:25:24 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:25:24 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:25:24 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:25:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.188.206.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47743 PROTO=TCP SPT=40590 DPT=35000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58591 SEQ=1 Nov 9 13:25:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55564 PROTO=TCP SPT=47553 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55565 PROTO=TCP SPT=47553 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28614 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.153 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55566 PROTO=TCP SPT=47553 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.84.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33145 DPT=695 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.65.38.163 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=13067 PROTO=TCP SPT=61000 DPT=2000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:25:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28616 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:33 server83 aibolit_wrapper[29102]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626749336713330.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626749336714732.txt --log=/tmp/malware_cleaner_log_17626749336716382.txt --progress=/tmp/malware_cleaner_progress_17626749336715868.json --csv_result=/tmp/revisium_csvfile_17626749336716092.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57406 SEQ=1 Nov 9 13:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63245 SEQ=1 Nov 9 13:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=30059 SEQ=39595 Nov 9 13:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=52837 SEQ=39523 Nov 9 13:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=54990 SEQ=39665 Nov 9 13:25:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28617 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.207 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=40843 SEQ=40757 Nov 9 13:25:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28618 PROTO=TCP SPT=40051 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.208 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=25415 SEQ=42073 Nov 9 13:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=39968 SEQ=42141 Nov 9 13:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.210 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=56976 SEQ=42214 Nov 9 13:25:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35355 SEQ=1 Nov 9 13:25:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=13996 DPT=33434 LEN=48 Nov 9 13:25:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=46533 DPT=33434 LEN=48 Nov 9 13:25:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=UDP SPT=2851 DPT=33434 LEN=48 Nov 9 13:25:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44164 SEQ=1 Nov 9 13:25:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=28164 DPT=33434 LEN=48 Nov 9 13:25:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=34866 DPT=33434 LEN=48 Nov 9 13:25:38 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.210 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=46248 DPT=33434 LEN=48 Nov 9 13:25:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.67 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=22697 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:25:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35355 SEQ=1 Nov 9 13:25:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.69 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=12673 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:25:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.70 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=43008 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:25:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.196 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=3002 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:25:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=112.121.190.205 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x20 TTL=46 ID=0 DF PROTO=TCP SPT=44314 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:25:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=112.121.190.209 DST=51.210.113.204 LEN=94 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=6273 DPT=33434 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:25:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:25:45 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:25:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=42229 PROTO=TCP SPT=53111 DPT=47896 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:25:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.rfind: ProactiveModel.Host should not be empty Nov 9 13:25:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.include: ProactiveModel.Host should not be empty Nov 9 13:25:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:25:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.197.83 DST=145.239.177.179 LEN=51 TOS=0x00 PREC=0x00 TTL=46 ID=41690 DF PROTO=UDP SPT=40215 DPT=623 LEN=31 Nov 9 13:25:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.158 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52653 DPT=12525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34641 SEQ=1 Nov 9 13:25:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=39322 DF PROTO=ICMP TYPE=8 CODE=0 ID=25091 SEQ=5323 Nov 9 13:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3202 SEQ=1 Nov 9 13:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=50329 DF PROTO=ICMP TYPE=8 CODE=0 ID=44757 SEQ=4911 Nov 9 13:25:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54643 SEQ=1 Nov 9 13:25:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56245 DPT=33333 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:25:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17466 SEQ=1 Nov 9 13:25:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8806 PROTO=TCP SPT=45727 DPT=31129 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:25:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.14 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=57011 DPT=46509 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:25:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:25:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:25:58 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:26:01 server83 systemd: Started Session 312545 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312544 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312546 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312547 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312548 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312549 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312550 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312552 of user root. Nov 9 13:26:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:26:01 server83 systemd: Started Session 312551 of user accentri. Nov 9 13:26:01 server83 systemd: Started Session 312553 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312554 of user root. Nov 9 13:26:01 server83 systemd: Started Session 312555 of user accentri. Nov 9 13:26:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46141 SEQ=1 Nov 9 13:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27186 SEQ=1 Nov 9 13:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65319 SEQ=1 Nov 9 13:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16727 SEQ=1 Nov 9 13:26:09 server83 aibolit_wrapper[30424]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626749693672566.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626749693674388.txt --log=/tmp/malware_cleaner_log_17626749693675886.txt --progress=/tmp/malware_cleaner_progress_17626749693675480.json --csv_result=/tmp/revisium_csvfile_17626749693675658.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:26:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29588 PROTO=TCP SPT=49956 DPT=27170 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:26:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.133 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=17893 PROTO=TCP SPT=38691 DPT=11316 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:26:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=86.54.31.32 DST=51.210.113.204 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=50269 PROTO=TCP SPT=29011 DPT=4782 WINDOW=6231 RES=0x00 SYN URGP=0 Nov 9 13:26:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33746 SEQ=1 Nov 9 13:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5730 SEQ=1 Nov 9 13:26:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4368 SEQ=1 Nov 9 13:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49586 SEQ=1 Nov 9 13:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=41482 DF PROTO=ICMP TYPE=8 CODE=0 ID=25091 SEQ=20181 Nov 9 13:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5730 SEQ=1 Nov 9 13:26:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35295 SEQ=1 Nov 9 13:26:28 server83 aibolit_wrapper[30906]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626749885961394.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626749885962834.txt --log=/tmp/malware_cleaner_log_17626749885964362.txt --progress=/tmp/malware_cleaner_progress_17626749885963964.json --csv_result=/tmp/revisium_csvfile_17626749885964136.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:26:29 server83 pam_imunify_daemon.bin: time="2025-11-09T13:26:29+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:26:30 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 13:26:30 server83 systemd: Stopped Status Update Service. Nov 9 13:26:30 server83 systemd: Started Status Update Service. Nov 9 13:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44336 SEQ=1 Nov 9 13:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4916 SEQ=1 Nov 9 13:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48607 SEQ=1 Nov 9 13:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51686 SEQ=1 Nov 9 13:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23852 SEQ=1 Nov 9 13:26:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.104.47 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37867 DPT=695 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:26:36 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.230 DST=145.239.177.179 LEN=166 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=53509 DPT=88 LEN=146 Nov 9 13:26:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6352 PROTO=TCP SPT=42111 DPT=2560 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:26:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=5586 PROTO=TCP SPT=53095 DPT=25988 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:26:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:26:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51686 SEQ=1 Nov 9 13:26:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:26:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7673 PROTO=TCP SPT=41811 DPT=2540 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:26:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50015 SEQ=1 Nov 9 13:26:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50015 SEQ=1 Nov 9 13:26:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.config: ProactiveModel.Host should not be empty Nov 9 13:26:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:26:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.202.118.46 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=44599 PROTO=TCP SPT=40548 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:26:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:26:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11834 SEQ=1 Nov 9 13:26:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52038 SEQ=1 Nov 9 13:26:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.248.185.220 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=22845 PROTO=TCP SPT=53781 DPT=8103 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:26:54 server83 aibolit_wrapper[31670]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626750148301784.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626750148303550.txt --log=/tmp/malware_cleaner_log_17626750148304996.txt --progress=/tmp/malware_cleaner_progress_17626750148304604.json --csv_result=/tmp/revisium_csvfile_17626750148304778.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:26:57 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=75.2.18.233 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8684 DF PROTO=TCP SPT=59322 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=4578 GID=4579 Nov 9 13:26:58 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=75.2.18.233 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8685 DF PROTO=TCP SPT=59322 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=4578 GID=4579 Nov 9 13:27:00 server83 aibolit_wrapper[31835]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626750209065458.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626750209068830.txt --progress=/tmp/malware_cleaner_progress_17626750209068392.json --csv_result=/tmp/revisium_csvfile_17626750209068570.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:27:01 server83 systemd: Started Session 312556 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312557 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312558 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312560 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312559 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312561 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312563 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312562 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312564 of user root. Nov 9 13:27:01 server83 systemd: Started Session 312565 of user root. Nov 9 13:27:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46356 SEQ=1 Nov 9 13:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.94.61.231 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=112 ID=55068 DF PROTO=ICMP TYPE=8 CODE=0 ID=51160 SEQ=56582 Nov 9 13:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=53296 DF PROTO=ICMP TYPE=8 CODE=0 ID=49244 SEQ=60263 Nov 9 13:27:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.173.101 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=32841 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48042 SEQ=1 Nov 9 13:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50373 SEQ=1 Nov 9 13:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51890 SEQ=1 Nov 9 13:27:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3782 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:27:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.118.60 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54166 DPT=5901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:27:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.39 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49396 DPT=48574 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:27:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.253 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=68 DF PROTO=TCP SPT=64097 DPT=9706 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:27:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32807 SEQ=1 Nov 9 13:27:18 server83 aibolit_wrapper[32355]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626750382072300.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626750382074162.txt --log=/tmp/malware_cleaner_log_17626750382076184.txt --progress=/tmp/malware_cleaner_progress_17626750382075712.json --csv_result=/tmp/revisium_csvfile_17626750382075920.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:27:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25947 SEQ=1 Nov 9 13:27:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5099 SEQ=1 Nov 9 13:27:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26789 SEQ=1 Nov 9 13:27:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.74 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=26469 DF PROTO=UDP SPT=16274 DPT=2152 LEN=20 Nov 9 13:27:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58190 SEQ=1 Nov 9 13:27:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.90 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=48 ID=28254 PROTO=UDP SPT=54890 DPT=1701 LEN=64 Nov 9 13:27:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.83.247 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=21595 PROTO=TCP SPT=53153 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:27:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41262 PROTO=TCP SPT=59015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:27:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=34827 PROTO=TCP SPT=53111 DPT=888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:27:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41263 PROTO=TCP SPT=59015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:27:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26087 PROTO=TCP SPT=46720 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:27:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41264 PROTO=TCP SPT=59015 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:27:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.254.244.66 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=45353 DF PROTO=TCP SPT=46377 DPT=8907 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48765 SEQ=1 Nov 9 13:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50259 SEQ=1 Nov 9 13:27:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53058 SEQ=1 Nov 9 13:27:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42317 SEQ=1 Nov 9 13:27:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12209 SEQ=1 Nov 9 13:27:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26089 PROTO=TCP SPT=46720 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:27:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48765 SEQ=1 Nov 9 13:27:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26091 PROTO=TCP SPT=46720 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:27:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34889 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:27:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26083 SEQ=1 Nov 9 13:27:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22158 SEQ=1 Nov 9 13:27:50 server83 aibolit_wrapper[740]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626750704530434.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626750704531816.txt --log=/tmp/malware_cleaner_log_17626750704532816.txt --progress=/tmp/malware_cleaner_progress_17626750704532576.json --csv_result=/tmp/revisium_csvfile_17626750704532666.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:27:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.71 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=62198 PROTO=TCP SPT=41970 DPT=30020 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:27:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1426 SEQ=1 Nov 9 13:27:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1426 SEQ=1 Nov 9 13:27:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.207 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51253 DPT=1922 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:01 server83 systemd: Started Session 312566 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312567 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312569 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312568 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312570 of user root. Nov 9 13:28:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:28:01 server83 systemd: Started Session 312572 of user accentri. Nov 9 13:28:01 server83 systemd: Started Session 312573 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312574 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312571 of user root. Nov 9 13:28:01 server83 systemd: Started Session 312576 of user accentri. Nov 9 13:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 13:28:01 server83 systemd: Started Session 312575 of user metalarts. Nov 9 13:28:01 server83 systemd: Started Session 312577 of user root. Nov 9 13:28:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 13:28:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40173 SEQ=1 Nov 9 13:28:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7429 PROTO=TCP SPT=51662 DPT=8649 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:28:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9198 SEQ=1 Nov 9 13:28:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14858 SEQ=1 Nov 9 13:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.48 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52703 DPT=22096 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=221.233.24.226 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=948 PROTO=TCP SPT=27866 DPT=5555 WINDOW=53661 RES=0x00 SYN URGP=0 Nov 9 13:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47771 SEQ=1 Nov 9 13:28:06 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:28:08 server83 aibolit_wrapper[1263]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626750886157110.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626750886158240.txt --log=/tmp/malware_cleaner_log_17626750886159096.txt --progress=/tmp/malware_cleaner_progress_17626750886158874.json --csv_result=/tmp/revisium_csvfile_17626750886158970.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21093 SEQ=1 Nov 9 13:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=19781 DF PROTO=ICMP TYPE=8 CODE=0 ID=7974 SEQ=63925 Nov 9 13:28:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53653 SEQ=1 Nov 9 13:28:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40103 SEQ=1 Nov 9 13:28:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18685 SEQ=1 Nov 9 13:28:18 server83 pam_imunify_daemon.bin: time="2025-11-09T13:28:18+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 13:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 13:28:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33736 SEQ=1 Nov 9 13:28:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12324 PROTO=TCP SPT=49956 DPT=26884 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:28:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64278 SEQ=1 Nov 9 13:28:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=20853 DF PROTO=ICMP TYPE=8 CODE=0 ID=7974 SEQ=445 Nov 9 13:28:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.253 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53914 DPT=12019 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.156.152.139 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11701 PROTO=TCP SPT=50748 DPT=6388 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:28:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.197.229 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47633 DPT=9643 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46436 SEQ=1 Nov 9 13:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51773 SEQ=1 Nov 9 13:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53131 SEQ=1 Nov 9 13:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53131 SEQ=1 Nov 9 13:28:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51773 SEQ=1 Nov 9 13:28:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44940 PROTO=TCP SPT=50580 DPT=7239 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.48 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52263 DPT=8110 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:36 server83 aibolit_wrapper[1897]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626751168189148.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626751168190906.txt --log=/tmp/malware_cleaner_log_17626751168193324.txt --progress=/tmp/malware_cleaner_progress_17626751168192458.json --csv_result=/tmp/revisium_csvfile_17626751168192780.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:28:37 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9690 SEQ=1 Nov 9 13:28:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.231.89.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=12552 DF PROTO=TCP SPT=7804 DPT=9826 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:28:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3780 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:28:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.133 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54896 DPT=8735 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.14.58.0 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=54084 DPT=5431 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:28:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:28:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.74 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50199 DPT=47638 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:28:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19084 PROTO=TCP SPT=45727 DPT=30071 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:28:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49202 PROTO=TCP SPT=49956 DPT=28932 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:28:56 server83 aibolit_wrapper[2386]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626751360562914.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626751360564596.txt --log=/tmp/malware_cleaner_log_17626751360566110.txt --progress=/tmp/malware_cleaner_progress_17626751360565724.json --csv_result=/tmp/revisium_csvfile_17626751360565896.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4884] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4889] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4890] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4894] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4904] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4907] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:28:59 server83 NetworkManager[922]: <info> [1762675139.4923] dhcp4 (eth1): dhclient started with pid 2473 Nov 9 13:28:59 server83 dhclient[2473]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x7cb914b6) Nov 9 13:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:29:01 server83 systemd: Started Session 312579 of user root. Nov 9 13:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:29:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:29:01 server83 systemd: Started Session 312582 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312580 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312581 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312578 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312583 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312584 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312585 of user root. Nov 9 13:29:01 server83 systemd: Started Session 312586 of user root. Nov 9 13:29:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3787 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=236 SEQ=1 Nov 9 13:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60106 SEQ=1 Nov 9 13:29:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:29:04 server83 dhclient[2473]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x7cb914b6) Nov 9 13:29:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29023 PROTO=TCP SPT=45089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29024 PROTO=TCP SPT=45089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3294 SEQ=1 Nov 9 13:29:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.28.230.147 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=1343 PROTO=TCP SPT=45432 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12032 SEQ=1 Nov 9 13:29:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23251 PROTO=TCP SPT=58137 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=29025 PROTO=TCP SPT=45089 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23252 PROTO=TCP SPT=58137 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9265 SEQ=1 Nov 9 13:29:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23253 PROTO=TCP SPT=58137 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=23255 PROTO=TCP SPT=58137 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:14 server83 dhclient[2473]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x7cb914b6) Nov 9 13:29:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.221.72.115 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=10522 PROTO=TCP SPT=45273 DPT=109 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:29:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=20554 DF PROTO=TCP SPT=56721 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:29:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=20555 DF PROTO=TCP SPT=56721 DPT=21 WINDOW=65535 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29724 SEQ=1 Nov 9 13:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27124 SEQ=1 Nov 9 13:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25832 SEQ=1 Nov 9 13:29:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20510 SEQ=1 Nov 9 13:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25832 SEQ=1 Nov 9 13:29:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=20556 DF PROTO=TCP SPT=56721 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:29:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28419 SEQ=1 Nov 9 13:29:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:29:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:29:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=20557 DF PROTO=TCP SPT=56721 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:29:25 server83 dhclient[2473]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x7cb914b6) Nov 9 13:29:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=38042 PROTO=TCP SPT=55917 DPT=7512 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:29 server83 aibolit_wrapper[3479]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626751695348174.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626751695349150.txt --log=/tmp/malware_cleaner_log_17626751695349944.txt --progress=/tmp/malware_cleaner_progress_17626751695349720.json --csv_result=/tmp/revisium_csvfile_17626751695349820.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:29:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.177.245 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=59667 DPT=3456 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:29:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=212.132.125.106 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=20558 DF PROTO=TCP SPT=56721 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:29:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=3075 PROTO=TCP SPT=35140 DPT=7594 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:29:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43970 PROTO=TCP SPT=50482 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:34 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.243 DST=145.239.177.179 LEN=35 TOS=0x00 PREC=0x00 TTL=35 ID=44659 PROTO=UDP SPT=62227 DPT=55153 LEN=15 Nov 9 13:29:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43971 PROTO=TCP SPT=50482 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3026 PROTO=TCP SPT=64448 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43972 PROTO=TCP SPT=50482 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.59.78 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25405 PROTO=TCP SPT=61000 DPT=29346 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3027 PROTO=TCP SPT=64448 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43973 PROTO=TCP SPT=50482 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13603 SEQ=1 Nov 9 13:29:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52616 SEQ=1 Nov 9 13:29:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=3029 PROTO=TCP SPT=64448 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53515 SEQ=1 Nov 9 13:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52616 SEQ=1 Nov 9 13:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18106 SEQ=1 Nov 9 13:29:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25682 SEQ=1 Nov 9 13:29:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:29:43 server83 dhclient[2473]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x7cb914b6) Nov 9 13:29:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.137 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=18297 PROTO=TCP SPT=11640 DPT=7547 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:29:44 server83 NetworkManager[922]: <warn> [1762675184.4503] dhcp4 (eth1): request timed out Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2473 Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:29:44 server83 NetworkManager[922]: <warn> [1762675184.4589] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4628] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4629] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4633] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4644] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4646] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:29:44 server83 NetworkManager[922]: <info> [1762675184.4659] dhcp4 (eth1): dhclient started with pid 3933 Nov 9 13:29:44 server83 dhclient[3933]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5ce7de98) Nov 9 13:29:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7513 SEQ=1 Nov 9 13:29:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.41 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53100 PROTO=TCP SPT=45865 DPT=5903 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.config: ProactiveModel.Host should not be empty Nov 9 13:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:29:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63739 SEQ=1 Nov 9 13:29:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3778 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:47 server83 dhclient[3933]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x5ce7de98) Nov 9 13:29:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19688 SEQ=1 Nov 9 13:29:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23604 SEQ=1 Nov 9 13:29:50 server83 dhclient[3933]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x5ce7de98) Nov 9 13:29:50 server83 aibolit_wrapper[4096]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626751908296826.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626751908298176.txt --log=/tmp/malware_cleaner_log_17626751908299288.txt --progress=/tmp/malware_cleaner_progress_17626751908298996.json --csv_result=/tmp/revisium_csvfile_17626751908299124.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:29:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53818 PROTO=TCP SPT=49956 DPT=26699 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:29:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:29:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.162 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15566 PROTO=TCP SPT=41056 DPT=6066 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:29:54 server83 dhclient[3933]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x5ce7de98) Nov 9 13:30:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3786 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:30:01 server83 systemd: Started Session 312587 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312589 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312590 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312591 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312592 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312593 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312596 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312588 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312594 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312595 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312597 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312598 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312599 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312601 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312600 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312602 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312603 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312604 of user root. Nov 9 13:30:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:30:01 server83 systemd: Started Session 312605 of user accentri. Nov 9 13:30:01 server83 systemd: Started Session 312606 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312607 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312608 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312609 of user root. Nov 9 13:30:01 server83 systemd: Started Session 312610 of user accentri. Nov 9 13:30:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:30:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57637 DF PROTO=TCP SPT=57053 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:30:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51007 SEQ=1 Nov 9 13:30:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48648 SEQ=1 Nov 9 13:30:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57638 DF PROTO=TCP SPT=57053 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:30:05 server83 dhclient[3933]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5ce7de98) Nov 9 13:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13507 SEQ=1 Nov 9 13:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11291 SEQ=1 Nov 9 13:30:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57639 DF PROTO=TCP SPT=57053 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:30:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36839 SEQ=1 Nov 9 13:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11963 SEQ=1 Nov 9 13:30:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51007 SEQ=1 Nov 9 13:30:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=97.107.141.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57531 DPT=3456 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:30:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57640 DF PROTO=TCP SPT=57053 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:30:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=55384 PROTO=TCP SPT=42909 DPT=9801 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:30:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16282 SEQ=1 Nov 9 13:30:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11697 SEQ=1 Nov 9 13:30:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57641 DF PROTO=TCP SPT=57053 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:30:18 server83 dhclient[3933]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x5ce7de98) Nov 9 13:30:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=2467 PROTO=TCP SPT=51074 DPT=8045 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:30:19 server83 aibolit_wrapper[6678]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626752196528788.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626752196530242.txt --log=/tmp/malware_cleaner_log_17626752196532112.txt --progress=/tmp/malware_cleaner_progress_17626752196531600.json --csv_result=/tmp/revisium_csvfile_17626752196531828.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:30:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:30:24 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19788 SEQ=1 Nov 9 13:30:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11535 SEQ=1 Nov 9 13:30:28 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:30:28 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:30:28 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:30:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=20313 PROTO=TCP SPT=57388 DPT=82 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:30:29 server83 NetworkManager[922]: <warn> [1762675229.4474] dhcp4 (eth1): request timed out Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4474] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4634] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3933 Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4635] dhcp4 (eth1): state changed timeout -> done Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4637] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:30:29 server83 NetworkManager[922]: <warn> [1762675229.4641] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4643] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4677] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4681] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4682] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4686] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4696] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4699] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:30:29 server83 NetworkManager[922]: <info> [1762675229.4712] dhcp4 (eth1): dhclient started with pid 7971 Nov 9 13:30:29 server83 dhclient[7971]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x36f53cb2) Nov 9 13:30:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:30:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33780 SEQ=1 Nov 9 13:30:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43931 SEQ=1 Nov 9 13:30:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52817 SEQ=1 Nov 9 13:30:35 server83 dhclient[7971]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x36f53cb2) Nov 9 13:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58040 SEQ=1 Nov 9 13:30:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22068 SEQ=1 Nov 9 13:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27917 SEQ=1 Nov 9 13:30:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58040 SEQ=1 Nov 9 13:30:43 server83 aibolit_wrapper[9717]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626752438853322.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626752438855048.txt --log=/tmp/malware_cleaner_log_17626752438856922.txt --progress=/tmp/malware_cleaner_progress_17626752438856470.json --csv_result=/tmp/revisium_csvfile_17626752438856682.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:30:44 server83 scripts.sh: Sun Nov 9 13:30:44 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:30:45 server83 dhclient[7971]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x36f53cb2) Nov 9 13:30:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.multi: ProactiveModel.Host should not be empty Nov 9 13:30:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.accepted: ProactiveModel.Host should not be empty Nov 9 13:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31832 SEQ=1 Nov 9 13:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33030 SEQ=1 Nov 9 13:30:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31832 SEQ=1 Nov 9 13:30:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=41999 PROTO=TCP SPT=51775 DPT=43927 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:30:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:30:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25170 PROTO=TCP SPT=43694 DPT=9381 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:30:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3785 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:30:55 server83 pam_imunify_daemon.bin: time="2025-11-09T13:30:55+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 13:30:57 server83 dhclient[7971]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x36f53cb2) Nov 9 13:31:01 server83 systemd: Started Session 312612 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312611 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312613 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312614 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312615 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312616 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312617 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312618 of user root. Nov 9 13:31:01 server83 systemd: Started Session 312619 of user root. Nov 9 13:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21576 SEQ=1 Nov 9 13:31:05 server83 dhclient[7971]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x36f53cb2) Nov 9 13:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6830 SEQ=1 Nov 9 13:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27712 SEQ=1 Nov 9 13:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56240 SEQ=1 Nov 9 13:31:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14366 SEQ=1 Nov 9 13:31:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.7 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53616 DPT=19091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:31:13 server83 dhclient[7971]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x36f53cb2) Nov 9 13:31:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:31:14 server83 NetworkManager[922]: <warn> [1762675274.4503] dhcp4 (eth1): request timed out Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7971 Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:31:14 server83 NetworkManager[922]: <warn> [1762675274.4669] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4670] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4700] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4703] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4703] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4706] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4714] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4716] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:31:14 server83 NetworkManager[922]: <info> [1762675274.4726] dhcp4 (eth1): dhclient started with pid 13785 Nov 9 13:31:14 server83 dhclient[13785]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2b8662fa) Nov 9 13:31:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=28774 PROTO=TCP SPT=56506 DPT=3391 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:31:19 server83 aibolit_wrapper[14433]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626752793947912.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626752793949000.txt --log=/tmp/malware_cleaner_log_17626752793950130.txt --progress=/tmp/malware_cleaner_progress_17626752793949824.json --csv_result=/tmp/revisium_csvfile_17626752793949942.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:31:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=58382 DF PROTO=ICMP TYPE=8 CODE=0 ID=8402 SEQ=52034 Nov 9 13:31:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57642 DF PROTO=TCP SPT=58990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48592 SEQ=1 Nov 9 13:31:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57643 DF PROTO=TCP SPT=58990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45904 SEQ=1 Nov 9 13:31:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64997 SEQ=1 Nov 9 13:31:22 server83 dhclient[13785]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x2b8662fa) Nov 9 13:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15337 SEQ=1 Nov 9 13:31:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57644 DF PROTO=TCP SPT=58990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52319 PROTO=TCP SPT=57363 DPT=8784 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:31:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57645 DF PROTO=TCP SPT=58990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:30 server83 dhclient[13785]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x2b8662fa) Nov 9 13:31:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47782 SEQ=1 Nov 9 13:31:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49050 SEQ=1 Nov 9 13:31:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29292 SEQ=1 Nov 9 13:31:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.208.236 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44064 DPT=4145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:31:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.94 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=11550 PROTO=TCP SPT=54908 DPT=9201 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:31:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=195.184.76.207 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=11607 DF PROTO=TCP SPT=13573 DPT=5800 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:31:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57646 DF PROTO=TCP SPT=58990 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29292 SEQ=1 Nov 9 13:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48056 SEQ=1 Nov 9 13:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47782 SEQ=1 Nov 9 13:31:38 server83 aibolit_wrapper[16588]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626752981080914.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626752981082120.txt --log=/tmp/malware_cleaner_log_17626752981083222.txt --progress=/tmp/malware_cleaner_progress_17626752981082864.json --csv_result=/tmp/revisium_csvfile_17626752981082978.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36708 SEQ=1 Nov 9 13:31:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:31:42 server83 dhclient[13785]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x2b8662fa) Nov 9 13:31:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.223.104.85 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37954 DPT=10002 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:31:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20662 SEQ=1 Nov 9 13:31:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57647 DF PROTO=TCP SPT=59654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:31:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:31:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57648 DF PROTO=TCP SPT=59654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.241 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51776 DPT=45812 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:31:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47845 PROTO=TCP SPT=42044 DPT=4660 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:31:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57649 DF PROTO=TCP SPT=59654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:57 server83 dhclient[13785]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x2b8662fa) Nov 9 13:31:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57650 DF PROTO=TCP SPT=59654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:31:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34187 PROTO=TCP SPT=49956 DPT=29833 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:31:59 server83 NetworkManager[922]: <warn> [1762675319.4484] dhcp4 (eth1): request timed out Nov 9 13:31:59 server83 NetworkManager[922]: <info> [1762675319.4484] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:31:59 server83 NetworkManager[922]: <info> [1762675319.4644] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 13785 Nov 9 13:31:59 server83 NetworkManager[922]: <info> [1762675319.4644] dhcp4 (eth1): state changed timeout -> done Nov 9 13:31:59 server83 NetworkManager[922]: <info> [1762675319.4646] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:31:59 server83 NetworkManager[922]: <warn> [1762675319.4650] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:31:59 server83 NetworkManager[922]: <info> [1762675319.4652] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:32:01 server83 systemd: Started Session 312620 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312622 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312621 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312623 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312625 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312624 of user root. Nov 9 13:32:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:32:01 server83 systemd: Started Session 312627 of user accentri. Nov 9 13:32:01 server83 systemd: Started Session 312626 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312628 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312629 of user root. Nov 9 13:32:01 server83 systemd: Started Session 312630 of user accentri. Nov 9 13:32:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:32:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49059 SEQ=1 Nov 9 13:32:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53286 SEQ=1 Nov 9 13:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59992 SEQ=1 Nov 9 13:32:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2095 SEQ=1 Nov 9 13:32:04 server83 aibolit_wrapper[19877]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626753243918488.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626753243919584.txt --log=/tmp/malware_cleaner_log_17626753243920546.txt --progress=/tmp/malware_cleaner_progress_17626753243920260.json --csv_result=/tmp/revisium_csvfile_17626753243920378.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:32:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57651 DF PROTO=TCP SPT=59654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2095 SEQ=1 Nov 9 13:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15093 SEQ=1 Nov 9 13:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49059 SEQ=1 Nov 9 13:32:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2009 PROTO=TCP SPT=55002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2010 PROTO=TCP SPT=55002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=9644 PROTO=TCP SPT=45413 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2011 PROTO=TCP SPT=55002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=9645 PROTO=TCP SPT=45413 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=2012 PROTO=TCP SPT=55002 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:14 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:32:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=9646 PROTO=TCP SPT=45413 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=9648 PROTO=TCP SPT=45413 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:32:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60117 DPT=35000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26729 SEQ=1 Nov 9 13:32:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43657 SEQ=1 Nov 9 13:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40322 SEQ=1 Nov 9 13:32:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40322 SEQ=1 Nov 9 13:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56299 SEQ=1 Nov 9 13:32:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19648 SEQ=1 Nov 9 13:32:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57652 DF PROTO=TCP SPT=60504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:32:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.118.45 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=0 DF PROTO=TCP SPT=9999 DPT=2054 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:32:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57653 DF PROTO=TCP SPT=60504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:32:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57654 DF PROTO=TCP SPT=60504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:32:32 server83 aibolit_wrapper[23690]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626753525887626.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626753525888994.txt --log=/tmp/malware_cleaner_log_17626753525890222.txt --progress=/tmp/malware_cleaner_progress_17626753525889968.json --csv_result=/tmp/revisium_csvfile_17626753525890080.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:32:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57655 DF PROTO=TCP SPT=60504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:32:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60452 SEQ=1 Nov 9 13:32:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30058 SEQ=1 Nov 9 13:32:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30610 SEQ=1 Nov 9 13:32:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30601 SEQ=1 Nov 9 13:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41492 PROTO=TCP SPT=36815 DPT=4980 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6675 SEQ=1 Nov 9 13:32:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57656 DF PROTO=TCP SPT=60504 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:32:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:32:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60916 SEQ=1 Nov 9 13:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40428 SEQ=1 Nov 9 13:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60916 SEQ=1 Nov 9 13:32:51 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:32:52 server83 systemd: Started Session c2886 of user root. Nov 9 13:32:53 server83 scripts.sh: Load Average: 4.59 , 4.10 Nov 9 13:32:53 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 13:32:53 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 13:32:53 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 13:32:53 server83 scripts.sh: HTTPD Status: inactive Nov 9 13:32:53 server83 scripts.sh: MySQL Status: active Nov 9 13:32:53 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 13:32:53 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 13:32:53 server83 scripts.sh: SSHD Status: active Nov 9 13:32:53 server83 scripts.sh: FTP Status: active Nov 9 13:32:53 server83 scripts.sh: LiteSpeed Status: Active Nov 9 13:32:53 server83 scripts.sh: Imunify Status: Active Nov 9 13:32:53 server83 scripts.sh: cPanel Status: active Nov 9 13:32:53 server83 scripts.sh: Memory Status: 12/31 GB - 39.24% Nov 9 13:32:53 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 13:32:53 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 13:32:53 server83 scripts.sh: Local Version: 4.4.5 Nov 9 13:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.101 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=7480 PROTO=TCP SPT=52534 DPT=3309 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:32:57 server83 aibolit_wrapper[26936]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626753778970408.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626753778971552.txt --log=/tmp/malware_cleaner_log_17626753778972408.txt --progress=/tmp/malware_cleaner_progress_17626753778972188.json --csv_result=/tmp/revisium_csvfile_17626753778972282.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:33:01 server83 systemd: Started Session 312632 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312631 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312633 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312634 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312635 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312636 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312638 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312639 of user root. Nov 9 13:33:01 server83 systemd: Started Session 312637 of user root. Nov 9 13:33:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41709 SEQ=1 Nov 9 13:33:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30891 SEQ=1 Nov 9 13:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31788 SEQ=1 Nov 9 13:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20667 SEQ=1 Nov 9 13:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20667 SEQ=1 Nov 9 13:33:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9337 SEQ=1 Nov 9 13:33:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=35094 PROTO=TCP SPT=56234 DPT=12146 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:33:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=30405 PROTO=TCP SPT=50784 DPT=7627 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14015 SEQ=1 Nov 9 13:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41709 SEQ=1 Nov 9 13:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18247 SEQ=1 Nov 9 13:33:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.19 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53636 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:33:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.97 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3569 PROTO=TCP SPT=64995 DPT=29967 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:33:18 server83 aibolit_wrapper[29364]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626753983980344.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626753983981488.txt --log=/tmp/malware_cleaner_log_17626753983982456.txt --progress=/tmp/malware_cleaner_progress_17626753983982180.json --csv_result=/tmp/revisium_csvfile_17626753983982296.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:33:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.69 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=37395 PROTO=TCP SPT=56506 DPT=3397 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:33:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41231 SEQ=1 Nov 9 13:33:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38549 SEQ=1 Nov 9 13:33:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54466 SEQ=1 Nov 9 13:33:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45199 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:33:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39429 SEQ=1 Nov 9 13:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54466 SEQ=1 Nov 9 13:33:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=5756 PROTO=TCP SPT=43472 DPT=8408 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39429 SEQ=1 Nov 9 13:33:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:33:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=55210 PROTO=TCP SPT=53790 DPT=5061 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:33:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=53681 PROTO=TCP SPT=53111 DPT=30796 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:33:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.101 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42894 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55229 SEQ=1 Nov 9 13:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13829 SEQ=1 Nov 9 13:33:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54239 SEQ=1 Nov 9 13:33:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16051 SEQ=1 Nov 9 13:33:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47737 SEQ=1 Nov 9 13:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57619 SEQ=1 Nov 9 13:33:45 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.87 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=45 ID=60074 DF PROTO=UDP SPT=42265 DPT=32414 LEN=9 Nov 9 13:33:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55787 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:33:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.mb_convert: ProactiveModel.Host should not be empty Nov 9 13:33:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:33:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41583 SEQ=1 Nov 9 13:33:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65238 SEQ=1 Nov 9 13:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55692 SEQ=1 Nov 9 13:33:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57168 SEQ=1 Nov 9 13:33:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.104.47 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50010 DPT=1 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:33:52 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55808 SEQ=1 Nov 9 13:33:52 server83 aibolit_wrapper[1198]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626754327026690.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626754327028366.txt --log=/tmp/malware_cleaner_log_17626754327030578.txt --progress=/tmp/malware_cleaner_progress_17626754327030018.json --csv_result=/tmp/revisium_csvfile_17626754327030280.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57168 SEQ=1 Nov 9 13:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37783 SEQ=1 Nov 9 13:33:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:34:01 server83 systemd: Started Session 312640 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312641 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312643 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312644 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312642 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312645 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312646 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312647 of user root. Nov 9 13:34:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:34:01 server83 systemd: Started Session 312648 of user accentri. Nov 9 13:34:01 server83 systemd: Started Session 312650 of user root. Nov 9 13:34:01 server83 systemd: Started Session 312649 of user accentri. Nov 9 13:34:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:34:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43685 PROTO=TCP SPT=51461 DPT=8547 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43142 SEQ=1 Nov 9 13:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10858 SEQ=1 Nov 9 13:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54345 SEQ=1 Nov 9 13:34:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39809 SEQ=1 Nov 9 13:34:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65472 SEQ=1 Nov 9 13:34:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.190.155.134 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=23817 PROTO=TCP SPT=61007 DPT=8082 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:34:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1262 PROTO=TCP SPT=46162 DPT=6888 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15562 SEQ=1 Nov 9 13:34:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60033 SEQ=1 Nov 9 13:34:18 server83 aibolit_wrapper[4508]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626754585592194.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626754585595436.txt --log=/tmp/malware_cleaner_log_17626754585597334.txt --progress=/tmp/malware_cleaner_progress_17626754585596890.json --csv_result=/tmp/revisium_csvfile_17626754585597108.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:34:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3783 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33681 SEQ=1 Nov 9 13:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33681 SEQ=1 Nov 9 13:34:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20435 SEQ=1 Nov 9 13:34:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=22765 PROTO=TCP SPT=51165 DPT=7934 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:34:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3776 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11541 SEQ=1 Nov 9 13:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22714 SEQ=1 Nov 9 13:34:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.64 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=12575 PROTO=TCP SPT=56956 DPT=8405 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11541 SEQ=1 Nov 9 13:34:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=742 SEQ=1 Nov 9 13:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56267 SEQ=1 Nov 9 13:34:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41298 SEQ=1 Nov 9 13:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20157 SEQ=1 Nov 9 13:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20157 SEQ=1 Nov 9 13:34:41 server83 aibolit_wrapper[7185]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626754818027580.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626754818029268.txt --log=/tmp/malware_cleaner_log_17626754818030968.txt --progress=/tmp/malware_cleaner_progress_17626754818030458.json --csv_result=/tmp/revisium_csvfile_17626754818030676.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:34:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:34:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.uconvert: ProactiveModel.Host should not be empty Nov 9 13:34:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.sys: ProactiveModel.Host should not be empty Nov 9 13:34:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:34:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:34:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48535 PROTO=TCP SPT=49956 DPT=25567 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:34:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=64070 DF PROTO=ICMP TYPE=8 CODE=0 ID=53975 SEQ=41330 Nov 9 13:34:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24369 SEQ=1 Nov 9 13:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40491 SEQ=1 Nov 9 13:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6655 SEQ=1 Nov 9 13:34:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1245 SEQ=1 Nov 9 13:34:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63264 SEQ=1 Nov 9 13:34:52 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:34:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36667 SEQ=1 Nov 9 13:34:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59661 SEQ=1 Nov 9 13:35:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54948 SEQ=1 Nov 9 13:35:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50648 SEQ=1 Nov 9 13:35:01 server83 systemd: Started Session 312652 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312653 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312655 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312658 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312651 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312659 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312657 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312660 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312654 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312661 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312656 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312662 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312663 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312664 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312665 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312666 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312667 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312668 of user root. Nov 9 13:35:01 server83 systemd: Started Session 312669 of user root. Nov 9 13:35:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2412 SEQ=1 Nov 9 13:35:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=37331 PROTO=TCP SPT=42609 DPT=4049 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50648 SEQ=1 Nov 9 13:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=64900 DF PROTO=ICMP TYPE=8 CODE=0 ID=53975 SEQ=36219 Nov 9 13:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29943 SEQ=1 Nov 9 13:35:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.81.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54477 DPT=6443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:35:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23403 SEQ=1 Nov 9 13:35:11 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.235.176.50 DST=145.239.177.179 LEN=220 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=UDP SPT=45647 DPT=123 LEN=200 Nov 9 13:35:12 server83 aibolit_wrapper[10539]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626755121196058.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626755121197632.txt --log=/tmp/malware_cleaner_log_17626755121199038.txt --progress=/tmp/malware_cleaner_progress_17626755121198656.json --csv_result=/tmp/revisium_csvfile_17626755121198806.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:35:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8420 SEQ=1 Nov 9 13:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31373 SEQ=1 Nov 9 13:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3376 SEQ=1 Nov 9 13:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.29 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=108 ID=6669 DF PROTO=ICMP TYPE=8 CODE=0 ID=5307 SEQ=29827 Nov 9 13:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31373 SEQ=1 Nov 9 13:35:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58489 SEQ=1 Nov 9 13:35:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.245.186 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=3972 DF PROTO=TCP SPT=48343 DPT=2259 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:35:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50990 SEQ=1 Nov 9 13:35:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3775 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:35:27 server83 aibolit_wrapper[12291]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626755274020256.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626755274022078.txt --log=/tmp/malware_cleaner_log_17626755274023902.txt --progress=/tmp/malware_cleaner_progress_17626755274023420.json --csv_result=/tmp/revisium_csvfile_17626755274023630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:35:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:35:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:35:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:35:29 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.92.209.218 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=54711 DF PROTO=ICMP TYPE=8 CODE=0 ID=24141 SEQ=60803 Nov 9 13:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32611 SEQ=1 Nov 9 13:35:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9475 SEQ=1 Nov 9 13:35:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55910 SEQ=1 Nov 9 13:35:35 server83 aibolit_wrapper[13294]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626755350101398.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626755350105234.txt --progress=/tmp/malware_cleaner_progress_17626755350104670.json --csv_result=/tmp/revisium_csvfile_17626755350104936.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:35:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30547 SEQ=1 Nov 9 13:35:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38060 SEQ=1 Nov 9 13:35:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.26.104.212 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=47 ID=4873 DF PROTO=TCP SPT=38149 DPT=2302 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:35:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.236 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43453 DPT=6443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:35:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58482 DPT=35000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:35:46 server83 aibolit_wrapper[14664]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626755465470004.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626755465471650.txt --log=/tmp/malware_cleaner_log_17626755465473334.txt --progress=/tmp/malware_cleaner_progress_17626755465472792.json --csv_result=/tmp/revisium_csvfile_17626755465473072.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:35:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:35:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=6121 PROTO=TCP SPT=51791 DPT=21 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:35:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14608 PROTO=TCP SPT=51791 DPT=35064 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:35:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46351 SEQ=1 Nov 9 13:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45479 SEQ=1 Nov 9 13:35:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27324 SEQ=1 Nov 9 13:35:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8057 SEQ=1 Nov 9 13:35:55 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:35:59 server83 pam_imunify_daemon.bin: time="2025-11-09T13:35:59+05:30" level=warning msg="Send stats for 5 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=5 Nov 9 13:36:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=86.54.31.44 DST=145.239.177.179 LEN=44 TOS=0x10 PREC=0x00 TTL=115 ID=61625 PROTO=TCP SPT=26200 DPT=25006 WINDOW=34460 RES=0x00 SYN URGP=0 Nov 9 13:36:01 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 13:36:01 server83 systemd: Stopped Status Update Service. Nov 9 13:36:01 server83 systemd: Started Status Update Service. Nov 9 13:36:01 server83 systemd: Started Session 312670 of user root. Nov 9 13:36:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:36:01 server83 systemd: Started Session 312671 of user accentri. Nov 9 13:36:01 server83 systemd: Started Session 312673 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312672 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312674 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312675 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312677 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312678 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312676 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312680 of user root. Nov 9 13:36:01 server83 systemd: Started Session 312679 of user accentri. Nov 9 13:36:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:36:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57657 DF PROTO=TCP SPT=64332 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:36:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57658 DF PROTO=TCP SPT=64332 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:36:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:36:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57659 DF PROTO=TCP SPT=64332 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:36:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63164 SEQ=1 Nov 9 13:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18882 SEQ=1 Nov 9 13:36:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49847 SEQ=1 Nov 9 13:36:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.42.25 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=55313 DPT=4567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38938 SEQ=1 Nov 9 13:36:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9345 SEQ=1 Nov 9 13:36:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57660 DF PROTO=TCP SPT=64332 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:36:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3774 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:36:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7154 PROTO=TCP SPT=42111 DPT=2623 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:36:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=40632 PROTO=TCP SPT=55291 DPT=8555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:36:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57661 DF PROTO=TCP SPT=64332 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:36:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16144 SEQ=1 Nov 9 13:36:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35438 SEQ=1 Nov 9 13:36:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=31207 PROTO=TCP SPT=48045 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:36:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2045 SEQ=1 Nov 9 13:36:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=31208 PROTO=TCP SPT=48045 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:36:21 server83 aibolit_wrapper[18321]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626755811017498.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626755811018886.txt --log=/tmp/malware_cleaner_log_17626755811020008.txt --progress=/tmp/malware_cleaner_progress_17626755811019774.json --csv_result=/tmp/revisium_csvfile_17626755811019880.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:36:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38041 PROTO=TCP SPT=56701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:36:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=31209 PROTO=TCP SPT=48045 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:36:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.190 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=38119 PROTO=TCP SPT=53762 DPT=44443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:36:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38042 PROTO=TCP SPT=56701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:36:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32532 SEQ=1 Nov 9 13:36:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19641 SEQ=1 Nov 9 13:36:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38044 PROTO=TCP SPT=56701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:36:27 server83 aibolit_wrapper[18937]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626755873289778.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626755873291526.txt --log=/tmp/malware_cleaner_log_17626755873293194.txt --progress=/tmp/malware_cleaner_progress_17626755873292678.json --csv_result=/tmp/revisium_csvfile_17626755873292864.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62101 SEQ=1 Nov 9 13:36:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23001 SEQ=1 Nov 9 13:36:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:36:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13040 SEQ=1 Nov 9 13:36:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13848 SEQ=1 Nov 9 13:36:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.212 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50445 DPT=9264 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:36:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:36:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:36:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42137 SEQ=1 Nov 9 13:36:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.140.22 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=3335 DF PROTO=TCP SPT=45779 DPT=7181 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:36:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59544 SEQ=1 Nov 9 13:36:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.156.152.139 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52252 PROTO=TCP SPT=50748 DPT=6389 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:36:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16183 SEQ=1 Nov 9 13:36:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:36:51 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:36:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.34 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=43431 DPT=4567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:36:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37554 SEQ=1 Nov 9 13:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59654 SEQ=1 Nov 9 13:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42137 SEQ=1 Nov 9 13:36:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42024 SEQ=1 Nov 9 13:36:55 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:36:55 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:36:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.76.193 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=53681 DF PROTO=TCP SPT=54705 DPT=12257 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4950] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4954] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4955] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4958] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4967] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4969] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:36:59 server83 NetworkManager[922]: <info> [1762675619.4982] dhcp4 (eth1): dhclient started with pid 23254 Nov 9 13:36:59 server83 dhclient[23254]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0xd9002dc) Nov 9 13:37:00 server83 aibolit_wrapper[23440]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626756205984306.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626756205985584.txt --log=/tmp/malware_cleaner_log_17626756205986724.txt --progress=/tmp/malware_cleaner_progress_17626756205986418.json --csv_result=/tmp/revisium_csvfile_17626756205986554.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:37:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:37:01 server83 systemd: Started Session 312681 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312686 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312684 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312687 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312683 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312689 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312688 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312685 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312682 of user root. Nov 9 13:37:01 server83 systemd: Started Session 312690 of user root. Nov 9 13:37:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21442 SEQ=1 Nov 9 13:37:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7054 SEQ=1 Nov 9 13:37:04 server83 dhclient[23254]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0xd9002dc) Nov 9 13:37:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29468 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29469 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:06 server83 aibolit_wrapper[24447]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626756268708224.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626756268710074.txt --log=/tmp/malware_cleaner_log_17626756268711696.txt --progress=/tmp/malware_cleaner_progress_17626756268711250.json --csv_result=/tmp/revisium_csvfile_17626756268711448.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:37:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57662 DF PROTO=TCP SPT=49577 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49029 SEQ=1 Nov 9 13:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19038 SEQ=1 Nov 9 13:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57663 DF PROTO=TCP SPT=49577 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33292 SEQ=1 Nov 9 13:37:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29470 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44939 SEQ=1 Nov 9 13:37:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57664 DF PROTO=TCP SPT=49577 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.1 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52178 DPT=45774 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:37:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29471 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57665 DF PROTO=TCP SPT=49577 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:37:17 server83 dhclient[23254]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0xd9002dc) Nov 9 13:37:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4873 SEQ=1 Nov 9 13:37:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29472 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54030 SEQ=1 Nov 9 13:37:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57666 DF PROTO=TCP SPT=49577 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35811 SEQ=1 Nov 9 13:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18589 SEQ=1 Nov 9 13:37:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14271 SEQ=1 Nov 9 13:37:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59279 PROTO=TCP SPT=49956 DPT=25064 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:37:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.5 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49969 DPT=9177 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:37:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31701 PROTO=TCP SPT=45727 DPT=34322 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.116.205 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=47556 DF PROTO=TCP SPT=48580 DPT=3150 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:37:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57667 DF PROTO=TCP SPT=50280 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57668 DF PROTO=TCP SPT=50280 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26272 SEQ=1 Nov 9 13:37:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57669 DF PROTO=TCP SPT=50280 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22023 SEQ=1 Nov 9 13:37:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30132 SEQ=1 Nov 9 13:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29473 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30132 SEQ=1 Nov 9 13:37:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49709 SEQ=1 Nov 9 13:37:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57670 DF PROTO=TCP SPT=50280 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:37:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5474 SEQ=1 Nov 9 13:37:38 server83 dhclient[23254]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0xd9002dc) Nov 9 13:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60165 DF PROTO=TCP SPT=34828 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.148.127 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=1 DF PROTO=TCP SPT=64163 DPT=25565 WINDOW=32768 RES=0x00 SYN URGP=0 Nov 9 13:37:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=2273 PROTO=TCP SPT=39312 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:37:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60166 DF PROTO=TCP SPT=34828 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:37:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=8315 PROTO=TCP SPT=51202 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:37:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:37:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=8317 PROTO=TCP SPT=51202 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:37:44 server83 NetworkManager[922]: <warn> [1762675664.4503] dhcp4 (eth1): request timed out Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23254 Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:37:44 server83 NetworkManager[922]: <warn> [1762675664.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4591] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4621] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4624] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4624] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4626] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4635] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4636] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:37:44 server83 NetworkManager[922]: <info> [1762675664.4647] dhcp4 (eth1): dhclient started with pid 29230 Nov 9 13:37:44 server83 dhclient[29230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4daebeae) Nov 9 13:37:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.143 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=44120 PROTO=TCP SPT=56813 DPT=31303 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:37:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.ibase_pconnection: ProactiveModel.Host should not be empty Nov 9 13:37:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33258 PROTO=TCP SPT=45727 DPT=34055 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:37:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63958 SEQ=1 Nov 9 13:37:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57193 SEQ=1 Nov 9 13:37:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31977 SEQ=1 Nov 9 13:37:51 server83 dhclient[29230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x4daebeae) Nov 9 13:37:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51606 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:37:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63958 SEQ=1 Nov 9 13:37:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28388 SEQ=1 Nov 9 13:37:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=28612 PROTO=TCP SPT=42111 DPT=2790 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:37:54 server83 aibolit_wrapper[30533]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626756745396010.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626756745397782.txt --log=/tmp/malware_cleaner_log_17626756745399754.txt --progress=/tmp/malware_cleaner_progress_17626756745399228.json --csv_result=/tmp/revisium_csvfile_17626756745399460.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:37:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25888 SEQ=1 Nov 9 13:37:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56462 DPT=36370 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:37:55 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:38:00 server83 dhclient[29230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4daebeae) Nov 9 13:38:00 server83 aibolit_wrapper[31454]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626756803522710.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626756803523886.txt --log=/tmp/malware_cleaner_log_17626756803525084.txt --progress=/tmp/malware_cleaner_progress_17626756803524786.json --csv_result=/tmp/revisium_csvfile_17626756803524924.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:38:00 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.223 DST=145.239.177.179 LEN=125 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=51413 DPT=1900 LEN=105 Nov 9 13:38:01 server83 systemd: Started Session 312691 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312694 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312693 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312692 of user root. Nov 9 13:38:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:38:01 server83 systemd: Started Session 312697 of user accentri. Nov 9 13:38:01 server83 systemd: Started Session 312698 of user accentri. Nov 9 13:38:01 server83 systemd: Started Session 312695 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312696 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312699 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312700 of user root. Nov 9 13:38:01 server83 systemd: Started Session 312701 of user root. Nov 9 13:38:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:38:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61926 SEQ=1 Nov 9 13:38:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.149.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36568 PROTO=TCP SPT=44752 DPT=8265 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34422 SEQ=1 Nov 9 13:38:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20130 SEQ=1 Nov 9 13:38:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54157 DPT=46338 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:38:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53510 SEQ=1 Nov 9 13:38:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:38:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20130 SEQ=1 Nov 9 13:38:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52614 SEQ=1 Nov 9 13:38:08 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:38:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.20.85 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=57886 DPT=8060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:38:09 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 13:38:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29474 DF PROTO=TCP SPT=55500 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60170 DF PROTO=TCP SPT=34828 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:11 server83 dhclient[29230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x4daebeae) Nov 9 13:38:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33643 PROTO=TCP SPT=41811 DPT=2693 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:38:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=32468 PROTO=TCP SPT=51775 DPT=39657 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:38:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.106 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=32465 DF PROTO=ICMP TYPE=8 CODE=0 ID=9574 SEQ=5089 Nov 9 13:38:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49049 SEQ=1 Nov 9 13:38:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57102 SEQ=1 Nov 9 13:38:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32020 SEQ=1 Nov 9 13:38:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41886 SEQ=1 Nov 9 13:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3782 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:38:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27205 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 13:38:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 13:38:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27206 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:22 server83 dhclient[29230]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x4daebeae) Nov 9 13:38:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27207 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38987 SEQ=1 Nov 9 13:38:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26981 SEQ=1 Nov 9 13:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27208 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51857 DPT=4153 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:38:29 server83 NetworkManager[922]: <warn> [1762675709.4453] dhcp4 (eth1): request timed out Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4453] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4613] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29230 Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4613] dhcp4 (eth1): state changed timeout -> done Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4615] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:38:29 server83 NetworkManager[922]: <warn> [1762675709.4619] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4621] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4651] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4654] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4655] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4658] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4667] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4669] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:38:29 server83 NetworkManager[922]: <info> [1762675709.4679] dhcp4 (eth1): dhclient started with pid 2374 Nov 9 13:38:29 server83 dhclient[2374]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x153af017) Nov 9 13:38:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=42602 PROTO=TCP SPT=53111 DPT=33566 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56556 SEQ=1 Nov 9 13:38:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39182 SEQ=1 Nov 9 13:38:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.159.99.101 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55397 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38780 SEQ=1 Nov 9 13:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7657 SEQ=1 Nov 9 13:38:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=166.108.228.81 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=2460 DF PROTO=ICMP TYPE=8 CODE=0 ID=56870 SEQ=17221 Nov 9 13:38:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.99.242.132 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=39353 PROTO=TCP SPT=61015 DPT=8082 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:38:34 server83 dhclient[2374]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x153af017) Nov 9 13:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.114 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51572 DPT=28080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:38:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27209 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:38 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.132 DST=51.210.113.204 LEN=290 TOS=0x00 PREC=0x00 TTL=35 ID=45988 PROTO=UDP SPT=15445 DPT=5060 LEN=270 Nov 9 13:38:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59897 SEQ=1 Nov 9 13:38:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=60171 DF PROTO=TCP SPT=34828 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3773 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:38:45 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:38:45 server83 dhclient[2374]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x153af017) Nov 9 13:38:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.reset: ProactiveModel.Host should not be empty Nov 9 13:38:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:38:48 server83 aibolit_wrapper[4215]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626757286269742.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626757286270866.txt --log=/tmp/malware_cleaner_log_17626757286271944.txt --progress=/tmp/malware_cleaner_progress_17626757286271600.json --csv_result=/tmp/revisium_csvfile_17626757286271786.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:38:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=37099 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:38:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6089 SEQ=1 Nov 9 13:38:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39250 PROTO=TCP SPT=49956 DPT=27219 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4219 PROTO=TCP SPT=63295 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27210 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:38:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3781 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:38:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=4220 PROTO=TCP SPT=63295 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55692 SEQ=1 Nov 9 13:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5116 SEQ=1 Nov 9 13:38:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22645 SEQ=1 Nov 9 13:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5626 SEQ=1 Nov 9 13:38:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22645 SEQ=1 Nov 9 13:38:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49185 PROTO=TCP SPT=42917 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:38:55 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:38:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=49187 PROTO=TCP SPT=42917 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:38:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.82 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47912 DPT=8060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:39:01 server83 systemd: Started Session 312702 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312704 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312705 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312703 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312706 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312707 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312710 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312708 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312711 of user root. Nov 9 13:39:01 server83 systemd: Started Session 312709 of user root. Nov 9 13:39:02 server83 dhclient[2374]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x153af017) Nov 9 13:39:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52354 SEQ=1 Nov 9 13:39:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62304 SEQ=1 Nov 9 13:39:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14143 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:06 server83 aibolit_wrapper[6080]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626757469233720.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626757469235134.txt --log=/tmp/malware_cleaner_log_17626757469236348.txt --progress=/tmp/malware_cleaner_progress_17626757469236038.json --csv_result=/tmp/revisium_csvfile_17626757469236172.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:39:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14144 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39890 SEQ=1 Nov 9 13:39:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27035 SEQ=1 Nov 9 13:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27035 SEQ=1 Nov 9 13:39:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17609 SEQ=1 Nov 9 13:39:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14145 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14146 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:14 server83 NetworkManager[922]: <warn> [1762675754.4505] dhcp4 (eth1): request timed out Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4506] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4665] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2374 Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4665] dhcp4 (eth1): state changed timeout -> done Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:39:14 server83 NetworkManager[922]: <warn> [1762675754.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4672] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4705] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4707] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4708] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4710] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4719] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4721] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:39:14 server83 NetworkManager[922]: <info> [1762675754.4732] dhcp4 (eth1): dhclient started with pid 6746 Nov 9 13:39:14 server83 dhclient[6746]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2bc38a30) Nov 9 13:39:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=207.90.244.19 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=42351 PROTO=TCP SPT=26200 DPT=6081 WINDOW=27701 RES=0x00 SYN URGP=0 Nov 9 13:39:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60478 SEQ=1 Nov 9 13:39:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9882 SEQ=1 Nov 9 13:39:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2485 PROTO=TCP SPT=49956 DPT=27350 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:39:21 server83 dhclient[6746]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x2bc38a30) Nov 9 13:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14147 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65382 SEQ=1 Nov 9 13:39:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9882 SEQ=1 Nov 9 13:39:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.229 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52222 DPT=19092 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:39:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=27211 DF PROTO=TCP SPT=57750 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.206.250 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=7887 DF PROTO=TCP SPT=38308 DPT=3040 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:39:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.41.115 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=36 ID=6040 DF PROTO=TCP SPT=40284 DPT=2405 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:39:34 server83 aibolit_wrapper[8468]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626757741231490.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626757741233832.txt --log=/tmp/malware_cleaner_log_17626757741236138.txt --progress=/tmp/malware_cleaner_progress_17626757741235504.json --csv_result=/tmp/revisium_csvfile_17626757741235784.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:39:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57659 SEQ=1 Nov 9 13:39:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57659 SEQ=1 Nov 9 13:39:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6084 PROTO=TCP SPT=49956 DPT=27449 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:39:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8823 SEQ=1 Nov 9 13:39:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21178 PROTO=TCP SPT=50114 DPT=5861 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:39:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21864 SEQ=1 Nov 9 13:39:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4109 SEQ=1 Nov 9 13:39:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47690 SEQ=1 Nov 9 13:39:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14148 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:38 server83 dhclient[6746]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2bc38a30) Nov 9 13:39:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59723 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:41 server83 aibolit_wrapper[9143]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626757814758148.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626757814760972.txt --progress=/tmp/malware_cleaner_progress_17626757814760634.json --csv_result=/tmp/revisium_csvfile_17626757814760794.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:39:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59724 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59725 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:45 server83 dhclient[6746]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x2bc38a30) Nov 9 13:39:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.class: ProactiveModel.Host should not be empty Nov 9 13:39:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.35 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=3587 PROTO=TCP SPT=22556 DPT=24318 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:39:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59726 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=43130 PROTO=TCP SPT=34936 DPT=7882 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:39:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50654 SEQ=1 Nov 9 13:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65431 SEQ=1 Nov 9 13:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30884 SEQ=1 Nov 9 13:39:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35607 SEQ=1 Nov 9 13:39:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3780 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:39:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51845 DPT=26000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:39:52 server83 aibolit_wrapper[10196]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626757928529852.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626757928531272.txt --log=/tmp/malware_cleaner_log_17626757928532780.txt --progress=/tmp/malware_cleaner_progress_17626757928532472.json --csv_result=/tmp/revisium_csvfile_17626757928532612.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:39:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65323 SEQ=1 Nov 9 13:39:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50654 SEQ=1 Nov 9 13:39:55 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:39:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59727 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:39:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.221.136.6 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=29384 DF PROTO=TCP SPT=30408 DPT=1433 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:39:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=6360 PROTO=TCP SPT=41740 DPT=4851 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:39:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57672 DF PROTO=TCP SPT=54210 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:39:59 server83 NetworkManager[922]: <warn> [1762675799.4503] dhcp4 (eth1): request timed out Nov 9 13:39:59 server83 NetworkManager[922]: <info> [1762675799.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:39:59 server83 NetworkManager[922]: <info> [1762675799.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6746 Nov 9 13:39:59 server83 NetworkManager[922]: <info> [1762675799.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 13:39:59 server83 NetworkManager[922]: <info> [1762675799.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:39:59 server83 NetworkManager[922]: <warn> [1762675799.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:39:59 server83 NetworkManager[922]: <info> [1762675799.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:39:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57673 DF PROTO=TCP SPT=54210 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:40:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.117.57.162 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45084 DPT=9091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:40:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:40:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:40:01 server83 systemd: Started Session 312714 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312713 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312712 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312715 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312716 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312718 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312719 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312720 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312722 of user root. Nov 9 13:40:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:40:01 server83 systemd: Started Session 312717 of user accentri. Nov 9 13:40:01 server83 systemd: Started Session 312721 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312726 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312723 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312725 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312728 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312727 of user accentri. Nov 9 13:40:01 server83 systemd: Started Session 312724 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312730 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312729 of user root. Nov 9 13:40:01 server83 systemd: Started Session 312731 of user root. Nov 9 13:40:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:40:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57674 DF PROTO=TCP SPT=54210 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:40:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.122 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54275 DPT=48012 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40505 SEQ=1 Nov 9 13:40:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57675 DF PROTO=TCP SPT=54210 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:40:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59880 SEQ=1 Nov 9 13:40:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59880 SEQ=1 Nov 9 13:40:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49215 SEQ=1 Nov 9 13:40:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=52834 PROTO=TCP SPT=53095 DPT=888 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:40:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11437 SEQ=1 Nov 9 13:40:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18161 SEQ=1 Nov 9 13:40:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14149 DF PROTO=TCP SPT=58310 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59728 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57676 DF PROTO=TCP SPT=54210 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:40:15 server83 scripts.sh: Sun Nov 9 13:40:15 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:40:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60458 PROTO=TCP SPT=49956 DPT=27754 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:40:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15554 SEQ=1 Nov 9 13:40:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52701 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52702 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5613 SEQ=1 Nov 9 13:40:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5613 SEQ=1 Nov 9 13:40:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7188 SEQ=1 Nov 9 13:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52703 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3779 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:40:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13749 SEQ=1 Nov 9 13:40:24 server83 aibolit_wrapper[13190]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626758244820414.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626758244822196.txt --log=/tmp/malware_cleaner_log_17626758244823832.txt --progress=/tmp/malware_cleaner_progress_17626758244823412.json --csv_result=/tmp/revisium_csvfile_17626758244823610.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:40:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=12627 PROTO=TCP SPT=55917 DPT=7515 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:40:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52704 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:31 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:40:31 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:40:31 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:40:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.82.47.21 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53521 DPT=5080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=42482 PROTO=TCP SPT=51775 DPT=35243 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:40:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37173 SEQ=1 Nov 9 13:40:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.153.51 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50652 DPT=1900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2888 SEQ=1 Nov 9 13:40:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37173 SEQ=1 Nov 9 13:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52705 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9532 SEQ=1 Nov 9 13:40:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=46495 DPT=1900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59148 SEQ=1 Nov 9 13:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19652 SEQ=1 Nov 9 13:40:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19652 SEQ=1 Nov 9 13:40:40 server83 aibolit_wrapper[14748]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626758406718652.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626758406720266.txt --log=/tmp/malware_cleaner_log_17626758406722050.txt --progress=/tmp/malware_cleaner_progress_17626758406721518.json --csv_result=/tmp/revisium_csvfile_17626758406721752.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:40:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.22.126.67 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=18637 PROTO=TCP SPT=61000 DPT=4782 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:40:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59729 DF PROTO=TCP SPT=44514 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:46 server83 imunify360-php-daemon[734]: error while sending daemon stats: circuit breaker is open Nov 9 13:40:46 server83 imunify360-php-daemon[734]: connections: {total = 20932, closed_as_old = 0, dropped = 1},#012messages: {total_received = 47854, blamer_received = 47811, blamer_filtered = 1948, aggregated = 1604, aggregator_dropped = 0},#012message_actions: {blamer_send_success = 344, send = 0, send_failed = 386, stored = 42, store_failed = 0},#012message dbstats: {fevents_db_size = 0, fevents_db_rows = 6235, fevents_total = 15588,#012#011#011#011#011 fevents_filtered = {total = 32266, wrong_id = 134802, wrong_function_name = 8686704, match_file_false = 6029553, match_file_limit_hit = 0, storage_limit_hit = 0},#012#011#011#011#011 fevents_stored_new = 3324, fevents_stored_updated = 564, fevents_send_success = 0, fevents_send_failure = 226 } Nov 9 13:40:46 server83 imunify360-php-daemon[734]: memory: alloc = 15857152 B, totalAlloc = 803429077728 B, sys = 68965640 B, rss = 204230656 B Nov 9 13:40:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.7.128 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=44315 DPT=1311 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22034 PROTO=TCP SPT=33952 DPT=4009 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.176 DST=51.210.113.204 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=31008 PROTO=TCP SPT=50800 DPT=1961 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:40:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29639 SEQ=1 Nov 9 13:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38106 SEQ=1 Nov 9 13:40:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38106 SEQ=1 Nov 9 13:40:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10402 SEQ=1 Nov 9 13:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=5.188.206.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45242 PROTO=TCP SPT=40590 DPT=35000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:40:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52706 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:40:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40639 SEQ=1 Nov 9 13:40:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:40:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47801 DPT=4153 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:40:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3778 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:41:01 server83 systemd: Started Session 312732 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312736 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312737 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312734 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312733 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312739 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312738 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312735 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312740 of user root. Nov 9 13:41:01 server83 systemd: Started Session 312741 of user root. Nov 9 13:41:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50078 SEQ=1 Nov 9 13:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6188 SEQ=1 Nov 9 13:41:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23322 SEQ=1 Nov 9 13:41:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=45079 PROTO=TCP SPT=53095 DPT=23690 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:41:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.235.121.84 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=50108 PROTO=TCP SPT=35417 DPT=8098 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:41:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.95 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56939 DPT=7878 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:41:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8562 DF PROTO=TCP SPT=41420 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:08 server83 aibolit_wrapper[17317]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626758689334558.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626758689336192.txt --log=/tmp/malware_cleaner_log_17626758689338090.txt --progress=/tmp/malware_cleaner_progress_17626758689337670.json --csv_result=/tmp/revisium_csvfile_17626758689337866.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6188 SEQ=1 Nov 9 13:41:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11457 SEQ=1 Nov 9 13:41:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8563 DF PROTO=TCP SPT=41420 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8564 DF PROTO=TCP SPT=41420 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8565 DF PROTO=TCP SPT=41420 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45905 SEQ=1 Nov 9 13:41:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.190 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=52078 PROTO=TCP SPT=53762 DPT=4445 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48369 SEQ=1 Nov 9 13:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55884 SEQ=1 Nov 9 13:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48369 SEQ=1 Nov 9 13:41:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18172 SEQ=1 Nov 9 13:41:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8566 DF PROTO=TCP SPT=41420 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4785 SEQ=1 Nov 9 13:41:25 server83 aibolit_wrapper[18697]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626758851331908.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626758851333410.txt --log=/tmp/malware_cleaner_log_17626758851334664.txt --progress=/tmp/malware_cleaner_progress_17626758851334340.json --csv_result=/tmp/revisium_csvfile_17626758851334500.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52707 DF PROTO=TCP SPT=47678 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25481 PROTO=TCP SPT=44817 DPT=5591 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:41:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.84.124 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50631 DPT=1500 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:41:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:41:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55490 PROTO=TCP SPT=57469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24457 SEQ=1 Nov 9 13:41:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55491 PROTO=TCP SPT=57469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.178 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19894 PROTO=TCP SPT=60000 DPT=39122 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:41:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45364 PROTO=TCP SPT=33906 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55492 PROTO=TCP SPT=57469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45365 PROTO=TCP SPT=33906 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.209 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=55493 PROTO=TCP SPT=57469 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21410 SEQ=1 Nov 9 13:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24457 SEQ=1 Nov 9 13:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21410 SEQ=1 Nov 9 13:41:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60420 SEQ=1 Nov 9 13:41:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45367 PROTO=TCP SPT=33906 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:41:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44006 SEQ=1 Nov 9 13:41:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32833 DF PROTO=TCP SPT=35320 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21694 PROTO=TCP SPT=57030 DPT=8382 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:41:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32835 DF PROTO=TCP SPT=35320 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.oauthexceptions: ProactiveModel.Host should not be empty Nov 9 13:41:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32836 DF PROTO=TCP SPT=35320 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.136 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=109 ID=9637 DF PROTO=ICMP TYPE=8 CODE=0 ID=41019 SEQ=34982 Nov 9 13:41:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2509 SEQ=1 Nov 9 13:41:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25956 SEQ=1 Nov 9 13:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7309 SEQ=1 Nov 9 13:41:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47274 SEQ=1 Nov 9 13:41:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.96 DST=145.239.177.179 LEN=45 TOS=0x00 PREC=0x00 TTL=51 ID=54474 DF PROTO=UDP SPT=24102 DPT=47808 LEN=25 Nov 9 13:41:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.51 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49795 DPT=10300 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:41:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:41:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=29106 PROTO=TCP SPT=50939 DPT=7833 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:41:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32837 DF PROTO=TCP SPT=35320 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:41:58 server83 aibolit_wrapper[20051]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626759184030420.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626759184034000.txt --log=/tmp/malware_cleaner_log_17626759184038244.txt --progress=/tmp/malware_cleaner_progress_17626759184038024.json --csv_result=/tmp/revisium_csvfile_17626759184038124.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:42:00 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.252 DST=145.239.177.179 LEN=51 TOS=0x00 PREC=0x00 TTL=35 ID=46252 PROTO=UDP SPT=18912 DPT=11026 LEN=31 Nov 9 13:42:01 server83 systemd: Started Session 312742 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312745 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312743 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312746 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312748 of user root. Nov 9 13:42:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:42:01 server83 systemd: Started Session 312749 of user accentri. Nov 9 13:42:01 server83 systemd: Started Session 312744 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312747 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312750 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312751 of user root. Nov 9 13:42:01 server83 systemd: Started Session 312752 of user accentri. Nov 9 13:42:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:42:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43003 SEQ=1 Nov 9 13:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54231 SEQ=1 Nov 9 13:42:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45827 SEQ=1 Nov 9 13:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45827 SEQ=1 Nov 9 13:42:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12306 SEQ=1 Nov 9 13:42:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59583 SEQ=1 Nov 9 13:42:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8568 DF PROTO=TCP SPT=41420 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32838 DF PROTO=TCP SPT=35320 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17538 PROTO=TCP SPT=45727 DPT=31305 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:42:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34469 SEQ=1 Nov 9 13:42:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58511 SEQ=1 Nov 9 13:42:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:42:20 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:42:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45385 SEQ=1 Nov 9 13:42:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27487 SEQ=1 Nov 9 13:42:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.83.27.184 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=62581 PROTO=TCP SPT=34880 DPT=1527 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:42:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58511 SEQ=1 Nov 9 13:42:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15606 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15607 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:23 server83 systemd: Started Session c2887 of user root. Nov 9 13:42:24 server83 scripts.sh: Load Average: 4.11 , 4.38 Nov 9 13:42:24 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 13:42:24 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 13:42:24 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 13:42:24 server83 scripts.sh: HTTPD Status: inactive Nov 9 13:42:24 server83 scripts.sh: MySQL Status: active Nov 9 13:42:24 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 13:42:24 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 13:42:24 server83 scripts.sh: SSHD Status: active Nov 9 13:42:24 server83 scripts.sh: FTP Status: active Nov 9 13:42:24 server83 scripts.sh: LiteSpeed Status: Active Nov 9 13:42:24 server83 scripts.sh: Imunify Status: Active Nov 9 13:42:24 server83 scripts.sh: cPanel Status: active Nov 9 13:42:24 server83 scripts.sh: Memory Status: 12/31 GB - 40.66% Nov 9 13:42:24 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 13:42:24 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 13:42:24 server83 scripts.sh: Local Version: 4.4.5 Nov 9 13:42:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15608 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15609 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.43 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=52023 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:42:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.139 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60693 DPT=999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:42:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=195.24.237.176 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38548 PROTO=TCP SPT=52073 DPT=47506 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:42:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.141 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=48461 PROTO=TCP SPT=45345 DPT=11539 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:42:37 server83 aibolit_wrapper[21115]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626759577326162.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626759577327888.txt --log=/tmp/malware_cleaner_log_17626759577329822.txt --progress=/tmp/malware_cleaner_progress_17626759577329154.json --csv_result=/tmp/revisium_csvfile_17626759577329450.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:42:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15610 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19162 SEQ=1 Nov 9 13:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12027 SEQ=1 Nov 9 13:42:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4320 SEQ=1 Nov 9 13:42:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3772 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:42:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 13:42:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:42:46 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=74.125.133.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13032 DF PROTO=TCP SPT=47778 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=3135 GID=3136 Nov 9 13:42:47 server83 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=51.210.113.204 DST=74.125.133.109 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13033 DF PROTO=TCP SPT=47778 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 UID=3135 GID=3136 Nov 9 13:42:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32839 DF PROTO=TCP SPT=35320 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59594 SEQ=1 Nov 9 13:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60376 SEQ=1 Nov 9 13:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10160 SEQ=1 Nov 9 13:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27948 SEQ=1 Nov 9 13:42:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59594 SEQ=1 Nov 9 13:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15611 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:42:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=128.203.201.155 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=26716 PROTO=TCP SPT=39523 DPT=4118 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:42:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:43:01 server83 systemd: Started Session 312754 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312755 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312756 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312757 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312753 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312759 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312758 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312761 of user root. Nov 9 13:43:01 server83 systemd: Started Session 312760 of user root. Nov 9 13:43:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42763 PROTO=TCP SPT=45727 DPT=30947 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:43:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12175 SEQ=1 Nov 9 13:43:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2154 SEQ=1 Nov 9 13:43:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=55008 DF PROTO=ICMP TYPE=8 CODE=0 ID=3799 SEQ=52888 Nov 9 13:43:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21238 SEQ=1 Nov 9 13:43:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50244 SEQ=1 Nov 9 13:43:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26864 DF PROTO=TCP SPT=50992 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26865 DF PROTO=TCP SPT=50992 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26866 DF PROTO=TCP SPT=50992 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.69 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57279 DPT=5001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3910 SEQ=1 Nov 9 13:43:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=159.138.158.132 DST=51.210.113.204 LEN=54 TOS=0x08 PREC=0x40 TTL=35 ID=57755 DF PROTO=ICMP TYPE=8 CODE=0 ID=54275 SEQ=37820 Nov 9 13:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=51930 PROTO=TCP SPT=50883 DPT=7733 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:43:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26867 DF PROTO=TCP SPT=50992 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17053 SEQ=1 Nov 9 13:43:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17053 SEQ=1 Nov 9 13:43:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30190 SEQ=1 Nov 9 13:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=104.131.184.125 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=1066 PROTO=TCP SPT=61011 DPT=1000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:43:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.194 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51864 DPT=4080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.142 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50367 DPT=9809 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3771 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:43:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56899 SEQ=1 Nov 9 13:43:22 server83 aibolit_wrapper[21955]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626760024097934.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626760024099618.txt --log=/tmp/malware_cleaner_log_17626760024101356.txt --progress=/tmp/malware_cleaner_progress_17626760024101040.json --csv_result=/tmp/revisium_csvfile_17626760024101178.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43316 SEQ=1 Nov 9 13:43:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43316 SEQ=1 Nov 9 13:43:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.40 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54348 DPT=14433 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=2715 DF PROTO=ICMP TYPE=8 CODE=0 ID=56592 SEQ=12965 Nov 9 13:43:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=15612 DF PROTO=TCP SPT=53932 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1018 SEQ=1 Nov 9 13:43:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8719 SEQ=1 Nov 9 13:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28406 SEQ=1 Nov 9 13:43:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40429 SEQ=1 Nov 9 13:43:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13494 PROTO=TCP SPT=34944 DPT=8581 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42450 SEQ=1 Nov 9 13:43:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43132 SEQ=1 Nov 9 13:43:38 server83 aibolit_wrapper[22271]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626760185969500.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626760185970516.txt --log=/tmp/malware_cleaner_log_17626760185971308.txt --progress=/tmp/malware_cleaner_progress_17626760185971088.json --csv_result=/tmp/revisium_csvfile_17626760185971182.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:43:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26869 DF PROTO=TCP SPT=50992 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.210.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50257 DPT=999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33696 DF PROTO=TCP SPT=40704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57677 DF PROTO=TCP SPT=57974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43457 DPT=4949 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33697 DF PROTO=TCP SPT=40704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.reset: ProactiveModel.Host should not be empty Nov 9 13:43:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:43:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33698 DF PROTO=TCP SPT=40704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:43:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60093 SEQ=1 Nov 9 13:43:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49231 SEQ=1 Nov 9 13:43:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46990 SEQ=1 Nov 9 13:43:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55908 SEQ=1 Nov 9 13:43:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1919 SEQ=1 Nov 9 13:43:52 server83 pam_imunify_daemon.bin: time="2025-11-09T13:43:52+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=199.45.154.181 DST=145.239.177.179 LEN=60 TOS=0x08 PREC=0x40 TTL=45 ID=34229 PROTO=TCP SPT=38445 DPT=554 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:43:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57680 DF PROTO=TCP SPT=57974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:43:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27696 PROTO=TCP SPT=49956 DPT=26702 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:43:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:43:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23262 PROTO=TCP SPT=56207 DPT=5601 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:43:59 server83 aibolit_wrapper[22589]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626760398241802.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626760398243840.txt --log=/tmp/malware_cleaner_log_17626760398246772.txt --progress=/tmp/malware_cleaner_progress_17626760398246124.json --csv_result=/tmp/revisium_csvfile_17626760398246410.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:44:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57681 DF PROTO=TCP SPT=57974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33700 DF PROTO=TCP SPT=40704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:01 server83 systemd: Started Session 312762 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312763 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312765 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312764 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312767 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312766 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312768 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312770 of user root. Nov 9 13:44:01 server83 systemd: Started Session 312769 of user root. Nov 9 13:44:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:44:01 server83 systemd: Started Session 312771 of user accentri. Nov 9 13:44:01 server83 systemd: Started Session 312772 of user accentri. Nov 9 13:44:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:44:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.181 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=59036 PROTO=TCP SPT=51165 DPT=7942 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.210 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54983 PROTO=TCP SPT=56337 DPT=5500 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57682 DF PROTO=TCP SPT=58534 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3296 SEQ=1 Nov 9 13:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57956 SEQ=1 Nov 9 13:44:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26152 SEQ=1 Nov 9 13:44:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57683 DF PROTO=TCP SPT=58534 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23145 SEQ=1 Nov 9 13:44:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1506 SEQ=1 Nov 9 13:44:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57684 DF PROTO=TCP SPT=58534 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.132.153.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=61754 PROTO=TCP SPT=3781 DPT=103 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:44:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57685 DF PROTO=TCP SPT=58534 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3770 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=23.92.27.179 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49668 DPT=4949 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:44:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26870 DF PROTO=TCP SPT=50992 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33701 DF PROTO=TCP SPT=40704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:17 server83 aibolit_wrapper[23041]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626760573456912.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626760573458570.txt --log=/tmp/malware_cleaner_log_17626760573460076.txt --progress=/tmp/malware_cleaner_progress_17626760573459670.json --csv_result=/tmp/revisium_csvfile_17626760573459844.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:44:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17075 SEQ=1 Nov 9 13:44:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52560 SEQ=1 Nov 9 13:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17075 SEQ=1 Nov 9 13:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31643 SEQ=1 Nov 9 13:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.92.201.41 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=41 ID=51793 DF PROTO=ICMP TYPE=8 CODE=0 ID=51242 SEQ=45672 Nov 9 13:44:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23615 SEQ=1 Nov 9 13:44:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.74 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=33257 DPT=999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:44:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:44:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57686 DF PROTO=TCP SPT=58534 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46694 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:44:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35096 SEQ=1 Nov 9 13:44:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29968 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29969 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29970 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=19057 PROTO=TCP SPT=51775 DPT=35064 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19193 SEQ=1 Nov 9 13:44:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52407 SEQ=1 Nov 9 13:44:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29971 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52516 SEQ=1 Nov 9 13:44:35 server83 aibolit_wrapper[23390]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626760755893770.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626760755894888.txt --log=/tmp/malware_cleaner_log_17626760755895780.txt --progress=/tmp/malware_cleaner_progress_17626760755895516.json --csv_result=/tmp/revisium_csvfile_17626760755895618.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.106.205.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=41363 DPT=8047 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:44:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16057 PROTO=TCP SPT=49956 DPT=29966 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3777 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30663 SEQ=1 Nov 9 13:44:40 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61799 SEQ=1 Nov 9 13:44:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29972 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=34800 PROTO=TCP SPT=46387 DPT=4082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:44:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46642 SEQ=1 Nov 9 13:44:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3769 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61990 SEQ=1 Nov 9 13:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39656 SEQ=1 Nov 9 13:44:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36508 SEQ=1 Nov 9 13:44:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=33702 DF PROTO=TCP SPT=40704 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57687 DF PROTO=TCP SPT=59813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36508 SEQ=1 Nov 9 13:44:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57688 DF PROTO=TCP SPT=59813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39656 SEQ=1 Nov 9 13:44:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.175 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=109 ID=55693 DF PROTO=ICMP TYPE=8 CODE=0 ID=60440 SEQ=58556 Nov 9 13:44:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57689 DF PROTO=TCP SPT=59813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:44:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:44:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.39 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=59694 PROTO=TCP SPT=56407 DPT=34425 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:44:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29973 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4956] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4959] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4960] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4963] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4972] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4975] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:44:59 server83 NetworkManager[922]: <info> [1762676099.4985] dhcp4 (eth1): dhclient started with pid 23840 Nov 9 13:44:59 server83 dhclient[23840]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x247116e1) Nov 9 13:45:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57690 DF PROTO=TCP SPT=59813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:01 server83 systemd: Started Session 312775 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312774 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312773 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312780 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312779 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312776 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312778 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312777 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312782 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312781 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312783 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312784 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312785 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312786 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312787 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312788 of user root. Nov 9 13:45:01 server83 systemd: Started Session 312789 of user root. Nov 9 13:45:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47684 SEQ=1 Nov 9 13:45:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36132 SEQ=1 Nov 9 13:45:04 server83 dhclient[23840]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x247116e1) Nov 9 13:45:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57691 DF PROTO=TCP SPT=59813 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26428 SEQ=1 Nov 9 13:45:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26528 SEQ=1 Nov 9 13:45:09 server83 aibolit_wrapper[24522]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626761097377556.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626761097378692.txt --log=/tmp/malware_cleaner_log_17626761097379724.txt --progress=/tmp/malware_cleaner_progress_17626761097379418.json --csv_result=/tmp/revisium_csvfile_17626761097379532.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:45:10 server83 dhclient[23840]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x247116e1) Nov 9 13:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=24929 PROTO=TCP SPT=45898 DPT=5128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:45:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33011 PROTO=TCP SPT=34156 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:45:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33012 PROTO=TCP SPT=34156 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=56414 PROTO=TCP SPT=42184 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:45:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=33013 PROTO=TCP SPT=34156 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:45:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35581 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35582 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35583 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20967 SEQ=1 Nov 9 13:45:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30845 SEQ=1 Nov 9 13:45:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40313 SEQ=1 Nov 9 13:45:21 server83 dhclient[23840]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x247116e1) Nov 9 13:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.111 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=18431 PROTO=TCP SPT=33708 DPT=1688 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:45:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1445 SEQ=1 Nov 9 13:45:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35584 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48116 SEQ=1 Nov 9 13:45:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32056 SEQ=1 Nov 9 13:45:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34082 SEQ=1 Nov 9 13:45:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3768 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:45:29 server83 aibolit_wrapper[25369]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626761290031310.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626761290032530.txt --log=/tmp/malware_cleaner_log_17626761290034158.txt --progress=/tmp/malware_cleaner_progress_17626761290033722.json --csv_result=/tmp/revisium_csvfile_17626761290033910.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:45:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:45:29 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:45:29 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:45:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=29974 DF PROTO=TCP SPT=45366 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:45:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35585 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:31 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 13:45:31 server83 systemd: Stopped Status Update Service. Nov 9 13:45:31 server83 systemd: Started Status Update Service. Nov 9 13:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25690 SEQ=1 Nov 9 13:45:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36923 SEQ=1 Nov 9 13:45:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16486 SEQ=1 Nov 9 13:45:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54426 SEQ=1 Nov 9 13:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3776 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:45:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.78 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49938 DPT=20121 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:45:36 server83 dhclient[23840]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x247116e1) Nov 9 13:45:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36923 SEQ=1 Nov 9 13:45:43 server83 dhclient[23840]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x247116e1) Nov 9 13:45:44 server83 NetworkManager[922]: <warn> [1762676144.4385] dhcp4 (eth1): request timed out Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4385] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4545] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23840 Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4545] dhcp4 (eth1): state changed timeout -> done Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4547] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:45:44 server83 NetworkManager[922]: <warn> [1762676144.4550] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4551] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4580] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4582] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4583] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4585] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4594] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4596] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:45:44 server83 NetworkManager[922]: <info> [1762676144.4606] dhcp4 (eth1): dhclient started with pid 26101 Nov 9 13:45:44 server83 dhclient[26101]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x2f4a219a) Nov 9 13:45:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.mb_convert: ProactiveModel.Host should not be empty Nov 9 13:45:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35586 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:49 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:49 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:45:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3863 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23322 SEQ=1 Nov 9 13:45:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3864 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61261 SEQ=1 Nov 9 13:45:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=101.44.25.109 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x20 TTL=37 ID=24896 DF PROTO=ICMP TYPE=8 CODE=0 ID=53003 SEQ=7727 Nov 9 13:45:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8851 SEQ=1 Nov 9 13:45:51 server83 dhclient[26101]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x2f4a219a) Nov 9 13:45:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3865 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6948 SEQ=1 Nov 9 13:45:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56143 SEQ=1 Nov 9 13:45:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8851 SEQ=1 Nov 9 13:45:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:45:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3866 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:01 server83 systemd: Started Session 312791 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312795 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312793 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312792 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312796 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312794 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312799 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312798 of user root. Nov 9 13:46:01 server83 systemd: Started Session 312790 of user root. Nov 9 13:46:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:46:01 server83 systemd: Started Session 312800 of user accentri. Nov 9 13:46:01 server83 systemd: Started Session 312797 of user accentri. Nov 9 13:46:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:46:01 server83 aibolit_wrapper[26772]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626761614105522.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626761614107058.txt --log=/tmp/malware_cleaner_log_17626761614109228.txt --progress=/tmp/malware_cleaner_progress_17626761614108724.json --csv_result=/tmp/revisium_csvfile_17626761614108968.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:46:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26280 SEQ=1 Nov 9 13:46:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45109 SEQ=1 Nov 9 13:46:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56184 DPT=10005 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3867 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.87 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=60945 PROTO=TCP SPT=58914 DPT=385 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:46:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49617 DPT=88 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2712 PROTO=TCP SPT=49956 DPT=26237 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:46:09 server83 dhclient[26101]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x2f4a219a) Nov 9 13:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64478 SEQ=1 Nov 9 13:46:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35338 SEQ=1 Nov 9 13:46:13 server83 aibolit_wrapper[27229]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626761739644342.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626761739645764.txt --log=/tmp/malware_cleaner_log_17626761739646998.txt --progress=/tmp/malware_cleaner_progress_17626761739646682.json --csv_result=/tmp/revisium_csvfile_17626761739646814.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:46:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:46:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.237 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63069 PROTO=TCP SPT=50633 DPT=6630 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:46:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32897 SEQ=1 Nov 9 13:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43394 SEQ=1 Nov 9 13:46:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58339 SEQ=1 Nov 9 13:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3868 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=35587 DF PROTO=TCP SPT=41180 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.138 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53177 DPT=28887 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22903 PROTO=TCP SPT=40269 DPT=4377 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50376 SEQ=1 Nov 9 13:46:25 server83 dhclient[26101]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x2f4a219a) Nov 9 13:46:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.65 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=8709 PROTO=TCP SPT=49068 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:46:29 server83 NetworkManager[922]: <warn> [1762676189.4380] dhcp4 (eth1): request timed out Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4381] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4540] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26101 Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4541] dhcp4 (eth1): state changed timeout -> done Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4543] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:46:29 server83 NetworkManager[922]: <warn> [1762676189.4548] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4550] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4583] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4587] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4589] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4593] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4604] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4607] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:46:29 server83 NetworkManager[922]: <info> [1762676189.4619] dhcp4 (eth1): dhclient started with pid 27845 Nov 9 13:46:29 server83 dhclient[27845]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x4b94c7e5) Nov 9 13:46:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48167 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48168 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.82.47.32 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=45917 DPT=6081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48169 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=45688 PROTO=TCP SPT=53095 DPT=26242 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51199 SEQ=1 Nov 9 13:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60620 SEQ=1 Nov 9 13:46:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3775 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:46:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6058 SEQ=1 Nov 9 13:46:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48170 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48218 SEQ=1 Nov 9 13:46:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=63574 DF PROTO=ICMP TYPE=8 CODE=0 ID=58419 SEQ=64997 Nov 9 13:46:37 server83 dhclient[27845]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x4b94c7e5) Nov 9 13:46:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27448 SEQ=1 Nov 9 13:46:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.206.87 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=4939 DF PROTO=TCP SPT=42871 DPT=477 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:46:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.115 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=52165 PROTO=TCP SPT=38922 DPT=1443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=49480 PROTO=TCP SPT=55921 DPT=1443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:44 server83 dhclient[27845]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x4b94c7e5) Nov 9 13:46:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48171 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.rjust: ProactiveModel.Host should not be empty Nov 9 13:46:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:46:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.155.84.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39729 DPT=1443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47874 PROTO=TCP SPT=46692 DPT=5023 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:46:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50442 SEQ=1 Nov 9 13:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14089 SEQ=1 Nov 9 13:46:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12963 SEQ=1 Nov 9 13:46:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27164 SEQ=1 Nov 9 13:46:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27164 SEQ=1 Nov 9 13:46:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3869 DF PROTO=TCP SPT=45908 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:46:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:46:59 server83 dhclient[27845]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x4b94c7e5) Nov 9 13:47:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:47:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:47:01 server83 systemd: Started Session 312802 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312803 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312801 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312806 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312804 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312805 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312807 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312808 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312809 of user root. Nov 9 13:47:01 server83 systemd: Started Session 312810 of user root. Nov 9 13:47:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48172 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:47:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39608 SEQ=1 Nov 9 13:47:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57692 DF PROTO=TCP SPT=63211 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:47:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57693 DF PROTO=TCP SPT=63211 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:47:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.145.21 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=44629 PROTO=TCP SPT=40464 DPT=8880 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:47:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57694 DF PROTO=TCP SPT=63211 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:47:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53412 SEQ=1 Nov 9 13:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20176 SEQ=1 Nov 9 13:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37352 SEQ=1 Nov 9 13:47:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17134 SEQ=1 Nov 9 13:47:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17179 SEQ=1 Nov 9 13:47:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.153.51 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50134 DPT=1443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:47:09 server83 aibolit_wrapper[29201]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626762292282834.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626762292284656.txt --log=/tmp/malware_cleaner_log_17626762292287446.txt --progress=/tmp/malware_cleaner_progress_17626762292286124.json --csv_result=/tmp/revisium_csvfile_17626762292286362.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:47:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57695 DF PROTO=TCP SPT=63211 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:47:14 server83 NetworkManager[922]: <warn> [1762676234.4438] dhcp4 (eth1): request timed out Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4438] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4598] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 27845 Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4598] dhcp4 (eth1): state changed timeout -> done Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4600] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:47:14 server83 NetworkManager[922]: <warn> [1762676234.4606] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4609] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4643] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4647] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4648] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4652] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4663] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4666] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:47:14 server83 NetworkManager[922]: <info> [1762676234.4678] dhcp4 (eth1): dhclient started with pid 29361 Nov 9 13:47:14 server83 dhclient[29361]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0xc35a046) Nov 9 13:47:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55239 SEQ=1 Nov 9 13:47:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15957 SEQ=1 Nov 9 13:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55239 SEQ=1 Nov 9 13:47:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=65112 DF PROTO=ICMP TYPE=8 CODE=0 ID=36854 SEQ=5878 Nov 9 13:47:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57696 DF PROTO=TCP SPT=63211 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:47:18 server83 dhclient[29361]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0xc35a046) Nov 9 13:47:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27059 SEQ=1 Nov 9 13:47:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54587 SEQ=1 Nov 9 13:47:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3774 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:47:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12913 SEQ=1 Nov 9 13:47:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.107 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55966 DPT=12083 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:47:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53835 PROTO=TCP SPT=49956 DPT=29606 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:47:25 server83 dhclient[29361]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0xc35a046) Nov 9 13:47:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51302 DPT=8288 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:47:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:47:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21685 SEQ=1 Nov 9 13:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57228 SEQ=1 Nov 9 13:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52578 SEQ=1 Nov 9 13:47:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17716 SEQ=1 Nov 9 13:47:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=48173 DF PROTO=TCP SPT=33006 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 13:47:39 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:47:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.15.85.154 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51906 DPT=31337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:47:40 server83 dhclient[29361]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0xc35a046) Nov 9 13:47:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25403 PROTO=TCP SPT=49956 DPT=27132 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:47:41 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:47:44 server83 aibolit_wrapper[30133]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626762644229512.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626762644231228.txt --log=/tmp/malware_cleaner_log_17626762644234596.txt --progress=/tmp/malware_cleaner_progress_17626762644234170.json --csv_result=/tmp/revisium_csvfile_17626762644234402.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:47:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.193 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=50520 PROTO=TCP SPT=53904 DPT=34438 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:47:46 server83 imunify360-php-daemon[734]: /home2/shreeganeshstone/public_html/wp-content/plugins/b-social-share/assets/css/.dbx_convert: ProactiveModel.Host should not be empty Nov 9 13:47:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:47:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=39667 PROTO=TCP SPT=55917 DPT=7518 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:47:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=8489 PROTO=TCP SPT=64997 DPT=31322 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:47:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14499 SEQ=1 Nov 9 13:47:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53441 SEQ=1 Nov 9 13:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19924 SEQ=1 Nov 9 13:47:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8499 SEQ=1 Nov 9 13:47:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14499 SEQ=1 Nov 9 13:47:55 server83 dhclient[29361]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0xc35a046) Nov 9 13:47:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35699 PROTO=TCP SPT=45727 DPT=33187 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:47:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:47:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.1.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45856 DPT=5938 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:47:59 server83 NetworkManager[922]: <warn> [1762676279.4504] dhcp4 (eth1): request timed out Nov 9 13:47:59 server83 NetworkManager[922]: <info> [1762676279.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:47:59 server83 NetworkManager[922]: <info> [1762676279.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 29361 Nov 9 13:47:59 server83 NetworkManager[922]: <info> [1762676279.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 13:47:59 server83 NetworkManager[922]: <info> [1762676279.4665] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:47:59 server83 NetworkManager[922]: <warn> [1762676279.4668] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:47:59 server83 NetworkManager[922]: <info> [1762676279.4669] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:48:01 server83 systemd: Started Session 312812 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312811 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312813 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312814 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312815 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312816 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312817 of user root. Nov 9 13:48:01 server83 systemd: Started Session 312818 of user root. Nov 9 13:48:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:48:01 server83 systemd: Started Session 312820 of user accentri. Nov 9 13:48:01 server83 systemd: Started Session 312821 of user accentri. Nov 9 13:48:01 server83 systemd: Started Session 312819 of user root. Nov 9 13:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:48:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:48:02 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:48:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=48055 PROTO=TCP SPT=50939 DPT=7848 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:48:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=63400 PROTO=TCP SPT=64281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:03 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:48:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=63401 PROTO=TCP SPT=64281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.98 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53180 DPT=46543 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:48:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6959 PROTO=TCP SPT=39833 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=63402 PROTO=TCP SPT=64281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:05 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.252 DST=51.210.113.204 LEN=45 TOS=0x00 PREC=0x00 TTL=34 ID=53260 PROTO=UDP SPT=5362 DPT=6603 LEN=25 Nov 9 13:48:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53935 SEQ=1 Nov 9 13:48:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3871 SEQ=1 Nov 9 13:48:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6960 PROTO=TCP SPT=39833 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=63403 PROTO=TCP SPT=64281 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12561 SEQ=1 Nov 9 13:48:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6961 PROTO=TCP SPT=39833 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60428 SEQ=1 Nov 9 13:48:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=6963 PROTO=TCP SPT=39833 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1190 SEQ=1 Nov 9 13:48:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44309 SEQ=1 Nov 9 13:48:17 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=177.23.200.14 DST=145.239.177.179 LEN=126 TOS=0x00 PREC=0x00 TTL=49 ID=21381 DF PROTO=UDP SPT=3135 DPT=8080 LEN=106 Nov 9 13:48:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48589 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:48:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=82.65.99.189 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15684 PROTO=TCP SPT=42979 DPT=82 WINDOW=1300 RES=0x00 SYN URGP=0 Nov 9 13:48:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 13:48:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 13:48:20 server83 aibolit_wrapper[31248]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626763007262964.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626763007264746.txt --log=/tmp/malware_cleaner_log_17626763007266524.txt --progress=/tmp/malware_cleaner_progress_17626763007266056.json --csv_result=/tmp/revisium_csvfile_17626763007266298.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32990 SEQ=1 Nov 9 13:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39858 SEQ=1 Nov 9 13:48:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23174 SEQ=1 Nov 9 13:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16888 SEQ=1 Nov 9 13:48:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13530 SEQ=1 Nov 9 13:48:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.207 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54958 DPT=22380 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:48:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3245 SEQ=1 Nov 9 13:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15669 SEQ=1 Nov 9 13:48:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44895 SEQ=1 Nov 9 13:48:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3245 SEQ=1 Nov 9 13:48:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29994 SEQ=1 Nov 9 13:48:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.156 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56660 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:48:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39235 SEQ=1 Nov 9 13:48:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:48:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.222.160.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=50815 DF PROTO=TCP SPT=51839 DPT=9006 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 13:48:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=129.82.138.31 DST=51.210.113.204 LEN=32 TOS=0x00 PREC=0x00 TTL=43 ID=62800 DF PROTO=ICMP TYPE=8 CODE=0 ID=27 SEQ=3393 Nov 9 13:48:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33111 SEQ=1 Nov 9 13:48:49 server83 aibolit_wrapper[32118]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626763299357688.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626763299359172.txt --log=/tmp/malware_cleaner_log_17626763299360638.txt --progress=/tmp/malware_cleaner_progress_17626763299360202.json --csv_result=/tmp/revisium_csvfile_17626763299360392.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:48:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.187 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=57005 DPT=33244 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14642 SEQ=1 Nov 9 13:48:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5684 SEQ=1 Nov 9 13:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61654 SEQ=1 Nov 9 13:48:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50880 SEQ=1 Nov 9 13:48:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:48:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.247 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=34 ID=26791 PROTO=UDP SPT=16472 DPT=27986 LEN=28 Nov 9 13:48:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.114 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=58379 PROTO=TCP SPT=34605 DPT=6015 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:48:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3767 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:49:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:49:01 server83 systemd: Started Session 312824 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312825 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312823 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312826 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312822 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312829 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312830 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312827 of user root. Nov 9 13:49:01 server83 systemd: Started Session 312828 of user root. Nov 9 13:49:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56975 SEQ=1 Nov 9 13:49:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.248.40.89 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=40177 PROTO=TCP SPT=42394 DPT=5094 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:49:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39236 SEQ=1 Nov 9 13:49:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.132.41 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54140 DPT=5938 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:49:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56975 SEQ=1 Nov 9 13:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62606 SEQ=1 Nov 9 13:49:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51753 SEQ=1 Nov 9 13:49:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=10377 PROTO=TCP SPT=56344 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:49:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=30454 PROTO=TCP SPT=56344 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:49:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=31363 PROTO=TCP SPT=56344 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:49:16 server83 aibolit_wrapper[436]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626763561492786.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626763561506324.txt --log=/tmp/malware_cleaner_log_17626763561507984.txt --progress=/tmp/malware_cleaner_progress_17626763561507658.json --csv_result=/tmp/revisium_csvfile_17626763561507810.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:49:17 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:49:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47199 PROTO=TCP SPT=48165 DPT=8156 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:49:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53094 SEQ=1 Nov 9 13:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53094 SEQ=1 Nov 9 13:49:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65192 SEQ=1 Nov 9 13:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34058 SEQ=1 Nov 9 13:49:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18018 SEQ=1 Nov 9 13:49:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7618 SEQ=1 Nov 9 13:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42164 SEQ=1 Nov 9 13:49:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53840 SEQ=1 Nov 9 13:49:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.210.89 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57794 DPT=175 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:49:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28511 SEQ=1 Nov 9 13:49:37 server83 aibolit_wrapper[1010]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626763773797250.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626763773798770.txt --log=/tmp/malware_cleaner_log_17626763773800444.txt --progress=/tmp/malware_cleaner_progress_17626763773799974.json --csv_result=/tmp/revisium_csvfile_17626763773800210.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:49:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42165 PROTO=TCP SPT=53819 DPT=6795 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53175 SEQ=1 Nov 9 13:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32561 SEQ=1 Nov 9 13:49:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26484 SEQ=1 Nov 9 13:49:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.229 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=55433 DPT=7047 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:49:46 server83 scripts.sh: Sun Nov 9 13:49:46 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:49:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 13:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62196 SEQ=1 Nov 9 13:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5587 SEQ=1 Nov 9 13:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34609 SEQ=1 Nov 9 13:49:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47399 SEQ=1 Nov 9 13:49:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58111 SEQ=1 Nov 9 13:49:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3773 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:49:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:49:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3766 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:49:58 server83 aibolit_wrapper[1513]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626763988023836.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626763988025442.txt --log=/tmp/malware_cleaner_log_17626763988026870.txt --progress=/tmp/malware_cleaner_progress_17626763988026478.json --csv_result=/tmp/revisium_csvfile_17626763988026658.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:50:01 server83 systemd: Started Session 312831 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312832 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312833 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312834 of user root. Nov 9 13:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:50:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:50:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:50:01 server83 systemd: Started Session 312836 of user accentri. Nov 9 13:50:01 server83 systemd: Started Session 312837 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312838 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312839 of user accentri. Nov 9 13:50:01 server83 systemd: Started Session 312840 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312835 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312842 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312844 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312843 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312848 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312846 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312847 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312841 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312850 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312851 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312849 of user root. Nov 9 13:50:01 server83 systemd: Started Session 312845 of user root. Nov 9 13:50:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:50:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23421 PROTO=TCP SPT=49956 DPT=26952 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:50:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30755 SEQ=1 Nov 9 13:50:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=35874 PROTO=TCP SPT=39974 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=35875 PROTO=TCP SPT=39974 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=58566 PROTO=TCP SPT=47559 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=35876 PROTO=TCP SPT=39974 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=58567 PROTO=TCP SPT=47559 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=94 ID=35877 PROTO=TCP SPT=39974 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7598 SEQ=1 Nov 9 13:50:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24672 SEQ=1 Nov 9 13:50:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=58568 PROTO=TCP SPT=47559 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=58569 PROTO=TCP SPT=47559 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:50:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.142.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=44 ID=7471 DF PROTO=TCP SPT=42102 DPT=3468 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:50:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26986 SEQ=1 Nov 9 13:50:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63649 SEQ=1 Nov 9 13:50:18 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 13:50:19 server83 aibolit_wrapper[2103]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626764192061080.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626764192062376.txt --log=/tmp/malware_cleaner_log_17626764192063334.txt --progress=/tmp/malware_cleaner_progress_17626764192063084.json --csv_result=/tmp/revisium_csvfile_17626764192063212.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:50:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8304 SEQ=1 Nov 9 13:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33296 SEQ=1 Nov 9 13:50:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17100 SEQ=1 Nov 9 13:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64653 SEQ=1 Nov 9 13:50:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16308 SEQ=1 Nov 9 13:50:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.130 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29506 PROTO=TCP SPT=55934 DPT=3396 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:50:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.180 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57302 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:32 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:50:32 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:50:32 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:50:33 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:50:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54154 SEQ=1 Nov 9 13:50:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40984 SEQ=1 Nov 9 13:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50473 SEQ=1 Nov 9 13:50:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24380 SEQ=1 Nov 9 13:50:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.148.190.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=64224 PROTO=TCP SPT=55560 DPT=31589 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54154 SEQ=1 Nov 9 13:50:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33414 SEQ=1 Nov 9 13:50:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.80 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53102 DPT=10010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.64 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=41295 PROTO=TCP SPT=56972 DPT=8408 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:50:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.159.99.47 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36869 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=9869 PROTO=TCP SPT=39621 DPT=4604 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42633 PROTO=TCP SPT=49956 DPT=27770 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:50:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.112 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54252 DPT=9388 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=52492 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:50 server83 aibolit_wrapper[2780]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626764503322900.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626764503324688.txt --log=/tmp/malware_cleaner_log_17626764503326538.txt --progress=/tmp/malware_cleaner_progress_17626764503326036.json --csv_result=/tmp/revisium_csvfile_17626764503326280.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:50:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13586 PROTO=TCP SPT=53120 DPT=2713 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:50:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=52599 PROTO=TCP SPT=48640 DPT=5853 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23242 SEQ=1 Nov 9 13:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1034 SEQ=1 Nov 9 13:50:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19384 SEQ=1 Nov 9 13:50:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52735 SEQ=1 Nov 9 13:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30111 SEQ=1 Nov 9 13:50:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57583 SEQ=1 Nov 9 13:50:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:51:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.2 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=57029 DF PROTO=TCP SPT=18360 DPT=86 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:51:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:51:01 server83 systemd: Started Session 312854 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312852 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312855 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312856 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312853 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312857 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312858 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312859 of user root. Nov 9 13:51:01 server83 systemd: Started Session 312860 of user root. Nov 9 13:51:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.136.67.107 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51242 DPT=444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:51:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.110 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=5186 PROTO=TCP SPT=57518 DPT=2156 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:51:03 server83 aibolit_wrapper[3032]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626764635414924.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626764635416200.txt --log=/tmp/malware_cleaner_log_17626764635417044.txt --progress=/tmp/malware_cleaner_progress_17626764635416822.json --csv_result=/tmp/revisium_csvfile_17626764635416914.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50748 SEQ=1 Nov 9 13:51:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.120.191.94 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37193 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:51:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35144 SEQ=1 Nov 9 13:51:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3765 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49713 SEQ=1 Nov 9 13:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62379 SEQ=1 Nov 9 13:51:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61229 SEQ=1 Nov 9 13:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13089 SEQ=1 Nov 9 13:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7845 SEQ=1 Nov 9 13:51:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46391 SEQ=1 Nov 9 13:51:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=39213 DF PROTO=ICMP TYPE=8 CODE=0 ID=4896 SEQ=5919 Nov 9 13:51:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.227 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=53020 DPT=10082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:51:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39134 SEQ=1 Nov 9 13:51:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=55116 PROTO=TCP SPT=50883 DPT=7742 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:51:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22961 SEQ=1 Nov 9 13:51:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=14619 PROTO=TCP SPT=53095 DPT=25988 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60837 SEQ=1 Nov 9 13:51:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39189 SEQ=1 Nov 9 13:51:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26290 PROTO=TCP SPT=45727 DPT=31646 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:51:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39189 SEQ=1 Nov 9 13:51:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41593 SEQ=1 Nov 9 13:51:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39718 PROTO=TCP SPT=49956 DPT=28928 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:51:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27098 PROTO=TCP SPT=41216 DPT=4591 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:51:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.194 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56748 DPT=9797 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:51:41 server83 aibolit_wrapper[3910]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626765019041088.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626765019042492.txt --log=/tmp/malware_cleaner_log_17626765019043992.txt --progress=/tmp/malware_cleaner_progress_17626765019043592.json --csv_result=/tmp/revisium_csvfile_17626765019043780.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:51:42 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:51:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.66.50 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=2501 PROTO=TCP SPT=56306 DPT=27017 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:51:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.center: ProactiveModel.Host should not be empty Nov 9 13:51:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.mb_convert: ProactiveModel.Host should not be empty Nov 9 13:51:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50283 SEQ=1 Nov 9 13:51:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51353 SEQ=1 Nov 9 13:51:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57697 DF PROTO=TCP SPT=52073 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:51:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57698 DF PROTO=TCP SPT=52179 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:51:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57699 DF PROTO=TCP SPT=52073 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:51:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57700 DF PROTO=TCP SPT=52179 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:51:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50984 SEQ=1 Nov 9 13:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52061 SEQ=1 Nov 9 13:51:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3764 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:51:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37510 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=39294 DF PROTO=ICMP TYPE=8 CODE=0 ID=18955 SEQ=57383 Nov 9 13:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31655 SEQ=1 Nov 9 13:51:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59313 SEQ=1 Nov 9 13:51:54 server83 systemd: Started Session c2888 of user root. Nov 9 13:51:54 server83 scripts.sh: Load Average: 4.23 , 4.29 Nov 9 13:51:54 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 13:51:54 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 13:51:54 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 13:51:54 server83 scripts.sh: HTTPD Status: inactive Nov 9 13:51:54 server83 scripts.sh: MySQL Status: active Nov 9 13:51:54 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 13:51:54 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 13:51:54 server83 scripts.sh: SSHD Status: active Nov 9 13:51:54 server83 scripts.sh: FTP Status: active Nov 9 13:51:54 server83 scripts.sh: LiteSpeed Status: Active Nov 9 13:51:54 server83 scripts.sh: Imunify Status: Active Nov 9 13:51:54 server83 scripts.sh: cPanel Status: active Nov 9 13:51:54 server83 scripts.sh: Memory Status: 12/31 GB - 41.48% Nov 9 13:51:54 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 13:51:54 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 13:51:54 server83 scripts.sh: Local Version: 4.4.5 Nov 9 13:51:56 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:51:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57703 DF PROTO=TCP SPT=52073 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:51:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57704 DF PROTO=TCP SPT=52179 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:52:01 server83 systemd: Started Session 312862 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312861 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312867 of user root. Nov 9 13:52:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:52:01 server83 systemd: Started Session 312863 of user accentri. Nov 9 13:52:01 server83 systemd: Started Session 312864 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312865 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312868 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312866 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312870 of user accentri. Nov 9 13:52:01 server83 systemd: Started Session 312869 of user root. Nov 9 13:52:01 server83 systemd: Started Session 312871 of user root. Nov 9 13:52:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:52:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53196 SEQ=1 Nov 9 13:52:03 server83 aibolit_wrapper[4604]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626765235553426.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626765235554522.txt --log=/tmp/malware_cleaner_log_17626765235555358.txt --progress=/tmp/malware_cleaner_progress_17626765235555136.json --csv_result=/tmp/revisium_csvfile_17626765235555230.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57705 DF PROTO=TCP SPT=52073 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:52:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57706 DF PROTO=TCP SPT=52179 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:52:07 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=154.38.165.139 DST=145.239.177.179 LEN=446 TOS=0x08 PREC=0x20 TTL=46 ID=21530 DF PROTO=UDP SPT=58686 DPT=5060 LEN=426 Nov 9 13:52:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50119 SEQ=1 Nov 9 13:52:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=40894 DF PROTO=TCP SPT=58712 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:52:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=41529 PROTO=TCP SPT=56078 DPT=45988 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:52:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=40895 DF PROTO=TCP SPT=58712 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 13:52:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21086 SEQ=1 Nov 9 13:52:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53973 SEQ=1 Nov 9 13:52:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.159 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57107 DPT=8871 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=50860 PROTO=TCP SPT=49160 DPT=8547 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17601 SEQ=1 Nov 9 13:52:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41890 SEQ=1 Nov 9 13:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=40131 DF PROTO=ICMP TYPE=8 CODE=0 ID=18955 SEQ=16173 Nov 9 13:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38820 SEQ=1 Nov 9 13:52:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44134 SEQ=1 Nov 9 13:52:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52918 DPT=9823 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:22 server83 aibolit_wrapper[5128]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626765428373464.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626765428375478.txt --log=/tmp/malware_cleaner_log_17626765428377692.txt --progress=/tmp/malware_cleaner_progress_17626765428377108.json --csv_result=/tmp/revisium_csvfile_17626765428377364.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:52:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.225.32 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43030 DPT=5987 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54767 DPT=9485 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64150 SEQ=1 Nov 9 13:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48328 SEQ=1 Nov 9 13:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48639 SEQ=1 Nov 9 13:52:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52647 SEQ=1 Nov 9 13:52:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14004 PROTO=TCP SPT=49335 DPT=7972 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8092 SEQ=1 Nov 9 13:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63374 SEQ=1 Nov 9 13:52:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3513 SEQ=1 Nov 9 13:52:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19542 SEQ=1 Nov 9 13:52:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.138.141 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=46317 PROTO=TCP SPT=43018 DPT=40000 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:52:40 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:52:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53118 DPT=36000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:52:43 server83 aibolit_wrapper[5637]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626765629950994.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626765629952724.txt --log=/tmp/malware_cleaner_log_17626765629954372.txt --progress=/tmp/malware_cleaner_progress_17626765629953940.json --csv_result=/tmp/revisium_csvfile_17626765629954118.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:52:46 server83 imunify360-php-daemon[734]: /home2/evershine/public_html/wp-content/themes/ekart/.config: ProactiveModel.Host should not be empty Nov 9 13:52:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38417 SEQ=1 Nov 9 13:52:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14594 SEQ=1 Nov 9 13:52:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25384 SEQ=1 Nov 9 13:52:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61599 SEQ=1 Nov 9 13:52:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34500 SEQ=1 Nov 9 13:52:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:52:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57707 DF PROTO=TCP SPT=53812 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4734] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4739] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4740] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4744] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4754] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4756] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:52:59 server83 NetworkManager[922]: <info> [1762676579.4771] dhcp4 (eth1): dhclient started with pid 5955 Nov 9 13:52:59 server83 dhclient[5955]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x6ee0e3f9) Nov 9 13:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57708 DF PROTO=TCP SPT=53812 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:52:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=27176 PROTO=TCP SPT=40614 DPT=20221 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:53:01 server83 systemd: Started Session 312875 of user root. Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:53:01 server83 systemd: Started Session 312874 of user root. Nov 9 13:53:01 server83 systemd: Started Session 312876 of user root. Nov 9 13:53:01 server83 systemd: Started Session 312872 of user root. Nov 9 13:53:01 server83 systemd: Started Session 312873 of user root. Nov 9 13:53:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:53:01 server83 systemd: Started Session 312878 of user root. Nov 9 13:53:01 server83 systemd: Started Session 312877 of user root. Nov 9 13:53:01 server83 systemd: Started Session 312879 of user root. Nov 9 13:53:01 server83 systemd: Started Session 312880 of user root. Nov 9 13:53:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57709 DF PROTO=TCP SPT=53812 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:53:02 server83 dhclient[5955]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x6ee0e3f9) Nov 9 13:53:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53521 SEQ=1 Nov 9 13:53:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=128.9.29.128 DST=51.210.113.204 LEN=32 TOS=0x00 PREC=0x00 TTL=48 ID=8636 DF PROTO=ICMP TYPE=8 CODE=0 ID=30745 SEQ=3393 Nov 9 13:53:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3944 PROTO=TCP SPT=45727 DPT=32829 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:53:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57710 DF PROTO=TCP SPT=53812 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:53:06 server83 aibolit_wrapper[6146]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626765866582748.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626765866584236.txt --log=/tmp/malware_cleaner_log_17626765866585300.txt --progress=/tmp/malware_cleaner_progress_17626765866584986.json --csv_result=/tmp/revisium_csvfile_17626765866585110.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:53:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17921 SEQ=1 Nov 9 13:53:07 server83 dhclient[5955]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x6ee0e3f9) Nov 9 13:53:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31042 PROTO=TCP SPT=45727 DPT=31440 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:53:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57711 DF PROTO=TCP SPT=53812 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:53:18 server83 dhclient[5955]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 21 (xid=0x6ee0e3f9) Nov 9 13:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49747 SEQ=1 Nov 9 13:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11647 SEQ=1 Nov 9 13:53:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22338 SEQ=1 Nov 9 13:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59876 SEQ=1 Nov 9 13:53:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53400 SEQ=1 Nov 9 13:53:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42567 SEQ=1 Nov 9 13:53:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.253 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=20602 DF PROTO=TCP SPT=37137 DPT=8405 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:53:25 server83 aibolit_wrapper[6487]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626766058371508.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626766058372624.txt --log=/tmp/malware_cleaner_log_17626766058373790.txt --progress=/tmp/malware_cleaner_progress_17626766058373480.json --csv_result=/tmp/revisium_csvfile_17626766058373628.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:53:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33545 SEQ=1 Nov 9 13:53:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3651 SEQ=1 Nov 9 13:53:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51716 SEQ=1 Nov 9 13:53:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:53:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64527 SEQ=1 Nov 9 13:53:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51861 SEQ=1 Nov 9 13:53:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42575 SEQ=1 Nov 9 13:53:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55136 DPT=23909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:39 server83 dhclient[5955]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x6ee0e3f9) Nov 9 13:53:44 server83 NetworkManager[922]: <warn> [1762676624.4447] dhcp4 (eth1): request timed out Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4447] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4526] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5955 Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4526] dhcp4 (eth1): state changed timeout -> done Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4528] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:53:44 server83 NetworkManager[922]: <warn> [1762676624.4533] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4536] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4569] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4574] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4575] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4579] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4589] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4592] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:53:44 server83 NetworkManager[922]: <info> [1762676624.4605] dhcp4 (eth1): dhclient started with pid 6911 Nov 9 13:53:44 server83 dhclient[6911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x3dd865d) Nov 9 13:53:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43045 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.122 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52610 DPT=38880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15867 SEQ=1 Nov 9 13:53:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=48.216.243.233 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=37447 DPT=1311 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50260 SEQ=1 Nov 9 13:53:48 server83 dhclient[6911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3dd865d) Nov 9 13:53:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50260 SEQ=1 Nov 9 13:53:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=58456 DPT=5671 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36976 SEQ=1 Nov 9 13:53:51 server83 aibolit_wrapper[7052]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626766310737724.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626766310739422.txt --log=/tmp/malware_cleaner_log_17626766310740936.txt --progress=/tmp/malware_cleaner_progress_17626766310740540.json --csv_result=/tmp/revisium_csvfile_17626766310740710.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:53:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15867 SEQ=1 Nov 9 13:53:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3772 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:53:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54201 SEQ=1 Nov 9 13:53:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=27494 PROTO=TCP SPT=33659 DPT=8302 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:53:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:53:58 server83 dhclient[6911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3dd865d) Nov 9 13:54:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17486 SEQ=1 Nov 9 13:54:01 server83 systemd: Started Session 312881 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312882 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312883 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312884 of user root. Nov 9 13:54:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:54:01 server83 systemd: Started Session 312886 of user accentri. Nov 9 13:54:01 server83 systemd: Started Session 312885 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312887 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312890 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312889 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312888 of user root. Nov 9 13:54:01 server83 systemd: Started Session 312891 of user accentri. Nov 9 13:54:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:54:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58702 SEQ=1 Nov 9 13:54:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.227.25.249 DST=51.210.113.204 LEN=68 TOS=0x00 PREC=0x00 TTL=44 ID=60566 DF PROTO=ICMP TYPE=8 CODE=0 ID=17027 SEQ=60617 Nov 9 13:54:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11071 SEQ=1 Nov 9 13:54:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15862 SEQ=1 Nov 9 13:54:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.143 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=27172 PROTO=TCP SPT=56919 DPT=2404 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65151 SEQ=1 Nov 9 13:54:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60422 SEQ=1 Nov 9 13:54:08 server83 dhclient[6911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3dd865d) Nov 9 13:54:10 server83 aibolit_wrapper[7549]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626766502257840.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626766502259542.txt --log=/tmp/malware_cleaner_log_17626766502261350.txt --progress=/tmp/malware_cleaner_progress_17626766502260870.json --csv_result=/tmp/revisium_csvfile_17626766502261126.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:54:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.109.130 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57060 DPT=5671 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:54:18 server83 dhclient[6911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x3dd865d) Nov 9 13:54:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64964 SEQ=1 Nov 9 13:54:19 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.200 DST=51.210.113.204 LEN=32 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=53097 DPT=6351 LEN=12 Nov 9 13:54:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3763 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:54:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19530 SEQ=1 Nov 9 13:54:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59018 SEQ=1 Nov 9 13:54:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54384 SEQ=1 Nov 9 13:54:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46966 SEQ=1 Nov 9 13:54:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19355 PROTO=TCP SPT=50273 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19356 PROTO=TCP SPT=50273 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=11653 PROTO=TCP SPT=50784 DPT=7637 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:54:28 server83 dhclient[6911]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3dd865d) Nov 9 13:54:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12391 PROTO=TCP SPT=60490 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.9.214 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=19357 PROTO=TCP SPT=50273 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:29 server83 NetworkManager[922]: <warn> [1762676669.4437] dhcp4 (eth1): request timed out Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4437] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4517] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6911 Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4517] dhcp4 (eth1): state changed timeout -> done Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4519] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:54:29 server83 NetworkManager[922]: <warn> [1762676669.4524] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4526] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4560] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4564] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4565] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4570] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4580] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4584] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:54:29 server83 NetworkManager[922]: <info> [1762676669.4595] dhcp4 (eth1): dhclient started with pid 7818 Nov 9 13:54:29 server83 dhclient[7818]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x32027db3) Nov 9 13:54:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12392 PROTO=TCP SPT=60490 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12393 PROTO=TCP SPT=60490 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12395 PROTO=TCP SPT=60490 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 13:54:33 server83 dhclient[7818]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x32027db3) Nov 9 13:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35720 SEQ=1 Nov 9 13:54:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59135 SEQ=1 Nov 9 13:54:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59135 SEQ=1 Nov 9 13:54:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17300 SEQ=1 Nov 9 13:54:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39539 SEQ=1 Nov 9 13:54:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42188 SEQ=1 Nov 9 13:54:39 server83 aibolit_wrapper[8082]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626766794334046.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626766794335030.txt --log=/tmp/malware_cleaner_log_17626766794335862.txt --progress=/tmp/malware_cleaner_progress_17626766794335646.json --csv_result=/tmp/revisium_csvfile_17626766794335742.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:54:40 server83 dhclient[7818]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x32027db3) Nov 9 13:54:47 server83 dhclient[7818]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x32027db3) Nov 9 13:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62911 SEQ=1 Nov 9 13:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62911 SEQ=1 Nov 9 13:54:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13905 SEQ=1 Nov 9 13:54:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17857 SEQ=1 Nov 9 13:54:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35143 SEQ=1 Nov 9 13:54:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:55:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:55:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:55:01 server83 systemd: Started Session 312892 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312894 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312895 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312896 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312893 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312901 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312898 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312899 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312900 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312902 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312904 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312903 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312897 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312905 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312906 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312907 of user root. Nov 9 13:55:01 server83 systemd: Started Session 312908 of user root. Nov 9 13:55:01 server83 dhclient[7818]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x32027db3) Nov 9 13:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54686 SEQ=1 Nov 9 13:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65416 SEQ=1 Nov 9 13:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58760 SEQ=1 Nov 9 13:55:02 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 13:55:02 server83 systemd: Stopped Status Update Service. Nov 9 13:55:02 server83 systemd: Started Status Update Service. Nov 9 13:55:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18424 SEQ=1 Nov 9 13:55:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47369 PROTO=TCP SPT=58050 DPT=8873 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55638 SEQ=1 Nov 9 13:55:05 server83 aibolit_wrapper[8792]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626767055940122.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626767055941382.txt --log=/tmp/malware_cleaner_log_17626767055942850.txt --progress=/tmp/malware_cleaner_progress_17626767055942394.json --csv_result=/tmp/revisium_csvfile_17626767055942588.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:55:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59413 SEQ=1 Nov 9 13:55:09 server83 dhclient[7818]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x32027db3) Nov 9 13:55:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=32477 PROTO=TCP SPT=36590 DPT=7679 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.200 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=64363 PROTO=TCP SPT=56326 DPT=7001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:55:14 server83 NetworkManager[922]: <warn> [1762676714.4470] dhcp4 (eth1): request timed out Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4471] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4631] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7818 Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4631] dhcp4 (eth1): state changed timeout -> done Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4634] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:55:14 server83 NetworkManager[922]: <warn> [1762676714.4641] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4645] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4680] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4686] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4687] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4693] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4705] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4709] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 13:55:14 server83 NetworkManager[922]: <info> [1762676714.4721] dhcp4 (eth1): dhclient started with pid 8960 Nov 9 13:55:14 server83 dhclient[8960]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x45ae2298) Nov 9 13:55:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33148 DPT=2323 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:15 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:55:17 server83 dhclient[8960]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x45ae2298) Nov 9 13:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52037 SEQ=1 Nov 9 13:55:20 server83 dhclient[8960]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x45ae2298) Nov 9 13:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=912 SEQ=1 Nov 9 13:55:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=912 SEQ=1 Nov 9 13:55:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57321 SEQ=1 Nov 9 13:55:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27429 SEQ=1 Nov 9 13:55:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.91 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49232 DPT=8873 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3770 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:55:27 server83 dhclient[8960]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x45ae2298) Nov 9 13:55:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1524 PROTO=TCP SPT=45727 DPT=30654 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:55:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.30 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=48544 DPT=8873 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57239 SEQ=1 Nov 9 13:55:32 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.128 DST=145.239.177.179 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=64077 PROTO=UDP SPT=44027 DPT=7787 LEN=17 Nov 9 13:55:32 server83 aibolit_wrapper[9272]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626767327565498.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626767327567456.txt --log=/tmp/malware_cleaner_log_17626767327569582.txt --progress=/tmp/malware_cleaner_progress_17626767327569012.json --csv_result=/tmp/revisium_csvfile_17626767327569254.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:55:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42116 SEQ=1 Nov 9 13:55:33 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 13:55:33 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 13:55:33 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 13:55:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57712 DF PROTO=TCP SPT=57537 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:55:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13810 SEQ=1 Nov 9 13:55:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10800 SEQ=1 Nov 9 13:55:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57713 DF PROTO=TCP SPT=57537 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46944 SEQ=1 Nov 9 13:55:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26258 SEQ=1 Nov 9 13:55:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=65019 PROTO=TCP SPT=56753 DPT=8103 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:55:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57714 DF PROTO=TCP SPT=57537 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:55:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48153 SEQ=1 Nov 9 13:55:39 server83 dhclient[8960]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0x45ae2298) Nov 9 13:55:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57715 DF PROTO=TCP SPT=57537 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:55:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.51.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=4067 DF PROTO=TCP SPT=48581 DPT=4217 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:55:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=135.119.89.68 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=38732 PROTO=TCP SPT=47748 DPT=5094 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:48 server83 aibolit_wrapper[9635]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626767480591228.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626767480592818.txt --log=/tmp/malware_cleaner_log_17626767480594892.txt --progress=/tmp/malware_cleaner_progress_17626767480594396.json --csv_result=/tmp/revisium_csvfile_17626767480594614.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:55:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57716 DF PROTO=TCP SPT=57537 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:55:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.84.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=43337 DPT=2323 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19706 SEQ=1 Nov 9 13:55:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1791 SEQ=1 Nov 9 13:55:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.46.135.182 DST=51.210.113.204 LEN=1000 TOS=0x08 PREC=0x20 TTL=43 ID=60022 DF PROTO=UDP SPT=33948 DPT=5060 LEN=980 Nov 9 13:55:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.80.16.161 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=20 SEQ=19773 Nov 9 13:55:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24758 SEQ=1 Nov 9 13:55:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36001 SEQ=1 Nov 9 13:55:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:55:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:55:55 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:55:56 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:55:56 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 13:55:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:55:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=38658 PROTO=TCP SPT=53073 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:55:59 server83 NetworkManager[922]: <warn> [1762676759.4381] dhcp4 (eth1): request timed out Nov 9 13:55:59 server83 NetworkManager[922]: <info> [1762676759.4381] dhcp4 (eth1): state changed unknown -> timeout Nov 9 13:55:59 server83 NetworkManager[922]: <info> [1762676759.4541] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 8960 Nov 9 13:55:59 server83 NetworkManager[922]: <info> [1762676759.4541] dhcp4 (eth1): state changed timeout -> done Nov 9 13:55:59 server83 NetworkManager[922]: <info> [1762676759.4543] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 13:55:59 server83 NetworkManager[922]: <warn> [1762676759.4547] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 13:55:59 server83 NetworkManager[922]: <info> [1762676759.4549] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 13:56:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3769 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:56:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:56:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 13:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:56:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:56:01 server83 systemd: Started Session 312910 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312912 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312913 of user root. Nov 9 13:56:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:56:01 server83 systemd: Started Session 312914 of user accentri. Nov 9 13:56:01 server83 systemd: Started Session 312909 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312911 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312915 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312916 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312918 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312917 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312919 of user root. Nov 9 13:56:01 server83 systemd: Started Session 312920 of user accentri. Nov 9 13:56:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:56:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.243 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54918 DPT=5986 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59352 SEQ=1 Nov 9 13:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.163.10 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=55041 PROTO=TCP SPT=43672 DPT=8042 WINDOW=65069 RES=0x00 SYN URGP=0 Nov 9 13:56:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.175.220.105 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50261 DPT=9909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51822 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53403 SEQ=1 Nov 9 13:56:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36596 SEQ=1 Nov 9 13:56:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31150 SEQ=1 Nov 9 13:56:21 server83 pam_imunify_daemon.bin: time="2025-11-09T13:56:21+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10926 SEQ=1 Nov 9 13:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43130 SEQ=1 Nov 9 13:56:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22813 SEQ=1 Nov 9 13:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42919 SEQ=1 Nov 9 13:56:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10498 SEQ=1 Nov 9 13:56:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36115 DPT=36000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:23 server83 aibolit_wrapper[10824]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626767835097014.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626767835098264.txt --log=/tmp/malware_cleaner_log_17626767835099318.txt --progress=/tmp/malware_cleaner_progress_17626767835099034.json --csv_result=/tmp/revisium_csvfile_17626767835099156.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:56:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=20683 DF PROTO=ICMP TYPE=8 CODE=0 ID=31239 SEQ=24026 Nov 9 13:56:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:56:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=23092 PROTO=TCP SPT=56779 DPT=25577 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=65309 PROTO=TCP SPT=56779 DPT=25566 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22814 SEQ=1 Nov 9 13:56:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6961 SEQ=1 Nov 9 13:56:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34928 SEQ=1 Nov 9 13:56:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.136 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=56232 PROTO=TCP SPT=55893 DPT=6443 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 13:56:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.135.194.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x40 TTL=243 ID=62223 PROTO=TCP SPT=56779 DPT=25565 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.241 DST=145.239.177.179 LEN=655 TOS=0x00 PREC=0x00 TTL=34 ID=3777 PROTO=UDP SPT=56841 DPT=6635 LEN=635 Nov 9 13:56:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.138 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=63541 PROTO=TCP SPT=49981 DPT=12023 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:37 server83 aibolit_wrapper[11161]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626767977309920.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626767977312338.txt --log=/tmp/malware_cleaner_log_17626767977314040.txt --progress=/tmp/malware_cleaner_progress_17626767977313660.json --csv_result=/tmp/revisium_csvfile_17626767977313852.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5093 SEQ=1 Nov 9 13:56:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59466 SEQ=1 Nov 9 13:56:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3768 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4637 PROTO=TCP SPT=41811 DPT=2589 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18451 PROTO=TCP SPT=45727 DPT=32400 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:56:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.201 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53884 DPT=1200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 13:56:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.190.163.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60845 DPT=631 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=190.92.218.176 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=54115 DF PROTO=ICMP TYPE=8 CODE=0 ID=29754 SEQ=33871 Nov 9 13:56:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61004 SEQ=1 Nov 9 13:56:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.83.110 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=43826 PROTO=TCP SPT=33050 DPT=9909 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4362 SEQ=1 Nov 9 13:56:53 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.150 DST=145.239.177.179 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=13900 PROTO=UDP SPT=60065 DPT=7786 LEN=17 Nov 9 13:56:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42724 SEQ=1 Nov 9 13:56:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44922 SEQ=1 Nov 9 13:56:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:56:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41482 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:01 server83 systemd: Started Session 312921 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312923 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312922 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312925 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312926 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312924 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312928 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312927 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312929 of user root. Nov 9 13:57:01 server83 systemd: Started Session 312930 of user root. Nov 9 13:57:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25425 SEQ=1 Nov 9 13:57:01 server83 aibolit_wrapper[11690]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626768219500794.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626768219502306.txt --log=/tmp/malware_cleaner_log_17626768219504060.txt --progress=/tmp/malware_cleaner_progress_17626768219503562.json --csv_result=/tmp/revisium_csvfile_17626768219503746.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:57:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3382 SEQ=1 Nov 9 13:57:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.238 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53386 DPT=22458 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56506 SEQ=1 Nov 9 13:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56506 SEQ=1 Nov 9 13:57:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63557 SEQ=1 Nov 9 13:57:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63557 SEQ=1 Nov 9 13:57:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56752 SEQ=1 Nov 9 13:57:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.153 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=64268 DF PROTO=TCP SPT=20552 DPT=8580 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 13:57:09 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 13:57:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=23036 DF PROTO=ICMP TYPE=8 CODE=0 ID=47046 SEQ=28656 Nov 9 13:57:16 server83 aibolit_wrapper[12046]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626768361496746.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626768361498072.txt --log=/tmp/malware_cleaner_log_17626768361499312.txt --progress=/tmp/malware_cleaner_progress_17626768361498982.json --csv_result=/tmp/revisium_csvfile_17626768361499128.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:57:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45498 SEQ=1 Nov 9 13:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45556 SEQ=1 Nov 9 13:57:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60688 SEQ=1 Nov 9 13:57:23 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:57:23 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:57:23 server83 imunify-auditd-log-reader[9638]: lost 39 message sequences Nov 9 13:57:23 server83 imunify-auditd-log-reader[9638]: lost 65 message sequences Nov 9 13:57:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36546 SEQ=1 Nov 9 13:57:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45556 SEQ=1 Nov 9 13:57:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11017 PROTO=TCP SPT=49956 DPT=26629 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:57:25 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 13:57:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.240 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55931 DPT=48632 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.191.209.198 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57749 PROTO=TCP SPT=41356 DPT=27000 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:57:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21798 SEQ=1 Nov 9 13:57:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46970 SEQ=1 Nov 9 13:57:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10554 SEQ=1 Nov 9 13:57:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=8838 PROTO=TCP SPT=56867 DPT=8457 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46970 SEQ=1 Nov 9 13:57:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23631 SEQ=1 Nov 9 13:57:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.123 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x20 TTL=240 ID=18194 PROTO=TCP SPT=46476 DPT=36022 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 13:57:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=35454 PROTO=TCP SPT=45975 DPT=7065 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:57:39 server83 aibolit_wrapper[12781]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626768598250968.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626768598252886.txt --log=/tmp/malware_cleaner_log_17626768598256572.txt --progress=/tmp/malware_cleaner_progress_17626768598255734.json --csv_result=/tmp/revisium_csvfile_17626768598256168.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:57:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18138 PROTO=TCP SPT=54232 DPT=9435 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.177 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55205 DPT=30027 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19508 SEQ=1 Nov 9 13:57:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.18 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53283 DPT=7681 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23839 SEQ=1 Nov 9 13:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44461 SEQ=1 Nov 9 13:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58706 SEQ=1 Nov 9 13:57:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32540 SEQ=1 Nov 9 13:57:52 server83 aibolit_wrapper[12987]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626768724857234.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626768724858300.txt --log=/tmp/malware_cleaner_log_17626768724859252.txt --progress=/tmp/malware_cleaner_progress_17626768724859004.json --csv_result=/tmp/revisium_csvfile_17626768724859102.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:57:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54357 SEQ=1 Nov 9 13:57:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44140 SEQ=1 Nov 9 13:57:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=77.90.185.49 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=28513 PROTO=TCP SPT=39883 DPT=16622 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:57:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:57:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23752 PROTO=TCP SPT=34381 DPT=7192 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:58:01 server83 systemd: Started Session 312931 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312932 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312934 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312933 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312935 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312936 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312937 of user root. Nov 9 13:58:01 server83 systemd: Started Session 312938 of user root. Nov 9 13:58:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 13:58:01 server83 systemd: Started Session 312939 of user metalarts. Nov 9 13:58:01 server83 systemd: Started Session 312941 of user root. Nov 9 13:58:01 server83 systemd: Created slice User Slice of accentri. Nov 9 13:58:01 server83 systemd: Started Session 312942 of user accentri. Nov 9 13:58:01 server83 systemd: Started Session 312940 of user accentri. Nov 9 13:58:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 13:58:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 13:58:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46280 PROTO=TCP SPT=44240 DPT=4929 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:58:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21145 SEQ=1 Nov 9 13:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27830 SEQ=1 Nov 9 13:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8268 SEQ=1 Nov 9 13:58:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21145 SEQ=1 Nov 9 13:58:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1280 SEQ=1 Nov 9 13:58:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=20068 PROTO=TCP SPT=53095 DPT=44292 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:58:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12252 SEQ=1 Nov 9 13:58:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=47518 PROTO=TCP SPT=53104 DPT=7375 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:58:14 server83 pam_imunify_daemon.bin: time="2025-11-09T13:58:14+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 13:58:17 server83 aibolit_wrapper[13728]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626768976951708.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626768976953446.txt --log=/tmp/malware_cleaner_log_17626768976955238.txt --progress=/tmp/malware_cleaner_progress_17626768976954696.json --csv_result=/tmp/revisium_csvfile_17626768976954936.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:58:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3762 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:58:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19486 SEQ=1 Nov 9 13:58:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34843 SEQ=1 Nov 9 13:58:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19486 SEQ=1 Nov 9 13:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 13:58:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 13:58:20 server83 imunify-auditd-log-reader[9638]: log reader failed to send statistics: circuit breaker is open Nov 9 13:58:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=188 SEQ=1 Nov 9 13:58:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27518 SEQ=1 Nov 9 13:58:24 server83 imunify-auditd-log-reader[9638]: error messages suppressed: 63 Nov 9 13:58:24 server83 imunify-auditd-log-reader[9638]: failed to send events: circuit breaker is open Nov 9 13:58:30 server83 aibolit_wrapper[13947]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626769100202794.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626769100204548.txt --log=/tmp/malware_cleaner_log_17626769100205976.txt --progress=/tmp/malware_cleaner_progress_17626769100205588.json --csv_result=/tmp/revisium_csvfile_17626769100205750.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:58:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59834 SEQ=1 Nov 9 13:58:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56684 SEQ=1 Nov 9 13:58:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=9620 PROTO=TCP SPT=50784 DPT=7632 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:58:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59834 SEQ=1 Nov 9 13:58:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47052 SEQ=1 Nov 9 13:58:39 server83 imunify-realtime-av[6776]: failed to send stats: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47052 SEQ=1 Nov 9 13:58:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13664 SEQ=1 Nov 9 13:58:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65034 SEQ=1 Nov 9 13:58:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1952 PROTO=TCP SPT=45727 DPT=31921 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35375 SEQ=1 Nov 9 13:58:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45276 SEQ=1 Nov 9 13:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6773 SEQ=1 Nov 9 13:58:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.48.218 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=56311 DF PROTO=ICMP TYPE=8 CODE=0 ID=4953 SEQ=45209 Nov 9 13:58:55 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.46.201.135 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=27037 DF PROTO=ICMP TYPE=8 CODE=0 ID=57705 SEQ=22683 Nov 9 13:58:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.84.110 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40391 DPT=7434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:58:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.79 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=55950 DPT=48180 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:58:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=30482 PROTO=TCP SPT=35456 DPT=2038 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:58:57 server83 aibolit_wrapper[14421]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626769373922220.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626769373923940.txt --log=/tmp/malware_cleaner_log_17626769373925856.txt --progress=/tmp/malware_cleaner_progress_17626769373925198.json --csv_result=/tmp/revisium_csvfile_17626769373925430.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:58:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:59:01 server83 systemd: Started Session 312943 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312945 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312948 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312947 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312946 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312944 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312951 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312949 of user root. Nov 9 13:59:01 server83 systemd: Started Session 312950 of user root. Nov 9 13:59:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.80 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51798 DPT=9840 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:59:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3761 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:59:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.189.178.161 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=38891 PROTO=TCP SPT=56514 DPT=6000 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:59:03 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50570 SEQ=1 Nov 9 13:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7318 SEQ=1 Nov 9 13:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7318 SEQ=1 Nov 9 13:59:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29369 SEQ=1 Nov 9 13:59:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38159 SEQ=1 Nov 9 13:59:04 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.53.186.171 DST=145.239.177.179 LEN=71 TOS=0x00 PREC=0x00 TTL=51 ID=52694 DF PROTO=UDP SPT=5353 DPT=1434 LEN=51 Nov 9 13:59:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.139.117 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56078 DPT=13443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:59:13 server83 aibolit_wrapper[14929]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626769537312692.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626769537314754.txt --log=/tmp/malware_cleaner_log_17626769537316560.txt --progress=/tmp/malware_cleaner_progress_17626769537316080.json --csv_result=/tmp/revisium_csvfile_17626769537316298.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:59:17 server83 scripts.sh: Sun Nov 9 13:59:17 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 13:59:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.82.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47234 DPT=7434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:59:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51926 DPT=48587 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:59:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=78.128.114.86 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61417 PROTO=TCP SPT=53120 DPT=2420 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35833 SEQ=1 Nov 9 13:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24239 SEQ=1 Nov 9 13:59:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24239 SEQ=1 Nov 9 13:59:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8669 SEQ=1 Nov 9 13:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62578 SEQ=1 Nov 9 13:59:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44844 SEQ=1 Nov 9 13:59:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:59:27 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:59:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:59:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 13:59:28 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 13:59:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57717 DF PROTO=TCP SPT=61623 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:59:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=152.32.151.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=4928 DF PROTO=TCP SPT=45130 DPT=2629 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 13:59:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37229 SEQ=1 Nov 9 13:59:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57718 DF PROTO=TCP SPT=61623 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:59:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30422 SEQ=1 Nov 9 13:59:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5613 SEQ=1 Nov 9 13:59:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5613 SEQ=1 Nov 9 13:59:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13228 SEQ=1 Nov 9 13:59:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57719 DF PROTO=TCP SPT=61623 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:59:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34135 SEQ=1 Nov 9 13:59:39 server83 aibolit_wrapper[15919]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626769791015420.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626769791017368.txt --log=/tmp/malware_cleaner_log_17626769791019630.txt --progress=/tmp/malware_cleaner_progress_17626769791018982.json --csv_result=/tmp/revisium_csvfile_17626769791019248.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:59:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.245.97.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=21058 PROTO=TCP SPT=61007 DPT=8808 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:59:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=3397 PROTO=TCP SPT=43498 DPT=9207 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 13:59:42 server83 pam_imunify_daemon.bin: time="2025-11-09T13:59:42+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 13:59:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57720 DF PROTO=TCP SPT=61623 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:59:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=48.214.144.125 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=30822 PROTO=TCP SPT=42546 DPT=8087 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:59:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.20.111 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59564 DPT=14443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 13:59:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48850 SEQ=1 Nov 9 13:59:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3760 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 13:59:49 server83 aibolit_wrapper[16174]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626769894698874.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626769894700270.txt --log=/tmp/malware_cleaner_log_17626769894701554.txt --progress=/tmp/malware_cleaner_progress_17626769894701154.json --csv_result=/tmp/revisium_csvfile_17626769894701314.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 13:59:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57721 DF PROTO=TCP SPT=61623 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 13:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50313 SEQ=1 Nov 9 13:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5414 SEQ=1 Nov 9 13:59:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15431 SEQ=1 Nov 9 13:59:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42859 SEQ=1 Nov 9 13:59:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 13:59:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 13:59:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=37853 PROTO=TCP SPT=53111 DPT=33566 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:00:00 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:00 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 14:00:00 server83 imunify-auditd-log-reader[9638]: lost 13 message sequences Nov 9 14:00:00 server83 imunify-auditd-log-reader[9638]: lost 40 message sequences Nov 9 14:00:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.127 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49819 DPT=1344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26466 PROTO=TCP SPT=43416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 14 message sequences Nov 9 14:00:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40662 SEQ=1 Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 13 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 24 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 systemd: Started Session 312954 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312953 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312952 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312957 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312956 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312955 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312958 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312960 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312963 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312964 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312959 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312962 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312961 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312967 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312968 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312965 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312970 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312966 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312971 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312969 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312972 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312973 of user sanatanhinduvahi. Nov 9 14:00:01 server83 systemd: Started Session 312974 of user sanatanhinduvahi. Nov 9 14:00:01 server83 systemd: Started Session 312976 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312977 of user sanatanhinduvahi. Nov 9 14:00:01 server83 systemd: Started Session 312975 of user root. Nov 9 14:00:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:00:01 server83 systemd: Started Session 312978 of user accentri. Nov 9 14:00:01 server83 systemd: Started Session 312979 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312980 of user root. Nov 9 14:00:01 server83 systemd: Started Session 312981 of user accentri. Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:00:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:00:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26467 PROTO=TCP SPT=43416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25043 SEQ=1 Nov 9 14:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=832 PROTO=TCP SPT=37357 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26468 PROTO=TCP SPT=43416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=833 PROTO=TCP SPT=37357 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=834 PROTO=TCP SPT=37357 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=26470 PROTO=TCP SPT=43416 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=40.76.124.195 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=56543 DPT=8983 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=835 PROTO=TCP SPT=37357 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=836 PROTO=TCP SPT=37357 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43353 SEQ=1 Nov 9 14:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35730 SEQ=1 Nov 9 14:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18500 SEQ=1 Nov 9 14:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58879 SEQ=1 Nov 9 14:00:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20086 SEQ=1 Nov 9 14:00:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.158 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=2818 PROTO=TCP SPT=38644 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3767 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:00:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3333 PROTO=TCP SPT=61107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3335 PROTO=TCP SPT=61107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3336 PROTO=TCP SPT=61107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:15 server83 aibolit_wrapper[18897]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770150807538.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626770150809818.txt --log=/tmp/malware_cleaner_log_17626770150813258.txt --progress=/tmp/malware_cleaner_progress_17626770150812554.json --csv_result=/tmp/revisium_csvfile_17626770150812830.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:00:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.147 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3337 PROTO=TCP SPT=61107 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:00:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57722 DF PROTO=TCP SPT=62615 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57723 DF PROTO=TCP SPT=62615 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=33145 DF PROTO=ICMP TYPE=8 CODE=0 ID=20035 SEQ=19533 Nov 9 14:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33975 SEQ=1 Nov 9 14:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14484 SEQ=1 Nov 9 14:00:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50693 SEQ=1 Nov 9 14:00:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57724 DF PROTO=TCP SPT=62615 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33975 SEQ=1 Nov 9 14:00:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8003 SEQ=1 Nov 9 14:00:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3759 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:00:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57725 DF PROTO=TCP SPT=62615 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.239.4.211 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=10214 PROTO=TCP SPT=33445 DPT=1344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=109.236.61.23 DST=51.210.113.204 LEN=122 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=50590 DPT=1900 LEN=102 Nov 9 14:00:27 server83 aibolit_wrapper[20436]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770276735908.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626770276737692.txt --log=/tmp/malware_cleaner_log_17626770276739314.txt --progress=/tmp/malware_cleaner_progress_17626770276738894.json --csv_result=/tmp/revisium_csvfile_17626770276739076.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:00:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.20 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50491 DPT=9885 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15985 SEQ=1 Nov 9 14:00:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.94.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48687 DPT=1344 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52624 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57726 DF PROTO=TCP SPT=62615 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28354 SEQ=1 Nov 9 14:00:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9523 SEQ=1 Nov 9 14:00:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30066 SEQ=1 Nov 9 14:00:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=51605 PROTO=TCP SPT=40715 DPT=83 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:34 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:00:34 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:00:34 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:00:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=19224 PROTO=TCP SPT=43888 DPT=4470 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.14.122.207 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34722 DPT=8800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:00:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57446 SEQ=1 Nov 9 14:00:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21791 SEQ=1 Nov 9 14:00:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.145.22 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=60422 PROTO=TCP SPT=27092 DPT=10259 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:00:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:00:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63990 SEQ=1 Nov 9 14:00:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63990 SEQ=1 Nov 9 14:00:51 server83 aibolit_wrapper[23415]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770519020934.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626770519022482.txt --log=/tmp/malware_cleaner_log_17626770519024548.txt --progress=/tmp/malware_cleaner_progress_17626770519023976.json --csv_result=/tmp/revisium_csvfile_17626770519024258.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:00:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16213 SEQ=1 Nov 9 14:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16213 SEQ=1 Nov 9 14:00:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15101 SEQ=1 Nov 9 14:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=34048 DF PROTO=ICMP TYPE=8 CODE=0 ID=9386 SEQ=62812 Nov 9 14:00:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12004 SEQ=1 Nov 9 14:00:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:00:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57727 DF PROTO=TCP SPT=63563 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57728 DF PROTO=TCP SPT=63563 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4496] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4501] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4502] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4507] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4517] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4520] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:00:59 server83 NetworkManager[922]: <info> [1762677059.4531] dhcp4 (eth1): dhclient started with pid 24309 Nov 9 14:00:59 server83 dhclient[24309]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x40f18d68) Nov 9 14:01:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57729 DF PROTO=TCP SPT=63563 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:01 server83 systemd: Started Session 312982 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312984 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312983 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312986 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312987 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312985 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312988 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312989 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312990 of user root. Nov 9 14:01:01 server83 systemd: Started Session 312991 of user root. Nov 9 14:01:02 server83 dhclient[24309]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x40f18d68) Nov 9 14:01:04 server83 aibolit_wrapper[24913]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770641723420.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626770641725280.txt --log=/tmp/malware_cleaner_log_17626770641727310.txt --progress=/tmp/malware_cleaner_progress_17626770641726756.json --csv_result=/tmp/revisium_csvfile_17626770641726996.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:01:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57730 DF PROTO=TCP SPT=63563 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39392 SEQ=1 Nov 9 14:01:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13362 SEQ=1 Nov 9 14:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57570 SEQ=1 Nov 9 14:01:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57570 SEQ=1 Nov 9 14:01:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3766 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:01:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23569 SEQ=1 Nov 9 14:01:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3758 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:01:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=87.251.67.25 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=24347 PROTO=TCP SPT=50377 DPT=2422 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:01:10 server83 dhclient[24309]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x40f18d68) Nov 9 14:01:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57731 DF PROTO=TCP SPT=63563 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.150.177 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51423 DPT=15900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:01:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13710 PROTO=TCP SPT=36729 DPT=5068 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:01:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29447 PROTO=TCP SPT=36486 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29448 PROTO=TCP SPT=36486 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.36 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=53172 PROTO=TCP SPT=46432 DPT=18048 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:01:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58385 SEQ=1 Nov 9 14:01:19 server83 dhclient[24309]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x40f18d68) Nov 9 14:01:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=35008 PROTO=TCP SPT=44372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.7.220 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=29449 PROTO=TCP SPT=36486 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58385 SEQ=1 Nov 9 14:01:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=35009 PROTO=TCP SPT=44372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64080 SEQ=1 Nov 9 14:01:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64080 SEQ=1 Nov 9 14:01:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=35010 PROTO=TCP SPT=44372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31606 SEQ=1 Nov 9 14:01:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32562 SEQ=1 Nov 9 14:01:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.7.219 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=35012 PROTO=TCP SPT=44372 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31606 SEQ=1 Nov 9 14:01:24 server83 aibolit_wrapper[27547]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770845853582.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626770845855196.txt --log=/tmp/malware_cleaner_log_17626770845856964.txt --progress=/tmp/malware_cleaner_progress_17626770845856550.json --csv_result=/tmp/revisium_csvfile_17626770845856738.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:01:25 server83 systemd: Started Session c2889 of user root. Nov 9 14:01:25 server83 scripts.sh: Load Average: 4.56 , 4.04 Nov 9 14:01:25 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 14:01:25 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 14:01:25 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 14:01:25 server83 scripts.sh: HTTPD Status: inactive Nov 9 14:01:25 server83 scripts.sh: MySQL Status: active Nov 9 14:01:25 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 14:01:25 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 14:01:25 server83 scripts.sh: SSHD Status: active Nov 9 14:01:25 server83 scripts.sh: FTP Status: active Nov 9 14:01:25 server83 scripts.sh: LiteSpeed Status: Active Nov 9 14:01:25 server83 scripts.sh: Imunify Status: Active Nov 9 14:01:25 server83 scripts.sh: cPanel Status: active Nov 9 14:01:25 server83 scripts.sh: Memory Status: 12/31 GB - 40.16% Nov 9 14:01:25 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 14:01:25 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 14:01:25 server83 scripts.sh: Local Version: 4.4.5 Nov 9 14:01:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=24619 PROTO=TCP SPT=33892 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=24621 PROTO=TCP SPT=33892 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:29 server83 dhclient[24309]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x40f18d68) Nov 9 14:01:30 server83 aibolit_wrapper[28328]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770906510014.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626770906513584.txt --progress=/tmp/malware_cleaner_progress_17626770906513160.json --csv_result=/tmp/revisium_csvfile_17626770906513370.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:01:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.16 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=24623 PROTO=TCP SPT=33892 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:01:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57732 DF PROTO=TCP SPT=64322 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57734 DF PROTO=TCP SPT=64322 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:35 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26433 SEQ=1 Nov 9 14:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41068 SEQ=1 Nov 9 14:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=256 SEQ=1 Nov 9 14:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59962 SEQ=1 Nov 9 14:01:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1518 SEQ=1 Nov 9 14:01:37 server83 aibolit_wrapper[29208]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626770970488846.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626770970490218.txt --log=/tmp/malware_cleaner_log_17626770970491290.txt --progress=/tmp/malware_cleaner_progress_17626770970490994.json --csv_result=/tmp/revisium_csvfile_17626770970491130.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:01:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53423 SEQ=1 Nov 9 14:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57735 DF PROTO=TCP SPT=64322 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.207.253.22 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38921 DPT=3690 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:01:40 server83 dhclient[24309]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x40f18d68) Nov 9 14:01:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=97.107.133.213 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42864 DPT=3690 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:01:44 server83 NetworkManager[922]: <warn> [1762677104.4514] dhcp4 (eth1): request timed out Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4514] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 24309 Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4594] dhcp4 (eth1): state changed timeout -> done Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4596] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:01:44 server83 NetworkManager[922]: <warn> [1762677104.4600] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4603] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4637] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4641] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4642] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4646] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4656] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4659] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:01:44 server83 NetworkManager[922]: <info> [1762677104.4670] dhcp4 (eth1): dhclient started with pid 30100 Nov 9 14:01:44 server83 dhclient[30100]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x25bb8261) Nov 9 14:01:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:01:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57736 DF PROTO=TCP SPT=64322 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:01:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.71 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14339 PROTO=TCP SPT=41970 DPT=30028 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:01:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.104 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35100 DPT=17000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34363 SEQ=1 Nov 9 14:01:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62052 SEQ=1 Nov 9 14:01:52 server83 dhclient[30100]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x25bb8261) Nov 9 14:01:53 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40954 SEQ=1 Nov 9 14:01:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62052 SEQ=1 Nov 9 14:01:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=20175 PROTO=TCP SPT=51074 DPT=8042 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:01:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25532 SEQ=1 Nov 9 14:01:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=18466 PROTO=TCP SPT=47345 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:01:56 server83 aibolit_wrapper[31589]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626771166857802.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626771166859540.txt --log=/tmp/malware_cleaner_log_17626771166861616.txt --progress=/tmp/malware_cleaner_progress_17626771166861060.json --csv_result=/tmp/revisium_csvfile_17626771166861320.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:01:57 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:01:59 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.245 DST=145.239.177.179 LEN=33 TOS=0x00 PREC=0x00 TTL=34 ID=24053 PROTO=UDP SPT=55864 DPT=23545 LEN=13 Nov 9 14:02:01 server83 systemd: Started Session 312993 of user root. Nov 9 14:02:01 server83 systemd: Started Session 312992 of user root. Nov 9 14:02:01 server83 systemd: Started Session 312996 of user root. Nov 9 14:02:01 server83 systemd: Started Session 312995 of user root. Nov 9 14:02:01 server83 systemd: Started Session 312994 of user root. Nov 9 14:02:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:02:01 server83 systemd: Started Session 312997 of user accentri. Nov 9 14:02:01 server83 systemd: Started Session 312998 of user root. Nov 9 14:02:01 server83 systemd: Started Session 312999 of user accentri. Nov 9 14:02:01 server83 systemd: Started Session 313001 of user root. Nov 9 14:02:01 server83 systemd: Started Session 313000 of user root. Nov 9 14:02:01 server83 systemd: Started Session 313002 of user root. Nov 9 14:02:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:02:04 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 14:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54431 SEQ=1 Nov 9 14:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55173 SEQ=1 Nov 9 14:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49242 SEQ=1 Nov 9 14:02:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47691 SEQ=1 Nov 9 14:02:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7391 SEQ=1 Nov 9 14:02:07 server83 dhclient[30100]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x25bb8261) Nov 9 14:02:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60801 SEQ=1 Nov 9 14:02:17 server83 dhclient[30100]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x25bb8261) Nov 9 14:02:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3765 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:02:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36584 SEQ=1 Nov 9 14:02:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13550 SEQ=1 Nov 9 14:02:18 server83 aibolit_wrapper[2363]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626771389397084.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626771389398850.txt --log=/tmp/malware_cleaner_log_17626771389400520.txt --progress=/tmp/malware_cleaner_progress_17626771389400030.json --csv_result=/tmp/revisium_csvfile_17626771389400212.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:02:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13550 SEQ=1 Nov 9 14:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16928 SEQ=1 Nov 9 14:02:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58445 SEQ=1 Nov 9 14:02:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=33994 PROTO=TCP SPT=54800 DPT=35065 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:02:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:02:21 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:02:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=35191 PROTO=TCP SPT=47672 DPT=9922 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:02:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.155.84.194 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54888 DPT=8021 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:02:29 server83 aibolit_wrapper[3614]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626771491460314.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626771491462322.txt --log=/tmp/malware_cleaner_log_17626771491463704.txt --progress=/tmp/malware_cleaner_progress_17626771491463420.json --csv_result=/tmp/revisium_csvfile_17626771491463538.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:02:29 server83 NetworkManager[922]: <warn> [1762677149.4401] dhcp4 (eth1): request timed out Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4402] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4722] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 30100 Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4723] dhcp4 (eth1): state changed timeout -> done Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4726] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:02:29 server83 NetworkManager[922]: <warn> [1762677149.4732] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4735] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4769] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4774] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4775] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4781] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4792] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4795] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:02:29 server83 NetworkManager[922]: <info> [1762677149.4807] dhcp4 (eth1): dhclient started with pid 3661 Nov 9 14:02:29 server83 dhclient[3661]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x5bcf5b24) Nov 9 14:02:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=85.11.167.3 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43417 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:02:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21503 SEQ=1 Nov 9 14:02:34 server83 dhclient[3661]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x5bcf5b24) Nov 9 14:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=35223 DF PROTO=ICMP TYPE=8 CODE=0 ID=54115 SEQ=16023 Nov 9 14:02:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5395 SEQ=1 Nov 9 14:02:37 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1955 SEQ=1 Nov 9 14:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51392 SEQ=1 Nov 9 14:02:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12504 SEQ=1 Nov 9 14:02:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=135.237.126.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=55176 DPT=18480 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:02:40 server83 dhclient[3661]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x5bcf5b24) Nov 9 14:02:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6529 PROTO=TCP SPT=45727 DPT=31648 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:02:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40567 SEQ=1 Nov 9 14:02:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:02:47 server83 dhclient[3661]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x5bcf5b24) Nov 9 14:02:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26246 SEQ=1 Nov 9 14:02:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.87.129 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=0 DF PROTO=TCP SPT=9999 DPT=2081 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:02:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42814 SEQ=1 Nov 9 14:02:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7496 SEQ=1 Nov 9 14:02:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10090 SEQ=1 Nov 9 14:02:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.243 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53648 DPT=9318 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:02:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34633 SEQ=1 Nov 9 14:02:52 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.252 DST=51.210.113.204 LEN=45 TOS=0x00 PREC=0x00 TTL=35 ID=60716 PROTO=UDP SPT=56390 DPT=59708 LEN=25 Nov 9 14:02:54 server83 aibolit_wrapper[7028]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626771743959396.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626771743961130.txt --log=/tmp/malware_cleaner_log_17626771743962640.txt --progress=/tmp/malware_cleaner_progress_17626771743962254.json --csv_result=/tmp/revisium_csvfile_17626771743962428.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:02:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:02:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.105.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=48865 DPT=8021 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:03:00 server83 aibolit_wrapper[7860]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626771808281366.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626771808283812.txt --progress=/tmp/malware_cleaner_progress_17626771808283488.json --csv_result=/tmp/revisium_csvfile_17626771808283630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:03:01 server83 systemd: Started Session 313003 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313004 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313005 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313006 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313007 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313008 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313009 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313010 of user root. Nov 9 14:03:01 server83 systemd: Started Session 313011 of user root. Nov 9 14:03:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21905 SEQ=1 Nov 9 14:03:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11701 SEQ=1 Nov 9 14:03:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3764 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:03:04 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 14:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59891 SEQ=1 Nov 9 14:03:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31632 SEQ=1 Nov 9 14:03:06 server83 aibolit_wrapper[8633]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626771861301144.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626771861302524.txt --log=/tmp/malware_cleaner_log_17626771861303990.txt --progress=/tmp/malware_cleaner_progress_17626771861303634.json --csv_result=/tmp/revisium_csvfile_17626771861303794.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:03:06 server83 dhclient[3661]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5bcf5b24) Nov 9 14:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26028 SEQ=1 Nov 9 14:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=868 SEQ=1 Nov 9 14:03:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.78.87 DST=51.210.113.204 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=28082 DF PROTO=ICMP TYPE=8 CODE=0 ID=62038 SEQ=37 Nov 9 14:03:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21905 SEQ=1 Nov 9 14:03:10 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.78.87 DST=51.210.113.204 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=28318 DF PROTO=ICMP TYPE=8 CODE=0 ID=62038 SEQ=337 Nov 9 14:03:14 server83 NetworkManager[922]: <warn> [1762677194.4507] dhcp4 (eth1): request timed out Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4507] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4667] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3661 Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4667] dhcp4 (eth1): state changed timeout -> done Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4668] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:03:14 server83 NetworkManager[922]: <warn> [1762677194.4671] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4672] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4699] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4701] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4702] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4703] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4712] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4713] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:03:14 server83 NetworkManager[922]: <info> [1762677194.4721] dhcp4 (eth1): dhclient started with pid 9637 Nov 9 14:03:14 server83 dhclient[9637]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x5509b7aa) Nov 9 14:03:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.59.56.121 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=16863 PROTO=TCP SPT=60000 DPT=27422 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:03:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.78.87 DST=51.210.113.204 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=29623 DF PROTO=ICMP TYPE=8 CODE=0 ID=62038 SEQ=1237 Nov 9 14:03:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58231 SEQ=1 Nov 9 14:03:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46511 PROTO=TCP SPT=45727 DPT=31994 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:03:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21330 SEQ=1 Nov 9 14:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50405 SEQ=1 Nov 9 14:03:21 server83 dhclient[9637]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x5509b7aa) Nov 9 14:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.78.87 DST=51.210.113.204 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=29972 DF PROTO=ICMP TYPE=8 CODE=0 ID=62038 SEQ=1437 Nov 9 14:03:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38039 SEQ=1 Nov 9 14:03:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.78.87 DST=51.210.113.204 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=30360 DF PROTO=ICMP TYPE=8 CODE=0 ID=62038 SEQ=1637 Nov 9 14:03:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=59103 PROTO=TCP SPT=36040 DPT=9218 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:03:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.78.87 DST=51.210.113.204 LEN=1028 TOS=0x00 PREC=0x00 TTL=48 ID=30571 DF PROTO=ICMP TYPE=8 CODE=0 ID=62038 SEQ=1837 Nov 9 14:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5196 PROTO=TCP SPT=49956 DPT=25058 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:03:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=26119 PROTO=TCP SPT=44329 DPT=4129 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:03:26 server83 aibolit_wrapper[11478]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626772068922390.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626772068923944.txt --log=/tmp/malware_cleaner_log_17626772068925292.txt --progress=/tmp/malware_cleaner_progress_17626772068924946.json --csv_result=/tmp/revisium_csvfile_17626772068925094.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:03:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33594 SEQ=1 Nov 9 14:03:31 server83 dhclient[9637]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5509b7aa) Nov 9 14:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58834 SEQ=1 Nov 9 14:03:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29147 SEQ=1 Nov 9 14:03:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19257 SEQ=1 Nov 9 14:03:37 server83 aibolit_wrapper[12866]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626772172342382.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626772172344070.txt --log=/tmp/malware_cleaner_log_17626772172345504.txt --progress=/tmp/malware_cleaner_progress_17626772172345118.json --csv_result=/tmp/revisium_csvfile_17626772172345288.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:03:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29147 SEQ=1 Nov 9 14:03:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58834 SEQ=1 Nov 9 14:03:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.23 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53141 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:03:45 server83 dhclient[9637]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x5509b7aa) Nov 9 14:03:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54392 SEQ=1 Nov 9 14:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35709 SEQ=1 Nov 9 14:03:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35709 SEQ=1 Nov 9 14:03:50 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:03:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46292 SEQ=1 Nov 9 14:03:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1596 SEQ=1 Nov 9 14:03:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12371 SEQ=1 Nov 9 14:03:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=21969 PROTO=TCP SPT=36605 DPT=9555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:03:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.210.63.192 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=17971 PROTO=TCP SPT=53857 DPT=44356 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:03:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:03:59 server83 NetworkManager[922]: <warn> [1762677239.4503] dhcp4 (eth1): request timed out Nov 9 14:03:59 server83 NetworkManager[922]: <info> [1762677239.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:03:59 server83 NetworkManager[922]: <info> [1762677239.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 9637 Nov 9 14:03:59 server83 NetworkManager[922]: <info> [1762677239.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 14:03:59 server83 NetworkManager[922]: <info> [1762677239.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:03:59 server83 NetworkManager[922]: <warn> [1762677239.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:03:59 server83 NetworkManager[922]: <info> [1762677239.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:04:00 server83 aibolit_wrapper[15554]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626772404907954.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626772404909100.txt --log=/tmp/malware_cleaner_log_17626772404910024.txt --progress=/tmp/malware_cleaner_progress_17626772404909804.json --csv_result=/tmp/revisium_csvfile_17626772404909902.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:04:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:04:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:04:01 server83 systemd: Started Session 313013 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313012 of user root. Nov 9 14:04:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:04:01 server83 systemd: Started Session 313014 of user accentri. Nov 9 14:04:01 server83 systemd: Started Session 313015 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313017 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313016 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313018 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313019 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313020 of user accentri. Nov 9 14:04:01 server83 systemd: Started Session 313021 of user root. Nov 9 14:04:01 server83 systemd: Started Session 313022 of user root. Nov 9 14:04:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:04:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23345 SEQ=1 Nov 9 14:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56323 SEQ=1 Nov 9 14:04:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52272 SEQ=1 Nov 9 14:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52272 SEQ=1 Nov 9 14:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.245.58.208 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=39800 DF PROTO=ICMP TYPE=8 CODE=0 ID=33128 SEQ=30887 Nov 9 14:04:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59840 SEQ=1 Nov 9 14:04:11 server83 aibolit_wrapper[16883]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626772510681838.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626772510683444.txt --log=/tmp/malware_cleaner_log_17626772510684936.txt --progress=/tmp/malware_cleaner_progress_17626772510684550.json --csv_result=/tmp/revisium_csvfile_17626772510684702.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:04:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.160 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54306 DPT=28139 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:04:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14881 SEQ=1 Nov 9 14:04:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59907 SEQ=1 Nov 9 14:04:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39214 SEQ=1 Nov 9 14:04:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22883 PROTO=TCP SPT=58901 DPT=6484 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:04:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.40 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=9048 PROTO=TCP SPT=52191 DPT=33804 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:04:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23558 PROTO=TCP SPT=34528 DPT=7477 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:04:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43820 SEQ=1 Nov 9 14:04:33 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 14:04:33 server83 systemd: Stopped Status Update Service. Nov 9 14:04:33 server83 systemd: Started Status Update Service. Nov 9 14:04:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7630 SEQ=1 Nov 9 14:04:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59057 SEQ=1 Nov 9 14:04:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3757 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:04:35 server83 aibolit_wrapper[19818]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626772753092602.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626772753093898.txt --log=/tmp/malware_cleaner_log_17626772753095238.txt --progress=/tmp/malware_cleaner_progress_17626772753094936.json --csv_result=/tmp/revisium_csvfile_17626772753095074.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:04:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=535 PROTO=TCP SPT=41811 DPT=2495 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21577 SEQ=1 Nov 9 14:04:38 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:04:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=24783 PROTO=TCP SPT=57167 DPT=32908 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:04:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54314 SEQ=1 Nov 9 14:04:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43820 SEQ=1 Nov 9 14:04:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=238 ID=54321 PROTO=TCP SPT=52978 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:04:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=53232 PROTO=TCP SPT=52446 DPT=6528 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:04:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.35 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56864 PROTO=TCP SPT=61000 DPT=25578 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:04:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:04:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:04:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58204 SEQ=1 Nov 9 14:04:48 server83 aibolit_wrapper[21798]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626772885249250.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626772885251020.txt --log=/tmp/malware_cleaner_log_17626772885252668.txt --progress=/tmp/malware_cleaner_progress_17626772885252252.json --csv_result=/tmp/revisium_csvfile_17626772885252438.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37847 SEQ=1 Nov 9 14:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46584 SEQ=1 Nov 9 14:04:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.36 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=2241 PROTO=TCP SPT=43609 DPT=21845 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17949 SEQ=1 Nov 9 14:04:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17949 SEQ=1 Nov 9 14:04:50 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:04:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.92.199 DST=51.210.113.204 LEN=52 TOS=0x14 PREC=0x00 TTL=46 ID=26107 DF PROTO=TCP SPT=27131 DPT=7003 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 14:04:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.159.99.47 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47113 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:04:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:05:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=157.245.140.221 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=43177 PROTO=TCP SPT=61004 DPT=8090 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:05:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:05:00 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39964 SEQ=1 Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:01 server83 systemd: Started Session 313024 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313023 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313026 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313025 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313028 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313029 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313027 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313030 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313031 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313033 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313034 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313036 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313032 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313038 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313039 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313037 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313035 of user root. Nov 9 14:05:01 server83 systemd: Started Session 313040 of user root. Nov 9 14:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30890 SEQ=1 Nov 9 14:05:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=622 SEQ=1 Nov 9 14:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11547 SEQ=1 Nov 9 14:05:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59896 SEQ=1 Nov 9 14:05:07 server83 aibolit_wrapper[24558]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773079503394.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626773079504754.txt --log=/tmp/malware_cleaner_log_17626773079505902.txt --progress=/tmp/malware_cleaner_progress_17626773079505586.json --csv_result=/tmp/revisium_csvfile_17626773079505724.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:05:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.214.53.196 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40479 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:05:14 server83 aibolit_wrapper[25407]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773142118278.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626773142120726.txt --progress=/tmp/malware_cleaner_progress_17626773142120432.json --csv_result=/tmp/revisium_csvfile_17626773142120566.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:05:19 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:05:19 server83 aibolit_wrapper[26244]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773196254240.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626773196255006.txt --log=/tmp/malware_cleaner_log_17626773196255798.txt --progress=/tmp/malware_cleaner_progress_17626773196255588.json --csv_result=/tmp/revisium_csvfile_17626773196255682.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:05:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7787 SEQ=1 Nov 9 14:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2291 SEQ=1 Nov 9 14:05:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62725 SEQ=1 Nov 9 14:05:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:05:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.228 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=27220 PROTO=TCP SPT=4632 DPT=11579 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:05:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3763 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:05:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3756 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:05:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26268 PROTO=TCP SPT=45727 DPT=32226 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:05:36 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:05:36 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:05:36 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:05:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56819 SEQ=1 Nov 9 14:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18583 SEQ=1 Nov 9 14:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48977 SEQ=1 Nov 9 14:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50923 SEQ=1 Nov 9 14:05:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56898 SEQ=1 Nov 9 14:05:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=46697 PROTO=TCP SPT=38404 DPT=4633 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:05:42 server83 aibolit_wrapper[29226]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773422280576.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626773422281678.txt --log=/tmp/malware_cleaner_log_17626773422282586.txt --progress=/tmp/malware_cleaner_progress_17626773422282364.json --csv_result=/tmp/revisium_csvfile_17626773422282460.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:05:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=56073 PROTO=TCP SPT=57096 DPT=14178 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:05:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.211 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38324 DPT=2600 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:05:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:05:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6152 SEQ=1 Nov 9 14:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60705 SEQ=1 Nov 9 14:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17950 SEQ=1 Nov 9 14:05:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60362 SEQ=1 Nov 9 14:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17950 SEQ=1 Nov 9 14:05:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1328 SEQ=1 Nov 9 14:05:53 server83 aibolit_wrapper[30587]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773536538690.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626773536539680.txt --log=/tmp/malware_cleaner_log_17626773536540548.txt --progress=/tmp/malware_cleaner_progress_17626773536540342.json --csv_result=/tmp/revisium_csvfile_17626773536540432.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:05:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.52 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=6606 PROTO=TCP SPT=53318 DPT=5985 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:05:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:06:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45098 PROTO=TCP SPT=51461 DPT=8549 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:06:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:06:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:06:01 server83 systemd: Started Session 313041 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313043 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313042 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313044 of user root. Nov 9 14:06:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:06:01 server83 systemd: Started Session 313046 of user accentri. Nov 9 14:06:01 server83 systemd: Started Session 313045 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313047 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313048 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313049 of user root. Nov 9 14:06:01 server83 systemd: Started Session 313051 of user accentri. Nov 9 14:06:01 server83 systemd: Started Session 313050 of user root. Nov 9 14:06:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:06:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19694 SEQ=1 Nov 9 14:06:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58091 SEQ=1 Nov 9 14:06:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30797 SEQ=1 Nov 9 14:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30797 SEQ=1 Nov 9 14:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50390 SEQ=1 Nov 9 14:06:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.134 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=12534 PROTO=TCP SPT=31609 DPT=20117 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:06:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58091 SEQ=1 Nov 9 14:06:14 server83 aibolit_wrapper[797]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773748855566.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626773748857010.txt --log=/tmp/malware_cleaner_log_17626773748858834.txt --progress=/tmp/malware_cleaner_progress_17626773748858338.json --csv_result=/tmp/revisium_csvfile_17626773748858550.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:06:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.143.6 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=6047 DF PROTO=TCP SPT=38471 DPT=4803 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:06:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=3.143.152.247 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38213 DPT=8093 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1069 SEQ=1 Nov 9 14:06:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51594 SEQ=1 Nov 9 14:06:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:06:25 server83 aibolit_wrapper[2009]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626773852865750.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626773852867430.txt --log=/tmp/malware_cleaner_log_17626773852868844.txt --progress=/tmp/malware_cleaner_progress_17626773852868480.json --csv_result=/tmp/revisium_csvfile_17626773852868628.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:06:27 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 14:06:27 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 14:06:27 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 14:06:27 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 14:06:28 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:06:28 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 14:06:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.33.52.85 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38048 DPT=8044 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:06:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17146 SEQ=1 Nov 9 14:06:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59870 SEQ=1 Nov 9 14:06:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60134 SEQ=1 Nov 9 14:06:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42159 PROTO=TCP SPT=41811 DPT=2452 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=164 SEQ=1 Nov 9 14:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24404 SEQ=1 Nov 9 14:06:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35180 SEQ=1 Nov 9 14:06:40 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.182.17.111 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=48 ID=29630 DF PROTO=UDP SPT=5091 DPT=4000 LEN=50 Nov 9 14:06:40 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 14:06:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=55368 PROTO=TCP SPT=57096 DPT=26194 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:06:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3755 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:06:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51352 SEQ=1 Nov 9 14:06:48 server83 aibolit_wrapper[5518]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774086810560.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774086812168.txt --log=/tmp/malware_cleaner_log_17626774086813686.txt --progress=/tmp/malware_cleaner_progress_17626774086813280.json --csv_result=/tmp/revisium_csvfile_17626774086813460.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:06:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52610 SEQ=1 Nov 9 14:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43405 SEQ=1 Nov 9 14:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14015 SEQ=1 Nov 9 14:06:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43405 SEQ=1 Nov 9 14:06:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.168 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=54108 DPT=47715 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:06:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43715 SEQ=1 Nov 9 14:06:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13294 SEQ=1 Nov 9 14:06:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=41098 PROTO=TCP SPT=40938 DPT=8675 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:06:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.154 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=27114 PROTO=TCP SPT=57173 DPT=1946 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:06:55 server83 aibolit_wrapper[6367]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774152549058.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774152551218.txt --log=/tmp/malware_cleaner_log_17626774152553552.txt --progress=/tmp/malware_cleaner_progress_17626774152552848.json --csv_result=/tmp/revisium_csvfile_17626774152553212.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:06:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57737 DF PROTO=TCP SPT=54065 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:06:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:06:58 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:06:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57738 DF PROTO=TCP SPT=54065 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:06:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.239 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55098 DPT=45882 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:07:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57739 DF PROTO=TCP SPT=54065 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:07:01 server83 systemd: Started Session 313052 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313057 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313053 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313055 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313054 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313056 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313058 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313059 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313060 of user root. Nov 9 14:07:01 server83 systemd: Started Session 313061 of user root. Nov 9 14:07:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57740 DF PROTO=TCP SPT=54065 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:07:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50496 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31036 SEQ=1 Nov 9 14:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14584 SEQ=1 Nov 9 14:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41032 SEQ=1 Nov 9 14:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41032 SEQ=1 Nov 9 14:07:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37627 SEQ=1 Nov 9 14:07:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50497 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50498 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19454 SEQ=1 Nov 9 14:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57741 DF PROTO=TCP SPT=54065 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:07:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50499 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50500 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22174 SEQ=1 Nov 9 14:07:22 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:07:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30167 SEQ=1 Nov 9 14:07:23 server83 aibolit_wrapper[10147]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774435900254.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774435901702.txt --log=/tmp/malware_cleaner_log_17626774435902954.txt --progress=/tmp/malware_cleaner_progress_17626774435902624.json --csv_result=/tmp/revisium_csvfile_17626774435902770.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:07:27 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:07:27 server83 aibolit_wrapper[10673]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774478126382.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774478127226.txt --log=/tmp/malware_cleaner_log_17626774478128120.txt --progress=/tmp/malware_cleaner_progress_17626774478127890.json --csv_result=/tmp/revisium_csvfile_17626774478127992.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:07:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17850 SEQ=1 Nov 9 14:07:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.239.44.183 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=46923 DF PROTO=ICMP TYPE=8 CODE=0 ID=18784 SEQ=2448 Nov 9 14:07:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.142.154.98 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=58610 PROTO=TCP SPT=58914 DPT=5001 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:07:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3754 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:07:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.26 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53903 DPT=9580 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:07:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52578 SEQ=1 Nov 9 14:07:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50501 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39154 SEQ=1 Nov 9 14:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65058 SEQ=1 Nov 9 14:07:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17850 SEQ=1 Nov 9 14:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64604 SEQ=1 Nov 9 14:07:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29918 SEQ=1 Nov 9 14:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=44575 PROTO=TCP SPT=45546 DPT=7248 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:07:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28259 DF PROTO=TCP SPT=52976 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28260 DF PROTO=TCP SPT=52976 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.111.60 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=46890 DPT=8044 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:07:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28261 DF PROTO=TCP SPT=52976 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36518 SEQ=1 Nov 9 14:07:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:07:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63628 SEQ=1 Nov 9 14:07:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28262 DF PROTO=TCP SPT=52976 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63628 SEQ=1 Nov 9 14:07:49 server83 aibolit_wrapper[13598]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774693940680.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774693942416.txt --log=/tmp/malware_cleaner_log_17626774693944678.txt --progress=/tmp/malware_cleaner_progress_17626774693944218.json --csv_result=/tmp/revisium_csvfile_17626774693944430.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:07:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63980 SEQ=1 Nov 9 14:07:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36518 SEQ=1 Nov 9 14:07:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.153.51 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34927 DPT=9200 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:07:52 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:07:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28263 DF PROTO=TCP SPT=52976 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:07:55 server83 aibolit_wrapper[14551]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774757271690.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626774757275414.txt --progress=/tmp/malware_cleaner_progress_17626774757274848.json --csv_result=/tmp/revisium_csvfile_17626774757275088.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:07:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:08:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30722 PROTO=TCP SPT=42111 DPT=2794 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:08:01 server83 systemd: Started Session 313063 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313064 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313062 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313065 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313066 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313068 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313067 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313069 of user root. Nov 9 14:08:01 server83 systemd: Started Session 313071 of user root. Nov 9 14:08:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:08:01 server83 systemd: Started Session 313070 of user accentri. Nov 9 14:08:01 server83 systemd: Started Session 313072 of user accentri. Nov 9 14:08:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:08:01 server83 aibolit_wrapper[15541]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774814377136.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774814378114.txt --log=/tmp/malware_cleaner_log_17626774814379228.txt --progress=/tmp/malware_cleaner_progress_17626774814378946.json --csv_result=/tmp/revisium_csvfile_17626774814379086.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:08:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=65276 PROTO=TCP SPT=49270 DPT=7901 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:08:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54457 SEQ=1 Nov 9 14:08:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57742 DF PROTO=TCP SPT=55618 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37018 SEQ=1 Nov 9 14:08:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57743 DF PROTO=TCP SPT=55618 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.95 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=15455 PROTO=TCP SPT=32102 DPT=389 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:08:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9256 PROTO=TCP SPT=45727 DPT=32124 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:08:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57744 DF PROTO=TCP SPT=55618 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31047 SEQ=1 Nov 9 14:08:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37158 SEQ=1 Nov 9 14:08:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=7075 PROTO=TCP SPT=58194 DPT=7839 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47325 SEQ=1 Nov 9 14:08:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41463 SEQ=1 Nov 9 14:08:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=50502 DF PROTO=TCP SPT=53732 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57745 DF PROTO=TCP SPT=55618 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.167 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=49132 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:08:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47192 SEQ=1 Nov 9 14:08:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57746 DF PROTO=TCP SPT=55962 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57747 DF PROTO=TCP SPT=55618 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46226 SEQ=1 Nov 9 14:08:19 server83 aibolit_wrapper[17672]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626774992014876.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626774992016364.txt --log=/tmp/malware_cleaner_log_17626774992017650.txt --progress=/tmp/malware_cleaner_progress_17626774992017310.json --csv_result=/tmp/revisium_csvfile_17626774992017462.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:08:19 server83 pam_imunify_daemon.bin: time="2025-11-09T14:08:19+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 14:08:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57748 DF PROTO=TCP SPT=55962 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=729 SEQ=1 Nov 9 14:08:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64511 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 14:08:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 14:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64512 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57749 DF PROTO=TCP SPT=55962 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64513 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57750 DF PROTO=TCP SPT=55962 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64514 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=594 SEQ=1 Nov 9 14:08:31 server83 aibolit_wrapper[19078]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775117022562.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626775117024522.txt --log=/tmp/malware_cleaner_log_17626775117026400.txt --progress=/tmp/malware_cleaner_progress_17626775117025846.json --csv_result=/tmp/revisium_csvfile_17626775117026104.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36258 SEQ=1 Nov 9 14:08:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65053 SEQ=1 Nov 9 14:08:32 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59197 SEQ=1 Nov 9 14:08:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36258 SEQ=1 Nov 9 14:08:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57751 DF PROTO=TCP SPT=55962 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:08:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64515 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=22763 PROTO=TCP SPT=51074 DPT=8025 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:08:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.26.104.212 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=47 ID=3387 DF PROTO=TCP SPT=45485 DPT=2767 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:08:38 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.184 DST=145.239.177.179 LEN=74 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=UDP SPT=49631 DPT=25353 LEN=54 Nov 9 14:08:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31316 SEQ=1 Nov 9 14:08:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59197 SEQ=1 Nov 9 14:08:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25919 PROTO=TCP SPT=43414 DPT=5355 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:08:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.132 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=48244 PROTO=TCP SPT=2686 DPT=7216 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:08:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=28265 DF PROTO=TCP SPT=52976 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:08:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:08:47 server83 scripts.sh: Sun Nov 9 14:08:47 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 14:08:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39028 SEQ=1 Nov 9 14:08:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6266 SEQ=1 Nov 9 14:08:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6266 SEQ=1 Nov 9 14:08:49 server83 aibolit_wrapper[20976]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775290760520.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626775290761740.txt --log=/tmp/malware_cleaner_log_17626775290762896.txt --progress=/tmp/malware_cleaner_progress_17626775290762596.json --csv_result=/tmp/revisium_csvfile_17626775290762732.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:08:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30559 SEQ=1 Nov 9 14:08:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64516 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34805 SEQ=1 Nov 9 14:08:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57919 SEQ=1 Nov 9 14:08:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1608 PROTO=TCP SPT=44600 DPT=5856 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:08:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4953] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4958] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4959] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4962] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4971] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4974] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:08:59 server83 NetworkManager[922]: <info> [1762677539.4985] dhcp4 (eth1): dhclient started with pid 22039 Nov 9 14:08:59 server83 dhclient[22039]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x95c29f7) Nov 9 14:09:01 server83 systemd: Started Session 313073 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313075 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313074 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313076 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313078 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313077 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313079 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313080 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313081 of user root. Nov 9 14:09:01 server83 systemd: Started Session 313082 of user root. Nov 9 14:09:03 server83 aibolit_wrapper[22453]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775429840522.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626775429842240.txt --log=/tmp/malware_cleaner_log_17626775429843870.txt --progress=/tmp/malware_cleaner_progress_17626775429843462.json --csv_result=/tmp/revisium_csvfile_17626775429843642.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:09:06 server83 dhclient[22039]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x95c29f7) Nov 9 14:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64177 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65447 SEQ=1 Nov 9 14:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49032 SEQ=1 Nov 9 14:09:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=142.93.157.82 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=33941 DPT=3443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56360 SEQ=1 Nov 9 14:09:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54429 SEQ=1 Nov 9 14:09:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43645 SEQ=1 Nov 9 14:09:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64178 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64179 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=22216 PROTO=TCP SPT=57096 DPT=12568 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:09:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64180 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=199.45.154.184 DST=145.239.177.179 LEN=284 TOS=0x08 PREC=0x40 TTL=31 ID=24136 PROTO=UDP SPT=10123 DPT=5061 LEN=264 Nov 9 14:09:16 server83 dhclient[22039]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x95c29f7) Nov 9 14:09:18 server83 aibolit_wrapper[24017]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775585196762.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626775585198032.txt --log=/tmp/malware_cleaner_log_17626775585198882.txt --progress=/tmp/malware_cleaner_progress_17626775585198658.json --csv_result=/tmp/revisium_csvfile_17626775585198750.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=447 SEQ=1 Nov 9 14:09:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57498 SEQ=1 Nov 9 14:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30372 SEQ=1 Nov 9 14:09:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23946 SEQ=1 Nov 9 14:09:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64181 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:23 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:09:24 server83 dhclient[22039]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x95c29f7) Nov 9 14:09:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64517 DF PROTO=TCP SPT=35392 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:26 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.90 DST=145.239.177.179 LEN=34 TOS=0x00 PREC=0x00 TTL=35 ID=33882 PROTO=UDP SPT=22049 DPT=5093 LEN=14 Nov 9 14:09:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3762 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:09:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12204 SEQ=1 Nov 9 14:09:34 server83 dhclient[22039]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x95c29f7) Nov 9 14:09:35 server83 aibolit_wrapper[25907]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775758250548.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626775758252134.txt --log=/tmp/malware_cleaner_log_17626775758253878.txt --progress=/tmp/malware_cleaner_progress_17626775758253402.json --csv_result=/tmp/revisium_csvfile_17626775758253600.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58015 SEQ=1 Nov 9 14:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44121 SEQ=1 Nov 9 14:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32409 SEQ=1 Nov 9 14:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52333 SEQ=1 Nov 9 14:09:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12204 SEQ=1 Nov 9 14:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51219 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:09:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64182 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=60338 PROTO=TCP SPT=49512 DPT=7356 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12353 DF PROTO=TCP SPT=46440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.120.89 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=5589 DF PROTO=TCP SPT=47982 DPT=2300 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:09:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.144.212.221 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14521 PROTO=TCP SPT=56005 DPT=2200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:09:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.29.173 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=34 ID=0 DF PROTO=TCP SPT=50150 DPT=6020 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:09:44 server83 dhclient[22039]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x95c29f7) Nov 9 14:09:44 server83 NetworkManager[922]: <warn> [1762677584.4423] dhcp4 (eth1): request timed out Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4744] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 22039 Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4744] dhcp4 (eth1): state changed timeout -> done Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4747] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:09:44 server83 NetworkManager[922]: <warn> [1762677584.4751] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4753] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4787] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4791] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4792] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4795] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4828] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4832] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:09:44 server83 NetworkManager[922]: <info> [1762677584.4849] dhcp4 (eth1): dhclient started with pid 26836 Nov 9 14:09:44 server83 dhclient[26836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x37f6d243) Nov 9 14:09:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57752 DF PROTO=TCP SPT=58058 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:09:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:09:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:09:48 server83 aibolit_wrapper[27310]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775882947056.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626775882948716.txt --log=/tmp/malware_cleaner_log_17626775882950690.txt --progress=/tmp/malware_cleaner_progress_17626775882950218.json --csv_result=/tmp/revisium_csvfile_17626775882950446.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:09:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57754 DF PROTO=TCP SPT=58058 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:09:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31191 PROTO=TCP SPT=43734 DPT=4396 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:09:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.105.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49271 DPT=19999 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10077 SEQ=1 Nov 9 14:09:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10077 SEQ=1 Nov 9 14:09:52 server83 dhclient[26836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x37f6d243) Nov 9 14:09:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42044 SEQ=1 Nov 9 14:09:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.182 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=3044 PROTO=TCP SPT=50883 DPT=7743 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64691 SEQ=1 Nov 9 14:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21713 SEQ=1 Nov 9 14:09:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12877 SEQ=1 Nov 9 14:09:54 server83 aibolit_wrapper[28093]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626775945801538.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626775945803788.txt --progress=/tmp/malware_cleaner_progress_17626775945803588.json --csv_result=/tmp/revisium_csvfile_17626775945803674.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:09:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3753 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:09:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12357 DF PROTO=TCP SPT=46440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:09:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:10:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57756 DF PROTO=TCP SPT=58058 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:01 server83 systemd: Started Session 313084 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313086 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313087 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313085 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313083 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313088 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313089 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313091 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313090 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313093 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313092 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313095 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313097 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313098 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313094 of user root. Nov 9 14:10:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:10:01 server83 systemd: Started Session 313096 of user accentri. Nov 9 14:10:01 server83 systemd: Started Session 313099 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313100 of user accentri. Nov 9 14:10:01 server83 systemd: Started Session 313102 of user root. Nov 9 14:10:01 server83 systemd: Started Session 313101 of user root. Nov 9 14:10:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:10:03 server83 dhclient[26836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x37f6d243) Nov 9 14:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8769 SEQ=1 Nov 9 14:10:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3745 SEQ=1 Nov 9 14:10:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.152 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=64168 PROTO=TCP SPT=48657 DPT=4840 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:10:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22623 SEQ=1 Nov 9 14:10:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.144.239.78 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=46146 DPT=4449 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.142.125.255 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=34 ID=63359 PROTO=UDP SPT=30320 DPT=3543 LEN=9 Nov 9 14:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15973 SEQ=1 Nov 9 14:10:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45029 SEQ=1 Nov 9 14:10:08 server83 aibolit_wrapper[29692]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776088543194.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776088545422.txt --log=/tmp/malware_cleaner_log_17626776088547566.txt --progress=/tmp/malware_cleaner_progress_17626776088547084.json --csv_result=/tmp/revisium_csvfile_17626776088547320.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:10:09 server83 imunify-auditd-log-reader[9638]: lost 5 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 19 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 6 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 14:10:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 12 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 3 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 30 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 13 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 220 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 19 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 41 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:10 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64183 DF PROTO=TCP SPT=57386 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12358 DF PROTO=TCP SPT=46440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3761 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:10:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=61204 PROTO=TCP SPT=57167 DPT=5006 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:10:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30359 PROTO=TCP SPT=41811 DPT=2688 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:10:16 server83 dhclient[26836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x37f6d243) Nov 9 14:10:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57756 PROTO=TCP SPT=50845 DPT=4418 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2759 SEQ=1 Nov 9 14:10:19 server83 aibolit_wrapper[31264]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776196192872.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776196194196.txt --log=/tmp/malware_cleaner_log_17626776196195212.txt --progress=/tmp/malware_cleaner_progress_17626776196194940.json --csv_result=/tmp/revisium_csvfile_17626776196195056.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16959 SEQ=1 Nov 9 14:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14614 SEQ=1 Nov 9 14:10:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24289 SEQ=1 Nov 9 14:10:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22985 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5162 SEQ=1 Nov 9 14:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22986 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.153.51 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50889 DPT=4449 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=25601 PROTO=TCP SPT=43965 DPT=5624 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22987 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:24 server83 dhclient[26836]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x37f6d243) Nov 9 14:10:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22988 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:29 server83 NetworkManager[922]: <warn> [1762677629.4515] dhcp4 (eth1): request timed out Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4515] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4675] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 26836 Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4675] dhcp4 (eth1): state changed timeout -> done Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4677] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:10:29 server83 NetworkManager[922]: <warn> [1762677629.4679] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4681] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4710] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4712] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4713] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4715] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4723] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4724] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:10:29 server83 NetworkManager[922]: <info> [1762677629.4733] dhcp4 (eth1): dhclient started with pid 32305 Nov 9 14:10:29 server83 dhclient[32305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x78ea9399) Nov 9 14:10:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.21 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52042 DPT=7070 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.240 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46067 DPT=5804 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19205 SEQ=1 Nov 9 14:10:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60866 SEQ=1 Nov 9 14:10:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29843 SEQ=1 Nov 9 14:10:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30615 SEQ=1 Nov 9 14:10:33 server83 dhclient[32305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0x78ea9399) Nov 9 14:10:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28269 PROTO=TCP SPT=42930 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28270 PROTO=TCP SPT=42930 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=60950 PROTO=TCP SPT=48781 DPT=8180 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=50415 PROTO=TCP SPT=58082 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.213 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=28271 PROTO=TCP SPT=42930 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22989 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:37 server83 dhclient[32305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x78ea9399) Nov 9 14:10:37 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:10:37 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:10:37 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:10:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40655 SEQ=1 Nov 9 14:10:37 server83 aibolit_wrapper[986]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776379052866.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776379055234.txt --log=/tmp/malware_cleaner_log_17626776379057048.txt --progress=/tmp/malware_cleaner_progress_17626776379056568.json --csv_result=/tmp/revisium_csvfile_17626776379056788.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:10:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19205 SEQ=1 Nov 9 14:10:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=50417 PROTO=TCP SPT=58082 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64953 SEQ=1 Nov 9 14:10:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.60.146 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24235 PROTO=TCP SPT=51461 DPT=8533 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:10:43 server83 dhclient[32305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x78ea9399) Nov 9 14:10:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.61 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=17442 PROTO=TCP SPT=53532 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:10:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12359 DF PROTO=TCP SPT=46440 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:10:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:10:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:10:47 server83 aibolit_wrapper[1998]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776471611130.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776471612510.txt --log=/tmp/malware_cleaner_log_17626776471613900.txt --progress=/tmp/malware_cleaner_progress_17626776471613588.json --csv_result=/tmp/revisium_csvfile_17626776471613736.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:10:49 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=1.0.0.1 DST=51.210.113.204 LEN=88 TOS=0x00 PREC=0x00 TTL=52 ID=25027 DF PROTO=UDP SPT=53 DPT=41780 LEN=68 Nov 9 14:10:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29271 SEQ=1 Nov 9 14:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1612 PROTO=TCP SPT=60729 DPT=5699 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=21315 PROTO=TCP SPT=45701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.182.143 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=40199 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11721 SEQ=1 Nov 9 14:10:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22990 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:10:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25916 SEQ=1 Nov 9 14:10:53 server83 dhclient[32305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x78ea9399) Nov 9 14:10:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29271 SEQ=1 Nov 9 14:10:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39857 PROTO=TCP SPT=40751 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:55 server83 systemd: Started Session c2890 of user root. Nov 9 14:10:56 server83 scripts.sh: Load Average: 6.21 , 5.28 Nov 9 14:10:56 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 14:10:56 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 14:10:56 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 14:10:56 server83 scripts.sh: HTTPD Status: inactive Nov 9 14:10:56 server83 scripts.sh: MySQL Status: active Nov 9 14:10:56 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 14:10:56 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 14:10:56 server83 scripts.sh: SSHD Status: active Nov 9 14:10:56 server83 scripts.sh: FTP Status: active Nov 9 14:10:56 server83 scripts.sh: LiteSpeed Status: Active Nov 9 14:10:56 server83 scripts.sh: Imunify Status: Active Nov 9 14:10:56 server83 scripts.sh: cPanel Status: active Nov 9 14:10:56 server83 scripts.sh: Memory Status: 13/31 GB - 42.13% Nov 9 14:10:56 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 14:10:56 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 14:10:56 server83 scripts.sh: Local Version: 4.4.5 Nov 9 14:10:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39859 PROTO=TCP SPT=40751 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:10:58 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.74.48.165 DST=145.239.177.179 LEN=71 TOS=0x14 PREC=0x00 TTL=43 ID=22790 PROTO=UDP SPT=23814 DPT=1194 LEN=51 Nov 9 14:10:58 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:10:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3760 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:11:00 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.74.48.165 DST=145.239.177.179 LEN=42 TOS=0x14 PREC=0x00 TTL=43 ID=26923 PROTO=UDP SPT=27947 DPT=1194 LEN=22 Nov 9 14:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:11:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:11:01 server83 systemd: Started Session 313104 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313105 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313103 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313106 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313107 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313110 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313109 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313108 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313111 of user root. Nov 9 14:11:01 server83 systemd: Started Session 313112 of user root. Nov 9 14:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32081 SEQ=1 Nov 9 14:11:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62871 SEQ=1 Nov 9 14:11:04 server83 aibolit_wrapper[4094]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776646198456.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776646200572.txt --log=/tmp/malware_cleaner_log_17626776646201964.txt --progress=/tmp/malware_cleaner_progress_17626776646201660.json --csv_result=/tmp/revisium_csvfile_17626776646201786.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:11:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=173.255.223.115 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=24245 PROTO=TCP SPT=49268 DPT=4449 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:11:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.143.6 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=6771 DF PROTO=TCP SPT=38953 DPT=10568 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:11:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.70 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55684 DPT=7285 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:11:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.129.220 DST=145.239.177.179 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=6775 DF PROTO=TCP SPT=41194 DPT=2660 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:11:08 server83 dhclient[32305]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x78ea9399) Nov 9 14:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=47642 DF PROTO=ICMP TYPE=8 CODE=0 ID=6532 SEQ=19002 Nov 9 14:11:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63138 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25050 SEQ=1 Nov 9 14:11:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19522 SEQ=1 Nov 9 14:11:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63139 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:10 server83 aibolit_wrapper[4798]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776708780868.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626776708784268.txt --progress=/tmp/malware_cleaner_progress_17626776708783874.json --csv_result=/tmp/revisium_csvfile_17626776708784078.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63140 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45475 PROTO=TCP SPT=45727 DPT=33105 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:11:14 server83 NetworkManager[922]: <warn> [1762677674.4501] dhcp4 (eth1): request timed out Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4501] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4661] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 32305 Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4661] dhcp4 (eth1): state changed timeout -> done Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4663] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:11:14 server83 NetworkManager[922]: <warn> [1762677674.4667] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4669] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4699] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4702] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4703] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4705] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4714] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4717] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:11:14 server83 NetworkManager[922]: <info> [1762677674.4727] dhcp4 (eth1): dhclient started with pid 5200 Nov 9 14:11:14 server83 dhclient[5200]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x1b8683eb) Nov 9 14:11:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63141 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:17 server83 dhclient[5200]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x1b8683eb) Nov 9 14:11:18 server83 aibolit_wrapper[5608]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776783675336.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776783677186.txt --log=/tmp/malware_cleaner_log_17626776783679412.txt --progress=/tmp/malware_cleaner_progress_17626776783678836.json --csv_result=/tmp/revisium_csvfile_17626776783679128.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:11:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10481 SEQ=1 Nov 9 14:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36393 SEQ=1 Nov 9 14:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2961 SEQ=1 Nov 9 14:11:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52986 SEQ=1 Nov 9 14:11:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.119 DST=51.210.113.204 LEN=29 TOS=0x00 PREC=0x00 TTL=45 ID=7794 DF PROTO=UDP SPT=12284 DPT=53413 LEN=9 Nov 9 14:11:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63142 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2961 SEQ=1 Nov 9 14:11:25 server83 dhclient[5200]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x1b8683eb) Nov 9 14:11:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=22991 DF PROTO=TCP SPT=42790 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35868 SEQ=1 Nov 9 14:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29085 SEQ=1 Nov 9 14:11:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47187 SEQ=1 Nov 9 14:11:32 server83 aibolit_wrapper[6402]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626776929704502.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626776929705994.txt --log=/tmp/malware_cleaner_log_17626776929707326.txt --progress=/tmp/malware_cleaner_progress_17626776929706984.json --csv_result=/tmp/revisium_csvfile_17626776929707132.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6812 SEQ=1 Nov 9 14:11:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.62 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64713 PROTO=TCP SPT=51662 DPT=8647 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:11:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=6812 SEQ=1 Nov 9 14:11:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3759 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:11:34 server83 dhclient[5200]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x1b8683eb) Nov 9 14:11:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.164 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=56451 DPT=811 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:11:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12912 SEQ=1 Nov 9 14:11:39 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:11:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63143 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38268 DF PROTO=TCP SPT=55612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38269 DF PROTO=TCP SPT=55612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38270 DF PROTO=TCP SPT=55612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:11:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:11:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24289 SEQ=1 Nov 9 14:11:47 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:11:47 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12415 SEQ=1 Nov 9 14:11:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40831 SEQ=1 Nov 9 14:11:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34947 SEQ=1 Nov 9 14:11:50 server83 aibolit_wrapper[6851]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777101562844.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626777101565806.txt --log=/tmp/malware_cleaner_log_17626777101568282.txt --progress=/tmp/malware_cleaner_progress_17626777101567748.json --csv_result=/tmp/revisium_csvfile_17626777101567990.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38271 DF PROTO=TCP SPT=55612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.210.5 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52792 DPT=46229 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:11:50 server83 dhclient[5200]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x1b8683eb) Nov 9 14:11:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33275 SEQ=1 Nov 9 14:11:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.144.239.72 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49566 DPT=10001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:11:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.243.98.11 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=1845 PROTO=TCP SPT=52895 DPT=8022 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:11:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48284 SEQ=1 Nov 9 14:11:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.159 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=37215 PROTO=TCP SPT=3520 DPT=1945 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:11:56 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.251.85.161 DST=51.210.113.204 LEN=40 TOS=0x14 PREC=0x00 TTL=45 ID=29026 PROTO=UDP SPT=30050 DPT=64738 LEN=20 Nov 9 14:11:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38272 DF PROTO=TCP SPT=55612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:11:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:11:59 server83 NetworkManager[922]: <warn> [1762677719.4503] dhcp4 (eth1): request timed out Nov 9 14:11:59 server83 NetworkManager[922]: <info> [1762677719.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:11:59 server83 NetworkManager[922]: <info> [1762677719.4663] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 5200 Nov 9 14:11:59 server83 NetworkManager[922]: <info> [1762677719.4663] dhcp4 (eth1): state changed timeout -> done Nov 9 14:11:59 server83 NetworkManager[922]: <info> [1762677719.4666] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:11:59 server83 NetworkManager[922]: <warn> [1762677719.4673] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:11:59 server83 NetworkManager[922]: <info> [1762677719.4676] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:12:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.193 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=21002 PROTO=TCP SPT=53904 DPT=44431 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:12:01 server83 systemd: Started Session 313113 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313114 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313115 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313117 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313116 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313118 of user root. Nov 9 14:12:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:12:01 server83 systemd: Started Session 313119 of user accentri. Nov 9 14:12:01 server83 systemd: Started Session 313120 of user accentri. Nov 9 14:12:01 server83 systemd: Started Session 313121 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313123 of user root. Nov 9 14:12:01 server83 systemd: Started Session 313122 of user root. Nov 9 14:12:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:12:01 server83 aibolit_wrapper[7173]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777215036994.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626777215038190.txt --log=/tmp/malware_cleaner_log_17626777215039012.txt --progress=/tmp/malware_cleaner_progress_17626777215038808.json --csv_result=/tmp/revisium_csvfile_17626777215038896.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:12:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=17242 DF PROTO=ICMP TYPE=8 CODE=0 ID=50321 SEQ=61148 Nov 9 14:12:03 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.86.73.118 DST=145.239.177.179 LEN=439 TOS=0x00 PREC=0x00 TTL=112 ID=14265 PROTO=UDP SPT=5062 DPT=5060 LEN=419 Nov 9 14:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49353 SEQ=1 Nov 9 14:12:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49353 SEQ=1 Nov 9 14:12:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23811 SEQ=1 Nov 9 14:12:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60482 SEQ=1 Nov 9 14:12:04 server83 pam_imunify_daemon.bin: time="2025-11-09T14:12:04+05:30" level=warning msg="Send stats for 2 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=2 Nov 9 14:12:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23811 SEQ=1 Nov 9 14:12:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21856 SEQ=1 Nov 9 14:12:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=63144 DF PROTO=TCP SPT=58252 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=38273 DF PROTO=TCP SPT=55612 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:15 server83 aibolit_wrapper[7633]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777358863526.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626777358865212.txt --log=/tmp/malware_cleaner_log_17626777358866876.txt --progress=/tmp/malware_cleaner_progress_17626777358866284.json --csv_result=/tmp/revisium_csvfile_17626777358866534.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:12:16 server83 imunify-auditd-log-reader[9638]: lost 21 message sequences Nov 9 14:12:16 server83 imunify-auditd-log-reader[9638]: lost 30 message sequences Nov 9 14:12:16 server83 imunify-auditd-log-reader[9638]: lost 20 message sequences Nov 9 14:12:17 server83 imunify-auditd-log-reader[9638]: lost 17 message sequences Nov 9 14:12:17 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:12:17 server83 imunify-auditd-log-reader[9638]: lost 4 message sequences Nov 9 14:12:17 server83 imunify-auditd-log-reader[9638]: lost 10 message sequences Nov 9 14:12:17 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:12:17 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 14:12:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25947 PROTO=TCP SPT=38239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25948 PROTO=TCP SPT=38239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27093 PROTO=TCP SPT=37956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25949 PROTO=TCP SPT=38239 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3758 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:12:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.9 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=47826 DF PROTO=TCP SPT=39373 DPT=8899 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 14:12:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47202 SEQ=1 Nov 9 14:12:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55360 SEQ=1 Nov 9 14:12:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27095 PROTO=TCP SPT=37956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9159 SEQ=1 Nov 9 14:12:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13237 SEQ=1 Nov 9 14:12:23 server83 aibolit_wrapper[8274]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777433640468.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626777433642788.txt --progress=/tmp/malware_cleaner_progress_17626777433642504.json --csv_result=/tmp/revisium_csvfile_17626777433642630.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:12:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27097 PROTO=TCP SPT=37956 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.196.152.111 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47515 DF PROTO=TCP SPT=41608 DPT=8889 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 14:12:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5939 DF PROTO=TCP SPT=55716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5940 DF PROTO=TCP SPT=55716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5941 DF PROTO=TCP SPT=55716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:31 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:12:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9429 SEQ=1 Nov 9 14:12:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56807 SEQ=1 Nov 9 14:12:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63536 SEQ=1 Nov 9 14:12:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31111 SEQ=1 Nov 9 14:12:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57111 SEQ=1 Nov 9 14:12:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.185.117.121 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=13517 PROTO=TCP SPT=50740 DPT=6006 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:12:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.135 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57166 DPT=47675 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:12:36 server83 aibolit_wrapper[8674]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777567967780.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626777567968902.txt --log=/tmp/malware_cleaner_log_17626777567969756.txt --progress=/tmp/malware_cleaner_progress_17626777567969546.json --csv_result=/tmp/revisium_csvfile_17626777567969640.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:12:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20514 SEQ=1 Nov 9 14:12:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5942 DF PROTO=TCP SPT=55716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.164.97 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60126 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:12:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.159.99.101 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42947 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:12:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.80.105.50 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=4151 PROTO=TCP SPT=39645 DPT=512 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:12:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9901 PROTO=TCP SPT=58424 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:12:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9902 PROTO=TCP SPT=58424 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6472 PROTO=TCP SPT=47159 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=9903 PROTO=TCP SPT=58424 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:48 server83 aibolit_wrapper[9066]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777683925162.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626777683926544.txt --log=/tmp/malware_cleaner_log_17626777683927798.txt --progress=/tmp/malware_cleaner_progress_17626777683927470.json --csv_result=/tmp/revisium_csvfile_17626777683927612.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:12:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6473 PROTO=TCP SPT=47159 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=6475 PROTO=TCP SPT=47159 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:12:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51301 SEQ=1 Nov 9 14:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59291 SEQ=1 Nov 9 14:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16858 SEQ=1 Nov 9 14:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22021 SEQ=1 Nov 9 14:12:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34033 SEQ=1 Nov 9 14:12:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5943 DF PROTO=TCP SPT=55716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:12:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:13:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=65151 PROTO=TCP SPT=57151 DPT=8520 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:13:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23563 SEQ=1 Nov 9 14:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:13:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:13:01 server83 systemd: Started Session 313124 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313125 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313128 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313127 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313126 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313129 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313130 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313131 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313132 of user root. Nov 9 14:13:01 server83 systemd: Started Session 313133 of user root. Nov 9 14:13:02 server83 imunify360-watchdog: Restarting resident service due to outdated files present Nov 9 14:13:02 server83 systemd: Stopping Imunify360 resident... Nov 9 14:13:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34842 SEQ=1 Nov 9 14:13:02 server83 systemd: Stopped Imunify360 resident. Nov 9 14:13:02 server83 systemd: Starting Imunify360 resident... Nov 9 14:13:03 server83 systemd: Started Imunify360 resident. Nov 9 14:13:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.235.24.52 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52523 DPT=5556 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:13:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17373 SEQ=1 Nov 9 14:13:06 server83 imunify-auditd-log-reader[9638]: lost 8 message sequences Nov 9 14:13:06 server83 imunify-auditd-log-reader[9638]: lost 18 message sequences Nov 9 14:13:06 server83 imunify-auditd-log-reader[9638]: lost 9 message sequences Nov 9 14:13:09 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2004 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.113.218.14 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=0 DF PROTO=TCP SPT=43260 DPT=6379 WINDOW=17329 RES=0x00 SYN URGP=0 Nov 9 14:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2005 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:13 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.75 DST=145.239.177.179 LEN=30 TOS=0x00 PREC=0x00 TTL=51 ID=33451 DF PROTO=UDP SPT=20887 DPT=5632 LEN=10 Nov 9 14:13:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.168.0.46 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=51165 DPT=18480 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:13:14 server83 aibolit_wrapper[11114]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626777948908768.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626777948910400.txt --log=/tmp/malware_cleaner_log_17626777948912088.txt --progress=/tmp/malware_cleaner_progress_17626777948911612.json --csv_result=/tmp/revisium_csvfile_17626777948911812.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:13:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2006 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61125 SEQ=1 Nov 9 14:13:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56450 SEQ=1 Nov 9 14:13:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2007 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22960 SEQ=1 Nov 9 14:13:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22960 SEQ=1 Nov 9 14:13:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=63984 PROTO=TCP SPT=51165 DPT=7946 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5944 DF PROTO=TCP SPT=55716 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2008 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57836 SEQ=1 Nov 9 14:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22536 SEQ=1 Nov 9 14:13:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35473 SEQ=1 Nov 9 14:13:33 server83 aibolit_wrapper[11733]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778131933188.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626778131934808.txt --log=/tmp/malware_cleaner_log_17626778131936352.txt --progress=/tmp/malware_cleaner_progress_17626778131935952.json --csv_result=/tmp/revisium_csvfile_17626778131936124.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:13:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35473 SEQ=1 Nov 9 14:13:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64780 SEQ=1 Nov 9 14:13:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54984 SEQ=1 Nov 9 14:13:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24424 SEQ=1 Nov 9 14:13:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53103 SEQ=1 Nov 9 14:13:40 server83 aibolit_wrapper[12056]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778204444222.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626778204446876.txt --progress=/tmp/malware_cleaner_progress_17626778204446514.json --csv_result=/tmp/revisium_csvfile_17626778204446656.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:13:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=13803 DF PROTO=TCP SPT=54021 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:13:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=13804 DF PROTO=TCP SPT=54021 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:13:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2009 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=26628 PROTO=TCP SPT=47549 DPT=15003 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:13:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32841 DF PROTO=TCP SPT=49088 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:13:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32842 DF PROTO=TCP SPT=49088 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3182 SEQ=1 Nov 9 14:13:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65141 SEQ=1 Nov 9 14:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14925 PROTO=TCP SPT=45727 DPT=31749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:13:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32843 DF PROTO=TCP SPT=49088 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54086 SEQ=1 Nov 9 14:13:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51667 SEQ=1 Nov 9 14:13:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.80.115 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=0 DF PROTO=TCP SPT=9999 DPT=2081 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:13:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54086 SEQ=1 Nov 9 14:13:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3752 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:13:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19756 SEQ=1 Nov 9 14:13:56 server83 aibolit_wrapper[12542]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778369123242.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626778369125032.txt --log=/tmp/malware_cleaner_log_17626778369127132.txt --progress=/tmp/malware_cleaner_progress_17626778369126680.json --csv_result=/tmp/revisium_csvfile_17626778369126888.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:13:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=94.74.182.143 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=39586 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:13:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.132.41 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38229 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32845 DF PROTO=TCP SPT=49088 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56957 PROTO=TCP SPT=48083 DPT=6650 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:14:01 server83 systemd: Started Session 313134 of user root. Nov 9 14:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:14:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:14:01 server83 systemd: Started Session 313136 of user root. Nov 9 14:14:01 server83 systemd: Started Session 313135 of user root. Nov 9 14:14:01 server83 systemd: Started Session 313138 of user root. Nov 9 14:14:01 server83 systemd: Started Session 313140 of user root. Nov 9 14:14:01 server83 systemd: Started Session 313139 of user root. Nov 9 14:14:01 server83 systemd: Started Session 313137 of user root. Nov 9 14:14:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:14:01 server83 systemd: Started Session 313141 of user accentri. Nov 9 14:14:01 server83 systemd: Started Session 313142 of user root. Nov 9 14:14:01 server83 systemd: Started Session 313144 of user accentri. Nov 9 14:14:01 server83 systemd: Started Session 313143 of user root. Nov 9 14:14:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24674 PROTO=TCP SPT=45727 DPT=34853 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:14:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22548 SEQ=1 Nov 9 14:14:03 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 14:14:03 server83 systemd: Stopped Status Update Service. Nov 9 14:14:03 server83 systemd: Started Status Update Service. Nov 9 14:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7916 SEQ=1 Nov 9 14:14:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9013 SEQ=1 Nov 9 14:14:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56678 SEQ=1 Nov 9 14:14:05 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:14:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62403 PROTO=TCP SPT=41811 DPT=2768 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:14:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=206.168.34.129 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=11409 PROTO=TCP SPT=5582 DPT=34493 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:14:13 server83 aibolit_wrapper[13282]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778536209758.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626778536211316.txt --log=/tmp/malware_cleaner_log_17626778536213754.txt --progress=/tmp/malware_cleaner_progress_17626778536212868.json --csv_result=/tmp/revisium_csvfile_17626778536213482.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:14:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2010 DF PROTO=TCP SPT=57934 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12393 SEQ=1 Nov 9 14:14:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50532 SEQ=1 Nov 9 14:14:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49011 SEQ=1 Nov 9 14:14:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63872 SEQ=1 Nov 9 14:14:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32846 DF PROTO=TCP SPT=49088 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50532 SEQ=1 Nov 9 14:14:18 server83 aibolit_wrapper[13541]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778589817430.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626778589819320.txt --log=/tmp/malware_cleaner_log_17626778589820842.txt --progress=/tmp/malware_cleaner_progress_17626778589820552.json --csv_result=/tmp/revisium_csvfile_17626778589820698.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:14:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13730 SEQ=1 Nov 9 14:14:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.156.73.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=31468 PROTO=TCP SPT=51074 DPT=8029 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:14:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.112 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56760 DPT=4024 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:14:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.15.224.64 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=38435 PROTO=TCP SPT=50746 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:14:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12504 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12505 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12506 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22204 SEQ=1 Nov 9 14:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18645 SEQ=1 Nov 9 14:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21531 SEQ=1 Nov 9 14:14:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13890 SEQ=1 Nov 9 14:14:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12507 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.191.178 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=55878 DPT=30006 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:14:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=82.165.93.136 DST=145.239.177.179 LEN=443 TOS=0x00 PREC=0x00 TTL=50 ID=37451 DF PROTO=UDP SPT=6135 DPT=5060 LEN=423 Nov 9 14:14:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:14:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:14:38 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7816 SEQ=1 Nov 9 14:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23140 SEQ=1 Nov 9 14:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=42273 DF PROTO=ICMP TYPE=8 CODE=0 ID=30449 SEQ=33983 Nov 9 14:14:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14212 SEQ=1 Nov 9 14:14:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.230.168.0 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=54016 DF PROTO=TCP SPT=20697 DPT=9560 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 14:14:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3751 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:14:41 server83 aibolit_wrapper[14247]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778811329896.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626778811331570.txt --log=/tmp/malware_cleaner_log_17626778811332984.txt --progress=/tmp/malware_cleaner_progress_17626778811332596.json --csv_result=/tmp/revisium_csvfile_17626778811332774.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:14:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12508 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41440 PROTO=TCP SPT=60434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:14:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41441 PROTO=TCP SPT=60434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:14:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42189 PROTO=TCP SPT=63959 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:14:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=41442 PROTO=TCP SPT=60434 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:14:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29770 SEQ=1 Nov 9 14:14:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:14:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42190 PROTO=TCP SPT=63959 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:14:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28156 SEQ=1 Nov 9 14:14:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64054 SEQ=1 Nov 9 14:14:48 server83 aibolit_wrapper[14452]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626778884153332.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626778884156894.txt --progress=/tmp/malware_cleaner_progress_17626778884156382.json --csv_result=/tmp/revisium_csvfile_17626778884156654.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:14:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11965 SEQ=1 Nov 9 14:14:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=42192 PROTO=TCP SPT=63959 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:14:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64054 SEQ=1 Nov 9 14:14:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=32847 DF PROTO=TCP SPT=49088 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:52 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.204.255.106 DST=51.210.113.204 LEN=521 TOS=0x00 PREC=0x00 TTL=48 ID=48862 DF PROTO=UDP SPT=5088 DPT=5060 LEN=501 Nov 9 14:14:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.211 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35301 DPT=9060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:14:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12509 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:14:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:15:01 server83 systemd: Started Session 313145 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313147 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313146 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313148 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313149 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313152 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313153 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313154 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313155 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313151 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313150 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313156 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313157 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313159 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313158 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313160 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313161 of user root. Nov 9 14:15:01 server83 systemd: Started Session 313162 of user root. Nov 9 14:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38143 SEQ=1 Nov 9 14:15:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64832 SEQ=1 Nov 9 14:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12135 SEQ=1 Nov 9 14:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51609 SEQ=1 Nov 9 14:15:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43837 SEQ=1 Nov 9 14:15:04 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:15:04 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:15:04 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:15:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43837 SEQ=1 Nov 9 14:15:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=188.239.12.213 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=41 ID=55458 DF PROTO=ICMP TYPE=8 CODE=0 ID=46 SEQ=13222 Nov 9 14:15:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.194.40 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=45838 DPT=8983 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:15:11 server83 aibolit_wrapper[15545]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779117388764.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626779117390526.txt --log=/tmp/malware_cleaner_log_17626779117392054.txt --progress=/tmp/malware_cleaner_progress_17626779117391664.json --csv_result=/tmp/revisium_csvfile_17626779117391842.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:15:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=7281 PROTO=TCP SPT=51418 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=7282 PROTO=TCP SPT=51418 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=21684 PROTO=TCP SPT=50266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=7283 PROTO=TCP SPT=51418 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=21685 PROTO=TCP SPT=50266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.210 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=7284 PROTO=TCP SPT=51418 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=21686 PROTO=TCP SPT=50266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.1.218 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=108 ID=21688 PROTO=TCP SPT=50266 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16408 SEQ=1 Nov 9 14:15:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=82 DF PROTO=ICMP TYPE=8 CODE=0 ID=3386 SEQ=15481 Nov 9 14:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43258 SEQ=1 Nov 9 14:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40961 SEQ=1 Nov 9 14:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.129.81.225 DST=145.239.177.179 LEN=56 TOS=0x00 PREC=0x00 TTL=49 ID=48123 DF PROTO=ICMP TYPE=8 CODE=0 ID=36078 SEQ=21678 Nov 9 14:15:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20082 SEQ=1 Nov 9 14:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13258 DF PROTO=TCP SPT=40398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:15:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3750 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:15:26 server83 aibolit_wrapper[15969]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779263979518.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626779263980794.txt --log=/tmp/malware_cleaner_log_17626779263982098.txt --progress=/tmp/malware_cleaner_progress_17626779263981752.json --csv_result=/tmp/revisium_csvfile_17626779263981898.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:15:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41295 DPT=37000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:15:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62771 PROTO=TCP SPT=41811 DPT=2618 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12510 DF PROTO=TCP SPT=43776 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:15:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.20.125 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=36113 DPT=9060 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:15:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37918 SEQ=1 Nov 9 14:15:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30292 SEQ=1 Nov 9 14:15:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=10365 PROTO=TCP SPT=33364 DPT=8500 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:15:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38218 SEQ=1 Nov 9 14:15:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30292 SEQ=1 Nov 9 14:15:40 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:15:40 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:15:40 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:15:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14860 PROTO=TCP SPT=62503 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14861 PROTO=TCP SPT=62503 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:44 server83 aibolit_wrapper[16609]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779445945460.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626779445947108.txt --log=/tmp/malware_cleaner_log_17626779445948606.txt --progress=/tmp/malware_cleaner_progress_17626779445948188.json --csv_result=/tmp/revisium_csvfile_17626779445948368.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:15:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30164 PROTO=TCP SPT=37696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=14862 PROTO=TCP SPT=62503 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3757 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30165 PROTO=TCP SPT=37696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:15:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28076 PROTO=TCP SPT=45727 DPT=33756 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:15:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34154 SEQ=1 Nov 9 14:15:48 server83 aibolit_wrapper[16729]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779488161184.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626779488162906.txt --log=/tmp/malware_cleaner_log_17626779488164838.txt --progress=/tmp/malware_cleaner_progress_17626779488164384.json --csv_result=/tmp/revisium_csvfile_17626779488164576.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:15:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=30168 PROTO=TCP SPT=37696 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18237 SEQ=1 Nov 9 14:15:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24215 SEQ=1 Nov 9 14:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18237 SEQ=1 Nov 9 14:15:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37830 SEQ=1 Nov 9 14:15:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62064 DF PROTO=TCP SPT=35630 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:15:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18929 SEQ=1 Nov 9 14:15:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62065 DF PROTO=TCP SPT=35630 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:15:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29185 SEQ=1 Nov 9 14:15:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:15:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62066 DF PROTO=TCP SPT=35630 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:15:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:15:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=36443 PROTO=TCP SPT=57029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=36444 PROTO=TCP SPT=57029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:16:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:16:01 server83 systemd: Started Session 313164 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313163 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313165 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313166 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313167 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313168 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313169 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313170 of user root. Nov 9 14:16:01 server83 systemd: Started Session 313171 of user root. Nov 9 14:16:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:16:01 server83 systemd: Started Session 313172 of user accentri. Nov 9 14:16:01 server83 systemd: Started Session 313173 of user accentri. Nov 9 14:16:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:16:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=36446 PROTO=TCP SPT=57029 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4971 SEQ=1 Nov 9 14:16:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62067 DF PROTO=TCP SPT=35630 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:16:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18089 SEQ=1 Nov 9 14:16:10 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:16:10 server83 aibolit_wrapper[17390]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779701192122.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626779701194058.txt --log=/tmp/malware_cleaner_log_17626779701195726.txt --progress=/tmp/malware_cleaner_progress_17626779701195226.json --csv_result=/tmp/revisium_csvfile_17626779701195438.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:16:11 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 14:16:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57757 DF PROTO=TCP SPT=49824 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:16 server83 aibolit_wrapper[17686]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779762443714.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626779762446324.txt --progress=/tmp/malware_cleaner_progress_17626779762446014.json --csv_result=/tmp/revisium_csvfile_17626779762446146.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:16:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57758 DF PROTO=TCP SPT=49824 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39716 SEQ=1 Nov 9 14:16:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20641 SEQ=1 Nov 9 14:16:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19423 SEQ=1 Nov 9 14:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57759 DF PROTO=TCP SPT=49824 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.216.149.15 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54133 DPT=9964 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=13261 DF PROTO=TCP SPT=40398 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:16:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18364 SEQ=1 Nov 9 14:16:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62068 DF PROTO=TCP SPT=35630 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:16:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=52006 PROTO=TCP SPT=50939 DPT=7825 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:16:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19423 SEQ=1 Nov 9 14:16:23 server83 aibolit_wrapper[18078]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626779830938112.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626779830939610.txt --log=/tmp/malware_cleaner_log_17626779830946484.txt --progress=/tmp/malware_cleaner_progress_17626779830946088.json --csv_result=/tmp/revisium_csvfile_17626779830946336.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:16:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57760 DF PROTO=TCP SPT=49824 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:28 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.93 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=51 ID=64253 DF PROTO=UDP SPT=22118 DPT=523 LEN=28 Nov 9 14:16:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57761 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34131 DF PROTO=TCP SPT=47330 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:16:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57762 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57763 DF PROTO=TCP SPT=49824 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57764 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12481 PROTO=TCP SPT=37318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39912 PROTO=TCP SPT=49607 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12482 PROTO=TCP SPT=37318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57765 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39913 PROTO=TCP SPT=49607 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12483 PROTO=TCP SPT=37318 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22720 SEQ=1 Nov 9 14:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22720 SEQ=1 Nov 9 14:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59144 SEQ=1 Nov 9 14:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23646 SEQ=1 Nov 9 14:16:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5944 SEQ=1 Nov 9 14:16:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.20 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=39915 PROTO=TCP SPT=49607 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:16:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:16:40 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:16:41 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=109.236.61.23 DST=145.239.177.179 LEN=122 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=50590 DPT=1900 LEN=102 Nov 9 14:16:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=39382 DPT=3756 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:16:42 server83 aibolit_wrapper[18610]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780027587978.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780027589266.txt --log=/tmp/malware_cleaner_log_17626780027591254.txt --progress=/tmp/malware_cleaner_progress_17626780027590880.json --csv_result=/tmp/revisium_csvfile_17626780027591064.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:16:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57766 DF PROTO=TCP SPT=50151 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:16:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34135 DF PROTO=TCP SPT=47330 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:16:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:16:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10666 SEQ=1 Nov 9 14:16:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3748 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:16:49 server83 aibolit_wrapper[18771]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780089938968.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780089940562.txt --log=/tmp/malware_cleaner_log_17626780089942014.txt --progress=/tmp/malware_cleaner_progress_17626780089941628.json --csv_result=/tmp/revisium_csvfile_17626780089941802.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:16:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20395 SEQ=1 Nov 9 14:16:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28889 SEQ=1 Nov 9 14:16:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=62069 DF PROTO=TCP SPT=35630 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:16:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39178 SEQ=1 Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.4954] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.4959] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.4960] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.4965] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.4977] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.4982] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:16:59 server83 NetworkManager[922]: <info> [1762678019.5007] dhcp4 (eth1): dhclient started with pid 19045 Nov 9 14:16:59 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x28050e7d) Nov 9 14:16:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:16:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=3.136.208.236 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55367 DPT=4145 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:01 server83 systemd: Started Session 313175 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313177 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313178 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313174 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313179 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313176 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313180 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313182 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313181 of user root. Nov 9 14:17:01 server83 systemd: Started Session 313183 of user root. Nov 9 14:17:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34136 DF PROTO=TCP SPT=47330 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:17:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10539 SEQ=1 Nov 9 14:17:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.61 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=59861 DPT=9028 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:02 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x28050e7d) Nov 9 14:17:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19268 SEQ=1 Nov 9 14:17:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33682 SEQ=1 Nov 9 14:17:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22121 PROTO=TCP SPT=42111 DPT=2765 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:17:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3615 SEQ=1 Nov 9 14:17:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=13813 DF PROTO=TCP SPT=50829 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:17:05 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x28050e7d) Nov 9 14:17:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.76 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=35764 DPT=40863 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:05 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11328 SEQ=1 Nov 9 14:17:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=13814 DF PROTO=TCP SPT=50829 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:17:08 server83 aibolit_wrapper[19386]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780281683106.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780281685370.txt --log=/tmp/malware_cleaner_log_17626780281687426.txt --progress=/tmp/malware_cleaner_progress_17626780281686890.json --csv_result=/tmp/revisium_csvfile_17626780281687114.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:17:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.146 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49423 DPT=48850 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:08 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x28050e7d) Nov 9 14:17:15 server83 aibolit_wrapper[19590]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780354223660.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780354225588.txt --log=/tmp/malware_cleaner_log_17626780354227862.txt --progress=/tmp/malware_cleaner_progress_17626780354227226.json --csv_result=/tmp/revisium_csvfile_17626780354227490.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:17:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57767 DF PROTO=TCP SPT=51457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:17:16 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x28050e7d) Nov 9 14:17:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57768 DF PROTO=TCP SPT=51457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:17:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=65.49.1.100 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33963 DPT=3790 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57769 DF PROTO=TCP SPT=51457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:17:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.212 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=45447 PROTO=TCP SPT=48916 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16374 SEQ=1 Nov 9 14:17:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=43007 PROTO=TCP SPT=49079 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:17:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.215 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=12 PROTO=TCP SPT=56419 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:17:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60884 PROTO=TCP SPT=41205 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23508 SEQ=1 Nov 9 14:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55494 SEQ=1 Nov 9 14:17:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20125 SEQ=1 Nov 9 14:17:24 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:17:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60886 PROTO=TCP SPT=41205 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42828 SEQ=1 Nov 9 14:17:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42828 SEQ=1 Nov 9 14:17:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60888 PROTO=TCP SPT=41205 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:17:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.56.111.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39270 DPT=8010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57771 DF PROTO=TCP SPT=51457 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:17:31 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x28050e7d) Nov 9 14:17:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17195 PROTO=TCP SPT=45727 DPT=34847 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60142 SEQ=1 Nov 9 14:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60457 SEQ=1 Nov 9 14:17:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49933 SEQ=1 Nov 9 14:17:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46099 SEQ=1 Nov 9 14:17:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46099 SEQ=1 Nov 9 14:17:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=84.147.63.161 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34137 DF PROTO=TCP SPT=47330 DPT=21 WINDOW=64620 RES=0x00 SYN URGP=0 Nov 9 14:17:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=44054 PROTO=TCP SPT=48969 DPT=6101 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:17:40 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2815 PROTO=TCP SPT=45727 DPT=32939 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:17:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46632 PROTO=TCP SPT=49956 DPT=29985 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:17:43 server83 aibolit_wrapper[20553]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780636992114.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780636994190.txt --log=/tmp/malware_cleaner_log_17626780636996412.txt --progress=/tmp/malware_cleaner_progress_17626780636995964.json --csv_result=/tmp/revisium_csvfile_17626780636996162.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:17:44 server83 dhclient[19045]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x28050e7d) Nov 9 14:17:44 server83 NetworkManager[922]: <warn> [1762678064.4504] dhcp4 (eth1): request timed out Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 19045 Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4585] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:17:44 server83 NetworkManager[922]: <warn> [1762678064.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4616] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4618] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4619] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4620] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4629] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4630] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:17:44 server83 NetworkManager[922]: <info> [1762678064.4641] dhcp4 (eth1): dhclient started with pid 20576 Nov 9 14:17:44 server83 dhclient[20576]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x536ece86) Nov 9 14:17:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=4140 PROTO=TCP SPT=57112 DPT=1189 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:17:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=30368 PROTO=TCP SPT=34448 DPT=5782 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:17:47 server83 dhclient[20576]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x536ece86) Nov 9 14:17:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17799 SEQ=1 Nov 9 14:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53787 SEQ=1 Nov 9 14:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53787 SEQ=1 Nov 9 14:17:49 server83 aibolit_wrapper[20704]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780693959382.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780693960166.txt --log=/tmp/malware_cleaner_log_17626780693961120.txt --progress=/tmp/malware_cleaner_progress_17626780693960870.json --csv_result=/tmp/revisium_csvfile_17626780693960990.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:17:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3302 SEQ=1 Nov 9 14:17:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1430 PROTO=TCP SPT=49956 DPT=29970 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:17:53 server83 dhclient[20576]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x536ece86) Nov 9 14:17:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=143.42.0.20 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=59807 DPT=8010 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:17:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3755 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:17:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:18:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:18:01 server83 systemd: Started Session 313184 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313185 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313187 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313186 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313188 of user root. Nov 9 14:18:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:18:01 server83 systemd: Started Session 313189 of user accentri. Nov 9 14:18:01 server83 systemd: Started Session 313190 of user accentri. Nov 9 14:18:01 server83 systemd: Started Session 313191 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313192 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313193 of user root. Nov 9 14:18:01 server83 systemd: Started Session 313194 of user root. Nov 9 14:18:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:18:03 server83 dhclient[20576]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x536ece86) Nov 9 14:18:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8445 SEQ=1 Nov 9 14:18:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33270 SEQ=1 Nov 9 14:18:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58863 SEQ=1 Nov 9 14:18:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14306 SEQ=1 Nov 9 14:18:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16717 SEQ=1 Nov 9 14:18:06 server83 aibolit_wrapper[21156]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780867680230.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780867681430.txt --log=/tmp/malware_cleaner_log_17626780867682512.txt --progress=/tmp/malware_cleaner_progress_17626780867682276.json --csv_result=/tmp/revisium_csvfile_17626780867682378.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:18:10 server83 dhclient[20576]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x536ece86) Nov 9 14:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=95.215.0.144 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19996 PROTO=TCP SPT=60022 DPT=6650 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:18:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57772 DF PROTO=TCP SPT=52914 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:18:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57773 DF PROTO=TCP SPT=52914 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:18:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27336 PROTO=TCP SPT=51542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:18:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27337 PROTO=TCP SPT=51542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:18:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57774 DF PROTO=TCP SPT=52914 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:18:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.1.27 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=27338 PROTO=TCP SPT=51542 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:18:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=51281 PROTO=TCP SPT=47021 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:18:18 server83 scripts.sh: Sun Nov 9 14:18:18 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 14:18:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=51283 PROTO=TCP SPT=47021 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:18:19 server83 dhclient[20576]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x536ece86) Nov 9 14:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57528 SEQ=1 Nov 9 14:18:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43135 SEQ=1 Nov 9 14:18:19 server83 aibolit_wrapper[21567]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626780999622750.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626780999624398.txt --log=/tmp/malware_cleaner_log_17626780999626364.txt --progress=/tmp/malware_cleaner_progress_17626780999625940.json --csv_result=/tmp/revisium_csvfile_17626780999626126.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 14:18:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 14:18:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57528 SEQ=1 Nov 9 14:18:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64626 SEQ=1 Nov 9 14:18:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32909 SEQ=1 Nov 9 14:18:23 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=107.189.19.230 DST=51.210.113.204 LEN=443 TOS=0x00 PREC=0x00 TTL=112 ID=18828 PROTO=UDP SPT=5062 DPT=5060 LEN=423 Nov 9 14:18:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57776 DF PROTO=TCP SPT=52914 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:18:29 server83 NetworkManager[922]: <warn> [1762678109.4503] dhcp4 (eth1): request timed out Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4504] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 20576 Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:18:29 server83 NetworkManager[922]: <warn> [1762678109.4588] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4590] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4621] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4625] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4626] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4629] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4639] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4641] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:18:29 server83 NetworkManager[922]: <info> [1762678109.4652] dhcp4 (eth1): dhclient started with pid 21759 Nov 9 14:18:29 server83 dhclient[21759]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x159d8af9) Nov 9 14:18:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.62 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=42182 PROTO=TCP SPT=38191 DPT=33338 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:18:32 server83 dhclient[21759]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x159d8af9) Nov 9 14:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4637 SEQ=1 Nov 9 14:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35878 SEQ=1 Nov 9 14:18:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34814 SEQ=1 Nov 9 14:18:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35878 SEQ=1 Nov 9 14:18:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34814 SEQ=1 Nov 9 14:18:34 server83 aibolit_wrapper[21882]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781145177860.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626781145178974.txt --log=/tmp/malware_cleaner_log_17626781145179932.txt --progress=/tmp/malware_cleaner_progress_17626781145179684.json --csv_result=/tmp/revisium_csvfile_17626781145179796.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:18:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=31339 PROTO=TCP SPT=57112 DPT=42342 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:18:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.41.50 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=3757 DF PROTO=TCP SPT=43270 DPT=425 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:18:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=8216 DF PROTO=ICMP TYPE=8 CODE=0 ID=14239 SEQ=43189 Nov 9 14:18:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17722 SEQ=1 Nov 9 14:18:40 server83 dhclient[21759]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x159d8af9) Nov 9 14:18:40 server83 aibolit_wrapper[22147]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781206860924.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626781206864388.txt --progress=/tmp/malware_cleaner_progress_17626781206863820.json --csv_result=/tmp/revisium_csvfile_17626781206864070.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:18:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.148.190.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=48138 PROTO=TCP SPT=55544 DPT=32489 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:18:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3754 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:18:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28448 SEQ=1 Nov 9 14:18:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:18:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40965 SEQ=1 Nov 9 14:18:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57102 SEQ=1 Nov 9 14:18:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.8.107.10 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=27589 DF PROTO=ICMP TYPE=8 CODE=0 ID=42797 SEQ=53797 Nov 9 14:18:48 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57102 SEQ=1 Nov 9 14:18:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9733 SEQ=1 Nov 9 14:18:50 server83 dhclient[21759]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x159d8af9) Nov 9 14:18:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.141 DST=51.210.113.204 LEN=65 TOS=0x00 PREC=0x00 TTL=108 ID=17051 DF PROTO=ICMP TYPE=8 CODE=0 ID=56378 SEQ=50839 Nov 9 14:18:51 server83 aibolit_wrapper[22384]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781319506102.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626781319507804.txt --log=/tmp/malware_cleaner_log_17626781319509418.txt --progress=/tmp/malware_cleaner_progress_17626781319508946.json --csv_result=/tmp/revisium_csvfile_17626781319509140.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:18:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=88.99.13.2 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=24574 DF PROTO=ICMP TYPE=8 CODE=0 ID=26971 SEQ=1469 Nov 9 14:18:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=18.217.194.148 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=52565 DPT=8554 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:18:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.88.241.160 DST=145.239.177.179 LEN=48 TOS=0x00 PREC=0x00 TTL=48 ID=15847 PROTO=UDP SPT=55067 DPT=8088 LEN=28 Nov 9 14:18:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.40 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17352 PROTO=TCP SPT=53933 DPT=37328 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:18:55 server83 pam_imunify_daemon.bin: time="2025-11-09T14:18:55+05:30" level=warning msg="Send stats for 4 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=4 Nov 9 14:18:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.128 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=50854 DPT=9675 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:18:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.149 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=60738 PROTO=TCP SPT=35329 DPT=33338 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:18:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:19:01 server83 systemd: Started Session 313195 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313196 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313197 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313199 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313201 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313202 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313200 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313198 of user root. Nov 9 14:19:01 server83 systemd: Started Session 313203 of user root. Nov 9 14:19:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.82.47.26 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51228 DPT=6516 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52728 SEQ=1 Nov 9 14:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35587 SEQ=1 Nov 9 14:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48946 SEQ=1 Nov 9 14:19:03 server83 dhclient[21759]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x159d8af9) Nov 9 14:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3114 SEQ=1 Nov 9 14:19:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19234 SEQ=1 Nov 9 14:19:05 server83 aibolit_wrapper[22816]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781452331632.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626781452333532.txt --log=/tmp/malware_cleaner_log_17626781452335268.txt --progress=/tmp/malware_cleaner_progress_17626781452334798.json --csv_result=/tmp/revisium_csvfile_17626781452335040.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:19:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42637 SEQ=1 Nov 9 14:19:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.52.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=40453 DPT=33338 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.63.197.181 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=1442 PROTO=TCP SPT=50784 DPT=7648 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:19:14 server83 NetworkManager[922]: <warn> [1762678154.4412] dhcp4 (eth1): request timed out Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4413] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4572] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 21759 Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4572] dhcp4 (eth1): state changed timeout -> done Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4574] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:19:14 server83 NetworkManager[922]: <warn> [1762678154.4578] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4580] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4610] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4613] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4614] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4618] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4628] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4631] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:19:14 server83 NetworkManager[922]: <info> [1762678154.4643] dhcp4 (eth1): dhclient started with pid 23035 Nov 9 14:19:14 server83 dhclient[23035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x3f90f0ca) Nov 9 14:19:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.106 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=112 ID=10518 DF PROTO=ICMP TYPE=8 CODE=0 ID=35436 SEQ=44815 Nov 9 14:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8154 SEQ=1 Nov 9 14:19:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7814 SEQ=1 Nov 9 14:19:20 server83 aibolit_wrapper[23175]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781606425154.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626781606426754.txt --log=/tmp/malware_cleaner_log_17626781606428226.txt --progress=/tmp/malware_cleaner_progress_17626781606427810.json --csv_result=/tmp/revisium_csvfile_17626781606427982.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:19:21 server83 dhclient[23035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x3f90f0ca) Nov 9 14:19:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55503 SEQ=1 Nov 9 14:19:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27590 SEQ=1 Nov 9 14:19:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23169 SEQ=1 Nov 9 14:19:25 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.245.61.191 DST=51.210.113.204 LEN=63 TOS=0x00 PREC=0x00 TTL=47 ID=11005 DF PROTO=ICMP TYPE=8 CODE=0 ID=31327 SEQ=62135 Nov 9 14:19:26 server83 aibolit_wrapper[23456]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781668254680.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626781668258104.txt --progress=/tmp/malware_cleaner_progress_17626781668257618.json --csv_result=/tmp/revisium_csvfile_17626781668257804.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:19:32 server83 aibolit_wrapper[23709]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781719986956.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626781719988064.txt --log=/tmp/malware_cleaner_log_17626781719989210.txt --progress=/tmp/malware_cleaner_progress_17626781719988928.json --csv_result=/tmp/revisium_csvfile_17626781719989056.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24925 SEQ=1 Nov 9 14:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57516 SEQ=1 Nov 9 14:19:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23275 SEQ=1 Nov 9 14:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37865 SEQ=1 Nov 9 14:19:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43079 SEQ=1 Nov 9 14:19:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.116.105.52 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=55337 DPT=11434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:34 server83 dhclient[23035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 16 (xid=0x3f90f0ca) Nov 9 14:19:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=13722 PROTO=TCP SPT=57151 DPT=8520 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:19:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=39468 DF PROTO=ICMP TYPE=8 CODE=0 ID=53046 SEQ=32385 Nov 9 14:19:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=56204 PROTO=TCP SPT=52997 DPT=7752 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57954 SEQ=1 Nov 9 14:19:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=51630 PROTO=TCP SPT=45025 DPT=4696 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42505 SEQ=1 Nov 9 14:19:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45781 SEQ=1 Nov 9 14:19:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8037 SEQ=1 Nov 9 14:19:50 server83 dhclient[23035]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x3f90f0ca) Nov 9 14:19:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48842 SEQ=1 Nov 9 14:19:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.117.57.162 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48577 DPT=9091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42505 SEQ=1 Nov 9 14:19:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=103.102.230.4 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=45656 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:19:55 server83 aibolit_wrapper[24526]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626781956589604.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626781956590972.txt --log=/tmp/malware_cleaner_log_17626781956592498.txt --progress=/tmp/malware_cleaner_progress_17626781956592074.json --csv_result=/tmp/revisium_csvfile_17626781956592274.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:19:59 server83 NetworkManager[922]: <warn> [1762678199.4505] dhcp4 (eth1): request timed out Nov 9 14:19:59 server83 NetworkManager[922]: <info> [1762678199.4505] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:19:59 server83 NetworkManager[922]: <info> [1762678199.4584] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 23035 Nov 9 14:19:59 server83 NetworkManager[922]: <info> [1762678199.4584] dhcp4 (eth1): state changed timeout -> done Nov 9 14:19:59 server83 NetworkManager[922]: <info> [1762678199.4587] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:19:59 server83 NetworkManager[922]: <warn> [1762678199.4592] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:19:59 server83 NetworkManager[922]: <info> [1762678199.4595] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:19:59 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:20:00 server83 aibolit_wrapper[24695]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782008880786.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782008882384.txt --log=/tmp/malware_cleaner_log_17626782008883720.txt --progress=/tmp/malware_cleaner_progress_17626782008883412.json --csv_result=/tmp/revisium_csvfile_17626782008883544.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:20:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18455 PROTO=TCP SPT=56941 DPT=5285 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:01 server83 systemd: Started Session 313205 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313204 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313207 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313208 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313210 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313206 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313209 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313211 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313212 of user root. Nov 9 14:20:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:20:01 server83 systemd: Started Session 313214 of user accentri. Nov 9 14:20:01 server83 systemd: Started Session 313215 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313217 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313216 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313213 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313218 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313219 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313220 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313221 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313223 of user accentri. Nov 9 14:20:01 server83 systemd: Started Session 313222 of user root. Nov 9 14:20:01 server83 systemd: Started Session 313224 of user root. Nov 9 14:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:20:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:20:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:20:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22396 PROTO=TCP SPT=49956 DPT=27255 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:20:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:20:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27037 SEQ=1 Nov 9 14:20:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10679 SEQ=1 Nov 9 14:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61051 SEQ=1 Nov 9 14:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.133.176.251 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=52 ID=29909 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=4 Nov 9 14:20:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30617 SEQ=1 Nov 9 14:20:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.251.80.254 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=22972 DF PROTO=TCP SPT=23996 DPT=2103 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 14:20:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.79.132.41 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54325 DPT=9800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30617 SEQ=1 Nov 9 14:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24138 SEQ=1 Nov 9 14:20:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51433 SEQ=1 Nov 9 14:20:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.133.176.251 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=52 ID=31920 DF PROTO=ICMP TYPE=8 CODE=0 ID=4 SEQ=9 Nov 9 14:20:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8667 SEQ=1 Nov 9 14:20:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.97.81 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3747 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:20:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.65.154.146 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=31676 PROTO=TCP SPT=59306 DPT=6667 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.126 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=33863 PROTO=TCP SPT=57096 DPT=33045 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:20:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.199 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49498 DPT=15588 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63068 SEQ=1 Nov 9 14:20:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11928 SEQ=1 Nov 9 14:20:22 server83 aibolit_wrapper[25521]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782222585868.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782222586812.txt --log=/tmp/malware_cleaner_log_17626782222587774.txt --progress=/tmp/malware_cleaner_progress_17626782222587524.json --csv_result=/tmp/revisium_csvfile_17626782222587646.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37036 SEQ=1 Nov 9 14:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11928 SEQ=1 Nov 9 14:20:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50198 SEQ=1 Nov 9 14:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43429 SEQ=1 Nov 9 14:20:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42446 SEQ=1 Nov 9 14:20:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.84.110 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38690 DPT=9800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:26 server83 systemd: Started Session c2891 of user root. Nov 9 14:20:26 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:20:26 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:20:26 server83 scripts.sh: Load Average: 2.18 , 3.68 Nov 9 14:20:26 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 14:20:26 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 14:20:26 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 14:20:26 server83 scripts.sh: HTTPD Status: inactive Nov 9 14:20:26 server83 scripts.sh: MySQL Status: active Nov 9 14:20:26 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 14:20:26 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 14:20:26 server83 scripts.sh: SSHD Status: active Nov 9 14:20:26 server83 scripts.sh: FTP Status: active Nov 9 14:20:26 server83 scripts.sh: LiteSpeed Status: Active Nov 9 14:20:26 server83 scripts.sh: Imunify Status: Active Nov 9 14:20:26 server83 scripts.sh: cPanel Status: active Nov 9 14:20:26 server83 scripts.sh: Memory Status: 13/31 GB - 43.21% Nov 9 14:20:26 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 14:20:26 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 14:20:26 server83 scripts.sh: Local Version: 4.4.5 Nov 9 14:20:29 server83 aibolit_wrapper[25787]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782294632210.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782294633868.txt --log=/tmp/malware_cleaner_log_17626782294635326.txt --progress=/tmp/malware_cleaner_progress_17626782294634934.json --csv_result=/tmp/revisium_csvfile_17626782294635100.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:20:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24779 SEQ=1 Nov 9 14:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37389 SEQ=1 Nov 9 14:20:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24779 SEQ=1 Nov 9 14:20:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13463 PROTO=TCP SPT=41811 DPT=2482 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4655 SEQ=1 Nov 9 14:20:36 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38742 SEQ=1 Nov 9 14:20:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=165.154.129.43 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=3111 DF PROTO=TCP SPT=43147 DPT=3271 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.164 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54475 DPT=9676 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15945 PROTO=TCP SPT=56765 DPT=8304 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:20:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.49.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45018 PROTO=TCP SPT=42111 DPT=2737 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:20:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.249.128.83 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=5203 PROTO=TCP SPT=48273 DPT=873 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:20:44 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:20:44 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:20:44 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:20:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:20:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:20:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34624 SEQ=1 Nov 9 14:20:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21318 SEQ=1 Nov 9 14:20:47 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:20:49 server83 aibolit_wrapper[26719]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782496837446.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782496838476.txt --log=/tmp/malware_cleaner_log_17626782496839338.txt --progress=/tmp/malware_cleaner_progress_17626782496839116.json --csv_result=/tmp/revisium_csvfile_17626782496839218.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40114 SEQ=1 Nov 9 14:20:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35395 SEQ=1 Nov 9 14:20:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44026 PROTO=TCP SPT=34092 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21318 SEQ=1 Nov 9 14:20:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60883 PROTO=TCP SPT=44258 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44027 PROTO=TCP SPT=34092 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.144 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=60884 PROTO=TCP SPT=44258 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=44445 PROTO=TCP SPT=55804 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44028 PROTO=TCP SPT=34092 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:55 server83 aibolit_wrapper[26871]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782553894432.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782553895584.txt --log=/tmp/malware_cleaner_log_17626782553896974.txt --progress=/tmp/malware_cleaner_progress_17626782553896556.json --csv_result=/tmp/revisium_csvfile_17626782553896756.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:20:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.237.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=44030 PROTO=TCP SPT=34092 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:20:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.179.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=97 ID=44449 PROTO=TCP SPT=55804 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:21:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:21:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:21:01 server83 systemd: Started Session 313227 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313225 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313226 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313228 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313230 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313231 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313229 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313232 of user root. Nov 9 14:21:01 server83 systemd: Started Session 313233 of user root. Nov 9 14:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41399 SEQ=1 Nov 9 14:21:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3753 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:21:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41399 SEQ=1 Nov 9 14:21:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=TCP SPT=60338 DPT=3746 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:21:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11641 SEQ=1 Nov 9 14:21:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.180.89.57 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=118 ID=1229 PROTO=TCP SPT=205 DPT=9004 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:21:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.180.89.57 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=118 ID=1229 PROTO=TCP SPT=205 DPT=9004 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:21:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.180.89.57 DST=51.210.113.204 LEN=80 TOS=0x00 PREC=0x00 TTL=118 ID=1229 PROTO=TCP SPT=205 DPT=9004 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62274 SEQ=1 Nov 9 14:21:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2324 SEQ=1 Nov 9 14:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2324 SEQ=1 Nov 9 14:21:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63455 SEQ=1 Nov 9 14:21:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52582 PROTO=TCP SPT=49956 DPT=26355 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:21:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=13820 DF PROTO=TCP SPT=53167 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:21:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=13819 DF PROTO=TCP SPT=53150 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:21:18 server83 aibolit_wrapper[27566]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782784390046.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782784391794.txt --log=/tmp/malware_cleaner_log_17626782784393892.txt --progress=/tmp/malware_cleaner_progress_17626782784393334.json --csv_result=/tmp/revisium_csvfile_17626782784393582.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:21:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=13822 DF PROTO=TCP SPT=53167 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:21:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x02 PREC=0x40 TTL=114 ID=13821 DF PROTO=TCP SPT=53150 DPT=6443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 Nov 9 14:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34725 SEQ=1 Nov 9 14:21:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35892 SEQ=1 Nov 9 14:21:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=13823 DF PROTO=TCP SPT=53167 DPT=6443 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:21:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.139.104.205 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x40 TTL=114 ID=13824 DF PROTO=TCP SPT=53150 DPT=6443 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=41513 DF PROTO=ICMP TYPE=8 CODE=0 ID=45415 SEQ=7075 Nov 9 14:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13726 SEQ=1 Nov 9 14:21:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43981 SEQ=1 Nov 9 14:21:22 server83 aibolit_wrapper[27676]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626782826037448.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626782826038856.txt --log=/tmp/malware_cleaner_log_17626782826040236.txt --progress=/tmp/malware_cleaner_progress_17626782826039868.json --csv_result=/tmp/revisium_csvfile_17626782826040040.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:21:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18242 SEQ=1 Nov 9 14:21:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65051 PROTO=TCP SPT=49956 DPT=25654 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:21:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34912 SEQ=1 Nov 9 14:21:36 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53200 SEQ=1 Nov 9 14:21:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22775 SEQ=1 Nov 9 14:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34912 SEQ=1 Nov 9 14:21:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30087 SEQ=1 Nov 9 14:21:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=575 PROTO=TCP SPT=50681 DPT=5086 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:21:44 server83 aibolit_wrapper[29650]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783040532200.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783040533444.txt --log=/tmp/malware_cleaner_log_17626783040534456.txt --progress=/tmp/malware_cleaner_progress_17626783040534182.json --csv_result=/tmp/revisium_csvfile_17626783040534312.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:21:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:21:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55048 SEQ=1 Nov 9 14:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33899 SEQ=1 Nov 9 14:21:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37904 SEQ=1 Nov 9 14:21:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55048 SEQ=1 Nov 9 14:21:50 server83 aibolit_wrapper[29815]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783102575082.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626783102577180.txt --progress=/tmp/malware_cleaner_progress_17626783102576920.json --csv_result=/tmp/revisium_csvfile_17626783102577026.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:21:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62877 SEQ=1 Nov 9 14:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53427 SEQ=1 Nov 9 14:21:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59850 SEQ=1 Nov 9 14:21:55 server83 aibolit_wrapper[29924]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783154881294.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783154882622.txt --log=/tmp/malware_cleaner_log_17626783154884166.txt --progress=/tmp/malware_cleaner_progress_17626783154883812.json --csv_result=/tmp/revisium_csvfile_17626783154883966.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:22:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:22:01 server83 systemd: Started Session 313234 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313235 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313236 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313237 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313238 of user root. Nov 9 14:22:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:22:01 server83 systemd: Started Session 313239 of user accentri. Nov 9 14:22:01 server83 systemd: Started Session 313240 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313241 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313242 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313243 of user root. Nov 9 14:22:01 server83 systemd: Started Session 313244 of user accentri. Nov 9 14:22:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36229 SEQ=1 Nov 9 14:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35834 SEQ=1 Nov 9 14:22:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19421 SEQ=1 Nov 9 14:22:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42133 SEQ=1 Nov 9 14:22:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35834 SEQ=1 Nov 9 14:22:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=146.190.119.114 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37105 DPT=4443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=56415 PROTO=TCP SPT=41198 DPT=6005 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:22:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=18.223.104.85 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47275 DPT=5001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:13 server83 aibolit_wrapper[30443]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783331076440.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783331078162.txt --log=/tmp/malware_cleaner_log_17626783331080184.txt --progress=/tmp/malware_cleaner_progress_17626783331079630.json --csv_result=/tmp/revisium_csvfile_17626783331079882.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:22:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.249.129.4 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=39 ID=20741 PROTO=TCP SPT=42291 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20180 SEQ=1 Nov 9 14:22:20 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:22:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=6008 PROTO=TCP SPT=58340 DPT=3441 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14496 SEQ=1 Nov 9 14:22:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=29096 PROTO=TCP SPT=58340 DPT=31394 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=4483 PROTO=TCP SPT=58340 DPT=21775 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=18837 DF PROTO=ICMP TYPE=8 CODE=0 ID=19745 SEQ=55860 Nov 9 14:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9413 SEQ=1 Nov 9 14:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=190.92.204.62 DST=51.210.113.204 LEN=59 TOS=0x00 PREC=0x00 TTL=40 ID=2445 DF PROTO=ICMP TYPE=8 CODE=0 ID=23070 SEQ=443 Nov 9 14:22:24 server83 aibolit_wrapper[30714]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783446475986.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783446477782.txt --log=/tmp/malware_cleaner_log_17626783446479742.txt --progress=/tmp/malware_cleaner_progress_17626783446479216.json --csv_result=/tmp/revisium_csvfile_17626783446479502.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:22:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23312 SEQ=1 Nov 9 14:22:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.34.98 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3745 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30607 SEQ=1 Nov 9 14:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30607 SEQ=1 Nov 9 14:22:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50994 SEQ=1 Nov 9 14:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64628 SEQ=1 Nov 9 14:22:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51909 SEQ=1 Nov 9 14:22:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55877 SEQ=1 Nov 9 14:22:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35243 PROTO=TCP SPT=45727 DPT=31392 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=51947 PROTO=TCP SPT=46264 DPT=5500 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14321 PROTO=TCP SPT=58340 DPT=16912 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.208 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49280 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=12440 PROTO=TCP SPT=58340 DPT=20019 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:40 server83 aibolit_wrapper[31229]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783608703626.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783608705382.txt --log=/tmp/malware_cleaner_log_17626783608707754.txt --progress=/tmp/malware_cleaner_progress_17626783608707302.json --csv_result=/tmp/revisium_csvfile_17626783608707498.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:22:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.50 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55415 DPT=8997 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=65.49.1.168 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=41576 DPT=10514 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:22:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=176.65.134.34 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38830 DPT=37000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=10391 PROTO=TCP SPT=58340 DPT=6011 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:49 server83 aibolit_wrapper[31670]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783695314054.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783695315244.txt --log=/tmp/malware_cleaner_log_17626783695316514.txt --progress=/tmp/malware_cleaner_progress_17626783695316154.json --csv_result=/tmp/revisium_csvfile_17626783695316298.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.31 DST=51.210.113.204 LEN=55 TOS=0x00 PREC=0x00 TTL=109 ID=16422 DF PROTO=ICMP TYPE=8 CODE=0 ID=8850 SEQ=55371 Nov 9 14:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.142 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=109 ID=42007 DF PROTO=ICMP TYPE=8 CODE=0 ID=59793 SEQ=12224 Nov 9 14:22:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=33531 SEQ=1 Nov 9 14:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34468 SEQ=1 Nov 9 14:22:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=201 SEQ=1 Nov 9 14:22:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34468 SEQ=1 Nov 9 14:22:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57777 DF PROTO=TCP SPT=58731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:22:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57778 DF PROTO=TCP SPT=58731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:22:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=49409 PROTO=TCP SPT=58340 DPT=5858 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=30975 PROTO=TCP SPT=58340 DPT=2215 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:22:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.212 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=50986 PROTO=TCP SPT=57371 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:22:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57779 DF PROTO=TCP SPT=58731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:22:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57780 DF PROTO=TCP SPT=58731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:23:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=170.187.165.134 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42030 DPT=9304 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:23:01 server83 systemd: Started Session 313245 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313246 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313248 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313249 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313247 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313250 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313251 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313252 of user root. Nov 9 14:23:01 server83 systemd: Started Session 313253 of user root. Nov 9 14:23:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.114.56 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=46115 PROTO=TCP SPT=45049 DPT=3161 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=1522 PROTO=TCP SPT=58340 DPT=1032 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13005 SEQ=1 Nov 9 14:23:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13005 SEQ=1 Nov 9 14:23:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3424 SEQ=1 Nov 9 14:23:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.185.117.249 DST=145.239.177.179 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=52819 DF PROTO=TCP SPT=42741 DPT=853 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=193.163.125.33 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=64312 PROTO=TCP SPT=33404 DPT=8081 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:23:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=66.185.117.249 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=52820 DF PROTO=TCP SPT=42741 DPT=853 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:23:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=55092 PROTO=TCP SPT=58340 DPT=40338 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57781 DF PROTO=TCP SPT=58731 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40999 SEQ=1 Nov 9 14:23:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3424 SEQ=1 Nov 9 14:23:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=34.47.40.69 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=48894 PROTO=TCP SPT=45432 DPT=2121 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.216 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=56702 DPT=36510 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.34 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55237 DPT=9304 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:12 server83 aibolit_wrapper[32220]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783928580820.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783928582110.txt --log=/tmp/malware_cleaner_log_17626783928583138.txt --progress=/tmp/malware_cleaner_progress_17626783928582824.json --csv_result=/tmp/revisium_csvfile_17626783928582942.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:23:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3744 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=61720 PROTO=TCP SPT=58340 DPT=29016 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:17 server83 aibolit_wrapper[32379]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626783970396710.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626783970398020.txt --log=/tmp/malware_cleaner_log_17626783970399454.txt --progress=/tmp/malware_cleaner_progress_17626783970399098.json --csv_result=/tmp/revisium_csvfile_17626783970399262.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:23:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.160 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51894 DPT=19574 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.133.12 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49573 DPT=9173 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.251 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=23527 PROTO=TCP SPT=56006 DPT=34495 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5528 SEQ=1 Nov 9 14:23:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57136 SEQ=1 Nov 9 14:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19574 SEQ=1 Nov 9 14:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43723 SEQ=1 Nov 9 14:23:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35169 SEQ=1 Nov 9 14:23:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.165.205 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=47816 PROTO=TCP SPT=58340 DPT=29986 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:23:30 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:23:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45572 PROTO=TCP SPT=40519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10484 SEQ=1 Nov 9 14:23:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45573 PROTO=TCP SPT=40519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58422 SEQ=1 Nov 9 14:23:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60815 PROTO=TCP SPT=48400 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45574 PROTO=TCP SPT=40519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:34 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 14:23:34 server83 systemd: Stopped Status Update Service. Nov 9 14:23:34 server83 systemd: Started Status Update Service. Nov 9 14:23:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60816 PROTO=TCP SPT=48400 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45575 PROTO=TCP SPT=40519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60817 PROTO=TCP SPT=48400 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.146 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45576 PROTO=TCP SPT=40519 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60818 PROTO=TCP SPT=48400 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=42051 PROTO=TCP SPT=54226 DPT=8946 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.22 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=60819 PROTO=TCP SPT=48400 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:23:38 server83 aibolit_wrapper[431]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784183877878.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784183879548.txt --log=/tmp/malware_cleaner_log_17626784183881226.txt --progress=/tmp/malware_cleaner_progress_17626784183880768.json --csv_result=/tmp/revisium_csvfile_17626784183880940.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:23:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.230 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=29559 PROTO=TCP SPT=57151 DPT=28278 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64884 SEQ=1 Nov 9 14:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36192 SEQ=1 Nov 9 14:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58422 SEQ=1 Nov 9 14:23:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2194 SEQ=1 Nov 9 14:23:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=178.22.24.71 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=35901 PROTO=TCP SPT=56749 DPT=8307 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:23:44 server83 aibolit_wrapper[656]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784245387970.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626784245390142.txt --progress=/tmp/malware_cleaner_progress_17626784245389800.json --csv_result=/tmp/revisium_csvfile_17626784245389950.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:23:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.230 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42619 DPT=8800 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=93.174.95.106 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x20 TTL=115 ID=60265 PROTO=TCP SPT=23320 DPT=8834 WINDOW=60462 RES=0x00 SYN URGP=0 Nov 9 14:23:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=22331 PROTO=TCP SPT=35357 DPT=7026 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45697 SEQ=1 Nov 9 14:23:49 server83 aibolit_wrapper[863]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784298123496.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784298125398.txt --log=/tmp/malware_cleaner_log_17626784298127404.txt --progress=/tmp/malware_cleaner_progress_17626784298126852.json --csv_result=/tmp/revisium_csvfile_17626784298127098.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1470 SEQ=1 Nov 9 14:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39178 SEQ=1 Nov 9 14:23:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60369 SEQ=1 Nov 9 14:23:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=205.210.31.109 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50800 DPT=9093 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:23:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63917 SEQ=1 Nov 9 14:23:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40310 SEQ=1 Nov 9 14:24:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:24:01 server83 systemd: Started Session 313254 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313255 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313256 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313257 of user root. Nov 9 14:24:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:24:01 server83 systemd: Started Session 313258 of user accentri. Nov 9 14:24:01 server83 systemd: Started Session 313261 of user accentri. Nov 9 14:24:01 server83 systemd: Started Session 313260 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313259 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313262 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313264 of user root. Nov 9 14:24:01 server83 systemd: Started Session 313263 of user root. Nov 9 14:24:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11043 SEQ=1 Nov 9 14:24:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37213 SEQ=1 Nov 9 14:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43164 SEQ=1 Nov 9 14:24:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32865 SEQ=1 Nov 9 14:24:06 server83 aibolit_wrapper[1481]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784465310882.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784465312948.txt --log=/tmp/malware_cleaner_log_17626784465315518.txt --progress=/tmp/malware_cleaner_progress_17626784465314850.json --csv_result=/tmp/revisium_csvfile_17626784465315176.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:24:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.142.154.98 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x40 TTL=235 ID=4267 PROTO=TCP SPT=58914 DPT=4444 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:24:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.84 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54629 DPT=2525 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21766 SEQ=1 Nov 9 14:24:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29553 SEQ=1 Nov 9 14:24:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.254 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49393 PROTO=TCP SPT=41811 DPT=2635 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:24:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57782 DF PROTO=TCP SPT=60798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:24:14 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:24:14 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:24:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57783 DF PROTO=TCP SPT=60798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:24:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.1.191 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44908 DPT=44444 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57784 DF PROTO=TCP SPT=60798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:24:19 server83 aibolit_wrapper[1797]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784598007490.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784598009136.txt --log=/tmp/malware_cleaner_log_17626784598010578.txt --progress=/tmp/malware_cleaner_progress_17626784598010218.json --csv_result=/tmp/revisium_csvfile_17626784598010370.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:24:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57785 DF PROTO=TCP SPT=60798 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:24:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.85 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56257 DPT=30085 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57692 SEQ=1 Nov 9 14:24:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19612 SEQ=1 Nov 9 14:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32378 SEQ=1 Nov 9 14:24:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=21838 DF PROTO=ICMP TYPE=8 CODE=0 ID=1985 SEQ=21526 Nov 9 14:24:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38808 SEQ=1 Nov 9 14:24:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37288 PROTO=TCP SPT=44761 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37289 PROTO=TCP SPT=44761 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.104.80.156 DST=51.210.113.204 LEN=434 TOS=0x00 PREC=0x00 TTL=47 ID=21789 DF PROTO=UDP SPT=7667 DPT=5090 LEN=414 Nov 9 14:24:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=5.104.80.156 DST=51.210.113.204 LEN=435 TOS=0x00 PREC=0x00 TTL=43 ID=21788 DF PROTO=UDP SPT=7667 DPT=5062 LEN=415 Nov 9 14:24:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=5.104.80.156 DST=51.210.113.204 LEN=435 TOS=0x00 PREC=0x00 TTL=43 ID=21793 DF PROTO=UDP SPT=7667 DPT=5080 LEN=415 Nov 9 14:24:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=5.104.80.156 DST=51.210.113.204 LEN=431 TOS=0x00 PREC=0x00 TTL=44 ID=21800 DF PROTO=UDP SPT=7667 DPT=5004 LEN=411 Nov 9 14:24:27 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=5.104.80.156 DST=51.210.113.204 LEN=434 TOS=0x00 PREC=0x00 TTL=45 ID=21801 DF PROTO=UDP SPT=7667 DPT=6000 LEN=414 Nov 9 14:24:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=22144 PROTO=TCP SPT=46846 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.9.217 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=37290 PROTO=TCP SPT=44761 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.152 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=22145 PROTO=TCP SPT=46846 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=88.210.63.192 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=14013 PROTO=TCP SPT=53857 DPT=44316 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:24:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=17061 PROTO=TCP SPT=39629 DPT=6222 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57721 SEQ=1 Nov 9 14:24:33 server83 aibolit_wrapper[2088]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784738886698.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784738888168.txt --log=/tmp/malware_cleaner_log_17626784738889436.txt --progress=/tmp/malware_cleaner_progress_17626784738889118.json --csv_result=/tmp/revisium_csvfile_17626784738889266.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:24:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24571 SEQ=1 Nov 9 14:24:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58393 SEQ=1 Nov 9 14:24:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34592 SEQ=1 Nov 9 14:24:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34592 SEQ=1 Nov 9 14:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.84 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=55042 DPT=9593 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=24109 PROTO=TCP SPT=50422 DPT=33247 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:37 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.148 DST=51.210.113.204 LEN=364 TOS=0x00 PREC=0x00 TTL=35 ID=28948 PROTO=UDP SPT=12116 DPT=4500 LEN=344 Nov 9 14:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28430 SEQ=1 Nov 9 14:24:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18093 SEQ=1 Nov 9 14:24:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=184.105.247.224 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=48875 DPT=10000 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=165.154.41.182 DST=51.210.113.204 LEN=40 TOS=0x08 PREC=0x40 TTL=36 ID=7556 DF PROTO=TCP SPT=40983 DPT=28138 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:24:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.149.187 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52362 DPT=46830 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:44 server83 aibolit_wrapper[2442]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784843866672.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784843869860.txt --log=/tmp/malware_cleaner_log_17626784843871762.txt --progress=/tmp/malware_cleaner_progress_17626784843871238.json --csv_result=/tmp/revisium_csvfile_17626784843871456.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:24:44 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4728 SEQ=1 Nov 9 14:24:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.223 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=54919 DPT=9571 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8581 SEQ=1 Nov 9 14:24:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=36394 SEQ=1 Nov 9 14:24:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53560 SEQ=1 Nov 9 14:24:50 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25285 PROTO=TCP SPT=44907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25286 PROTO=TCP SPT=44907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4728 SEQ=1 Nov 9 14:24:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17716 SEQ=1 Nov 9 14:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55246 PROTO=TCP SPT=43153 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25287 PROTO=TCP SPT=44907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20063 SEQ=1 Nov 9 14:24:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55247 PROTO=TCP SPT=43153 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=25288 PROTO=TCP SPT=44907 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=55249 PROTO=TCP SPT=43153 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:24:58 server83 aibolit_wrapper[2752]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626784986731364.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626784986732824.txt --log=/tmp/malware_cleaner_log_17626784986734306.txt --progress=/tmp/malware_cleaner_progress_17626784986733908.json --csv_result=/tmp/revisium_csvfile_17626784986734112.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4750] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4754] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4755] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4759] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4769] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4771] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:24:59 server83 NetworkManager[922]: <info> [1762678499.4782] dhcp4 (eth1): dhclient started with pid 2783 Nov 9 14:24:59 server83 dhclient[2783]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x3e9821aa) Nov 9 14:25:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57787 DF PROTO=TCP SPT=61996 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:25:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:25:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=62144 PROTO=TCP SPT=36611 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:25:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:25:01 server83 systemd: Started Session 313265 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313267 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313268 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313269 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313272 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313270 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313273 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313271 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313274 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313275 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313266 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313278 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313279 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313277 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313276 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313280 of user root. Nov 9 14:25:01 server83 systemd: Started Session 313281 of user root. Nov 9 14:25:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=4358 SEQ=1 Nov 9 14:25:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=62145 PROTO=TCP SPT=36611 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64467 SEQ=1 Nov 9 14:25:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3752 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:25:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=17310 PROTO=TCP SPT=41654 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.149 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=62148 PROTO=TCP SPT=36611 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:05 server83 dhclient[2783]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3e9821aa) Nov 9 14:25:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=17311 PROTO=TCP SPT=41654 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.244.150 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=17312 PROTO=TCP SPT=41654 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57790 DF PROTO=TCP SPT=61996 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19796 SEQ=1 Nov 9 14:25:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3605 SEQ=1 Nov 9 14:25:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64076 SEQ=1 Nov 9 14:25:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52360 SEQ=1 Nov 9 14:25:10 server83 aibolit_wrapper[3166]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785102975966.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785102977726.txt --log=/tmp/malware_cleaner_log_17626785102980556.txt --progress=/tmp/malware_cleaner_progress_17626785102979982.json --csv_result=/tmp/revisium_csvfile_17626785102980208.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:25:13 server83 dhclient[2783]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3e9821aa) Nov 9 14:25:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57791 DF PROTO=TCP SPT=61996 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:25:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=33518 PROTO=TCP SPT=64118 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=33519 PROTO=TCP SPT=64118 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=34768 PROTO=TCP SPT=48365 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=192.178.118.151 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=102 ID=33520 PROTO=TCP SPT=64118 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=34769 PROTO=TCP SPT=48365 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:19 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=34770 PROTO=TCP SPT=48365 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55734 SEQ=1 Nov 9 14:25:21 server83 dhclient[2783]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x3e9821aa) Nov 9 14:25:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=192.178.118.155 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=101 ID=34772 PROTO=TCP SPT=48365 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:25:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27175 SEQ=1 Nov 9 14:25:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1685 SEQ=1 Nov 9 14:25:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23285 SEQ=1 Nov 9 14:25:27 server83 aibolit_wrapper[3641]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785274710900.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785274712604.txt --log=/tmp/malware_cleaner_log_17626785274714416.txt --progress=/tmp/malware_cleaner_progress_17626785274713952.json --csv_result=/tmp/revisium_csvfile_17626785274714180.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:25:30 server83 dhclient[2783]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x3e9821aa) Nov 9 14:25:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.146.47 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=26271 PROTO=TCP SPT=56201 DPT=29508 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15612 SEQ=1 Nov 9 14:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53793 SEQ=1 Nov 9 14:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19236 SEQ=1 Nov 9 14:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20234 SEQ=1 Nov 9 14:25:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15612 SEQ=1 Nov 9 14:25:32 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.106.138 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3743 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:25:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32825 SEQ=1 Nov 9 14:25:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.15.85.154 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53417 DPT=31337 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:25:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.94 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55387 DPT=34567 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:25:39 server83 aibolit_wrapper[4039]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785396372626.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785396373752.txt --log=/tmp/malware_cleaner_log_17626785396374616.txt --progress=/tmp/malware_cleaner_progress_17626785396374400.json --csv_result=/tmp/revisium_csvfile_17626785396374492.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:25:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=200.9.154.79 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54283 DPT=1081 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:25:41 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 14:25:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:25:42 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:25:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13881 PROTO=TCP SPT=42910 DPT=9629 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:25:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3077 PROTO=TCP SPT=45727 DPT=33053 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:25:44 server83 dhclient[2783]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x3e9821aa) Nov 9 14:25:44 server83 NetworkManager[922]: <warn> [1762678544.4512] dhcp4 (eth1): request timed out Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4512] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4592] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 2783 Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4592] dhcp4 (eth1): state changed timeout -> done Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:25:44 server83 NetworkManager[922]: <warn> [1762678544.4601] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4604] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4639] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4644] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4645] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4650] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4661] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4664] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:25:44 server83 NetworkManager[922]: <info> [1762678544.4676] dhcp4 (eth1): dhclient started with pid 4284 Nov 9 14:25:44 server83 dhclient[4284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x587308dc) Nov 9 14:25:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:25:45 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:25:45 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:25:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:25:47 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10127 SEQ=1 Nov 9 14:25:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55796 SEQ=1 Nov 9 14:25:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10127 SEQ=1 Nov 9 14:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.181.55 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=47 ID=39644 DF PROTO=ICMP TYPE=8 CODE=0 ID=54441 SEQ=178 Nov 9 14:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13402 SEQ=1 Nov 9 14:25:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24195 SEQ=1 Nov 9 14:25:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=169.136.181.55 DST=145.239.177.179 LEN=84 TOS=0x00 PREC=0x00 TTL=47 ID=39702 DF PROTO=ICMP TYPE=8 CODE=0 ID=54441 SEQ=432 Nov 9 14:25:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.54.248 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3751 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:25:51 server83 dhclient[4284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x587308dc) Nov 9 14:25:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33465 PROTO=TCP SPT=45727 DPT=31460 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:25:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=37750 DF PROTO=ICMP TYPE=8 CODE=0 ID=16560 SEQ=63328 Nov 9 14:25:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=81.177.125.9 DST=51.210.113.204 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=5597 PROTO=TCP SPT=47439 DPT=5919 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:25:57 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:25:58 server83 aibolit_wrapper[5064]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785580058126.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785580059512.txt --log=/tmp/malware_cleaner_log_17626785580060672.txt --progress=/tmp/malware_cleaner_progress_17626785580060288.json --csv_result=/tmp/revisium_csvfile_17626785580060404.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:25:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.188 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52357 DPT=45845 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:25:59 server83 dhclient[4284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 8 (xid=0x587308dc) Nov 9 14:26:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:26:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:26:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:26:01 server83 systemd: Started Session 313283 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313282 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313285 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313286 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313284 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313287 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313288 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313289 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313290 of user root. Nov 9 14:26:01 server83 systemd: Started Session 313291 of user root. Nov 9 14:26:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:26:01 server83 systemd: Started Session 313292 of user accentri. Nov 9 14:26:01 server83 systemd: Started Session 313293 of user accentri. Nov 9 14:26:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:26:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=94.74.121.32 DST=51.210.113.204 LEN=59 TOS=0x08 PREC=0x40 TTL=35 ID=54990 DF PROTO=ICMP TYPE=8 CODE=0 ID=60901 SEQ=12254 Nov 9 14:26:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53540 SEQ=1 Nov 9 14:26:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62777 SEQ=1 Nov 9 14:26:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=184.105.139.103 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=41810 DPT=20001 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45264 SEQ=1 Nov 9 14:26:07 server83 aibolit_wrapper[5536]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785673733678.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785673734886.txt --log=/tmp/malware_cleaner_log_17626785673735908.txt --progress=/tmp/malware_cleaner_progress_17626785673735632.json --csv_result=/tmp/revisium_csvfile_17626785673735750.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:26:07 server83 dhclient[4284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x587308dc) Nov 9 14:26:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48816 SEQ=1 Nov 9 14:26:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.216.66.248 DST=145.239.177.179 LEN=52 TOS=0x14 PREC=0x00 TTL=43 ID=45312 DF PROTO=TCP SPT=46336 DPT=8084 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 14:26:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57792 DF PROTO=TCP SPT=63835 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:26:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57793 DF PROTO=TCP SPT=63835 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:26:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=45202 PROTO=TCP SPT=52023 DPT=4405 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57794 DF PROTO=TCP SPT=63835 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:26:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57795 DF PROTO=TCP SPT=63835 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:26:18 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=45.79.114.248 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49809 DPT=8082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:19 server83 dhclient[4284]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x587308dc) Nov 9 14:26:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10435 SEQ=1 Nov 9 14:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28985 SEQ=1 Nov 9 14:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10435 SEQ=1 Nov 9 14:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=32733 SEQ=1 Nov 9 14:26:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42898 SEQ=1 Nov 9 14:26:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.221.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=45934 DPT=10250 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65379 SEQ=1 Nov 9 14:26:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57796 DF PROTO=TCP SPT=63835 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:26:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.183 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=51642 DPT=40022 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:26 server83 aibolit_wrapper[6127]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785868952942.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785868954648.txt --log=/tmp/malware_cleaner_log_17626785868956096.txt --progress=/tmp/malware_cleaner_progress_17626785868955696.json --csv_result=/tmp/revisium_csvfile_17626785868955882.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:26:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=198.235.24.29 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56339 DPT=9091 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.53 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55444 DPT=7777 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:29 server83 NetworkManager[922]: <warn> [1762678589.4423] dhcp4 (eth1): request timed out Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4423] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4583] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 4284 Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4583] dhcp4 (eth1): state changed timeout -> done Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4586] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:26:29 server83 NetworkManager[922]: <warn> [1762678589.4590] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4592] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4624] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4628] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4630] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4633] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4643] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4646] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:26:29 server83 NetworkManager[922]: <info> [1762678589.4660] dhcp4 (eth1): dhclient started with pid 6209 Nov 9 14:26:29 server83 dhclient[6209]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x633bb18c) Nov 9 14:26:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43316 SEQ=1 Nov 9 14:26:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53053 SEQ=1 Nov 9 14:26:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26542 SEQ=1 Nov 9 14:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26542 SEQ=1 Nov 9 14:26:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37913 SEQ=1 Nov 9 14:26:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=118.190.149.150 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3750 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:26:35 server83 dhclient[6209]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0x633bb18c) Nov 9 14:26:36 server83 aibolit_wrapper[6440]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626785963654928.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626785963656082.txt --log=/tmp/malware_cleaner_log_17626785963657022.txt --progress=/tmp/malware_cleaner_progress_17626785963656756.json --csv_result=/tmp/revisium_csvfile_17626785963656874.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:26:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18070 PROTO=TCP SPT=49956 DPT=27538 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:26:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.219 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43415 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:46 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.78.24 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=38429 DPT=8082 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:26:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:26:47 server83 dhclient[6209]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x633bb18c) Nov 9 14:26:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34647 SEQ=1 Nov 9 14:26:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62667 SEQ=1 Nov 9 14:26:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28400 SEQ=1 Nov 9 14:26:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27766 SEQ=1 Nov 9 14:26:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7350 SEQ=1 Nov 9 14:26:52 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.103 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51741 DPT=3975 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:54 server83 dhclient[6209]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x633bb18c) Nov 9 14:26:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.76 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47608 DPT=8531 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:26:57 server83 aibolit_wrapper[6999]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626786175573862.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626786175574930.txt --log=/tmp/malware_cleaner_log_17626786175575830.txt --progress=/tmp/malware_cleaner_progress_17626786175575578.json --csv_result=/tmp/revisium_csvfile_17626786175575698.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:26:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.4 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=12211 PROTO=TCP SPT=53858 DPT=8531 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:27:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:27:01 server83 dhclient[6209]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 19 (xid=0x633bb18c) Nov 9 14:27:01 server83 systemd: Started Session 313295 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313296 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313294 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313300 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313301 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313298 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313299 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313303 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313297 of user root. Nov 9 14:27:01 server83 systemd: Started Session 313302 of user root. Nov 9 14:27:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=124.198.132.121 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56641 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:27:05 server83 aibolit_wrapper[7362]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626786252126996.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626786252128696.txt --log=/tmp/malware_cleaner_log_17626786252130666.txt --progress=/tmp/malware_cleaner_progress_17626786252130124.json --csv_result=/tmp/revisium_csvfile_17626786252130398.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39730 SEQ=1 Nov 9 14:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63436 SEQ=1 Nov 9 14:27:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60614 SEQ=1 Nov 9 14:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39730 SEQ=1 Nov 9 14:27:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59035 SEQ=1 Nov 9 14:27:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.104.192.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3749 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9124 PROTO=TCP SPT=45727 DPT=30558 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48362 SEQ=1 Nov 9 14:27:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=64.62.156.102 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51979 DPT=8531 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:27:14 server83 NetworkManager[922]: <warn> [1762678634.4433] dhcp4 (eth1): request timed out Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4433] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4593] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 6209 Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4593] dhcp4 (eth1): state changed timeout -> done Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4595] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:27:14 server83 NetworkManager[922]: <warn> [1762678634.4600] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4602] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4635] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4639] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4640] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4644] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4654] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4657] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:27:14 server83 NetworkManager[922]: <info> [1762678634.4669] dhcp4 (eth1): dhclient started with pid 7681 Nov 9 14:27:14 server83 dhclient[7681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x677e2c72) Nov 9 14:27:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65510 PROTO=TCP SPT=41811 DPT=2609 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.60.146 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17787 PROTO=TCP SPT=51461 DPT=8546 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3427 SEQ=1 Nov 9 14:27:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8285 SEQ=1 Nov 9 14:27:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34297 SEQ=1 Nov 9 14:27:19 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:27:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39997 SEQ=1 Nov 9 14:27:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18802 SEQ=1 Nov 9 14:27:21 server83 dhclient[7681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x677e2c72) Nov 9 14:27:22 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=28476 PROTO=TCP SPT=57167 DPT=19410 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:27:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57819 SEQ=1 Nov 9 14:27:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=23825 PROTO=TCP SPT=44501 DPT=4589 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:27:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=205.210.31.244 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=51948 DPT=22460 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:27:29 server83 aibolit_wrapper[8078]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626786495096790.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626786495098412.txt --log=/tmp/malware_cleaner_log_17626786495100234.txt --progress=/tmp/malware_cleaner_progress_17626786495099800.json --csv_result=/tmp/revisium_csvfile_17626786495100008.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:27:31 server83 dhclient[7681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x677e2c72) Nov 9 14:27:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52361 SEQ=1 Nov 9 14:27:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=31250 SEQ=1 Nov 9 14:27:35 server83 aibolit_wrapper[8258]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626786556909218.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626786556910912.txt --log=/tmp/malware_cleaner_log_17626786556912336.txt --progress=/tmp/malware_cleaner_progress_17626786556911958.json --csv_result=/tmp/revisium_csvfile_17626786556912132.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=11165 SEQ=1 Nov 9 14:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25974 SEQ=1 Nov 9 14:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23625 SEQ=1 Nov 9 14:27:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55827 SEQ=1 Nov 9 14:27:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.246 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19437 PROTO=TCP SPT=41811 DPT=2767 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10351 PROTO=TCP SPT=49956 DPT=27271 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=20.169.105.51 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=59573 PROTO=TCP SPT=37579 DPT=5007 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:27:45 server83 dhclient[7681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 9 (xid=0x677e2c72) Nov 9 14:27:45 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=35382 SEQ=1 Nov 9 14:27:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:27:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:27:49 server83 scripts.sh: Sun Nov 9 14:27:49 IST 2025 - /usr/local/rshmonitor/timestamp.txt File Overwrite Nov 9 14:27:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28527 SEQ=1 Nov 9 14:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57300 SEQ=1 Nov 9 14:27:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14516 SEQ=1 Nov 9 14:27:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20229 SEQ=1 Nov 9 14:27:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=152.32.143.71 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x60 TTL=41 ID=3458 DF PROTO=TCP SPT=45099 DPT=2509 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:27:54 server83 dhclient[7681]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x677e2c72) Nov 9 14:27:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25872 SEQ=1 Nov 9 14:27:56 server83 aibolit_wrapper[8838]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626786762032958.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626786762034916.txt --log=/tmp/malware_cleaner_log_17626786762036984.txt --progress=/tmp/malware_cleaner_progress_17626786762036386.json --csv_result=/tmp/revisium_csvfile_17626786762036640.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:27:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.109 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=60701 PROTO=TCP SPT=47673 DPT=4960 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:27:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3748 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:27:59 server83 NetworkManager[922]: <warn> [1762678679.4503] dhcp4 (eth1): request timed out Nov 9 14:27:59 server83 NetworkManager[922]: <info> [1762678679.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:27:59 server83 NetworkManager[922]: <info> [1762678679.4664] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 7681 Nov 9 14:27:59 server83 NetworkManager[922]: <info> [1762678679.4664] dhcp4 (eth1): state changed timeout -> done Nov 9 14:27:59 server83 NetworkManager[922]: <info> [1762678679.4667] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:27:59 server83 NetworkManager[922]: <warn> [1762678679.4672] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:27:59 server83 NetworkManager[922]: <info> [1762678679.4674] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:28:00 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:28:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:28:01 server83 systemd: Started Session 313304 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313305 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313307 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313306 of user root. Nov 9 14:28:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:28:01 server83 systemd: Started Session 313308 of user accentri. Nov 9 14:28:01 server83 systemd: Started Session 313309 of user accentri. Nov 9 14:28:01 server83 systemd: Started Session 313312 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313310 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313311 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313313 of user root. Nov 9 14:28:01 server83 systemd: Started Session 313315 of user root. Nov 9 14:28:01 server83 systemd: Created slice User Slice of metalarts. Nov 9 14:28:01 server83 systemd: Started Session 313314 of user metalarts. Nov 9 14:28:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:28:01 server83 systemd: Removed slice User Slice of metalarts. Nov 9 14:28:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.110.79 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37481 DPT=8061 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63247 SEQ=1 Nov 9 14:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18581 SEQ=1 Nov 9 14:28:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18581 SEQ=1 Nov 9 14:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=13.89.125.230 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=40 ID=41230 PROTO=TCP SPT=46565 DPT=5007 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.123 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=23851 PROTO=TCP SPT=44720 DPT=37777 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:28:04 server83 aibolit_wrapper[9128]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626786846421258.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626786846423120.txt --log=/tmp/malware_cleaner_log_17626786846424656.txt --progress=/tmp/malware_cleaner_progress_17626786846424268.json --csv_result=/tmp/revisium_csvfile_17626786846424432.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:28:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8543 SEQ=1 Nov 9 14:28:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.246 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60189 PROTO=TCP SPT=41811 DPT=2797 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:28:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=7933 SEQ=1 Nov 9 14:28:08 server83 pam_imunify_daemon.bin: time="2025-11-09T14:28:08+05:30" level=warning msg="Send stats for 3 records error: license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" agent_lic_status=OK error="license is not valid: 401 Unauthorized, {\"status\":\"error\",\"msg\":\"Invalid license for Imunify360-918635dCxWmok6905002a12e50\"}" records_num=3 Nov 9 14:28:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=196.251.85.163 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=21174 PROTO=TCP SPT=43077 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.208 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55097 DPT=6036 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=206.116.105.52 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39865 DPT=11434 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mysql": failed to add rule: -A exit,never -F uid=mysql -k imunify360-infection-stats-excludefd22f1542fdf2c6f:key option needs a watch or syscall given prior to it Nov 9 14:28:20 server83 imunify-auditd-log-reader[9638]: failed to add exclude rule "-F uid=mariadb": failed to add rule: -A exit,never -F uid=mariadb -k imunify360-infection-stats-exclude73669fbc31cc363e:Unknown user: mariadb#012-F unknown field: uid Nov 9 14:28:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62018 SEQ=1 Nov 9 14:28:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49282 SEQ=1 Nov 9 14:28:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65286 SEQ=1 Nov 9 14:28:22 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65284 SEQ=1 Nov 9 14:28:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34340 SEQ=1 Nov 9 14:28:25 server83 aibolit_wrapper[9652]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787051632612.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787051634464.txt --log=/tmp/malware_cleaner_log_17626787051636338.txt --progress=/tmp/malware_cleaner_progress_17626787051635804.json --csv_result=/tmp/revisium_csvfile_17626787051636026.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:28:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.41 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=56297 PROTO=TCP SPT=41714 DPT=47886 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:28:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61394 SEQ=1 Nov 9 14:28:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61394 SEQ=1 Nov 9 14:28:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.221.22 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51682 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:37 server83 aibolit_wrapper[9945]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787173775654.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787173777170.txt --log=/tmp/malware_cleaner_log_17626787173778612.txt --progress=/tmp/malware_cleaner_progress_17626787173778238.json --csv_result=/tmp/revisium_csvfile_17626787173778398.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:28:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26774 SEQ=1 Nov 9 14:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50768 SEQ=1 Nov 9 14:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=21575 SEQ=1 Nov 9 14:28:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51682 SEQ=1 Nov 9 14:28:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38756 PROTO=TCP SPT=46809 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=64756 PROTO=TCP SPT=45215 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:43 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.29 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=34333 PROTO=TCP SPT=33232 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=95.214.53.196 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59823 DPT=5678 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=38757 PROTO=TCP SPT=46809 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17435 PROTO=TCP SPT=45444 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:28:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:28:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17437 PROTO=TCP SPT=45444 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=17439 PROTO=TCP SPT=45444 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:28:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40919 SEQ=1 Nov 9 14:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49711 SEQ=1 Nov 9 14:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49711 SEQ=1 Nov 9 14:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44836 SEQ=1 Nov 9 14:28:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=48275 SEQ=1 Nov 9 14:28:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44836 SEQ=1 Nov 9 14:28:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=78.128.114.46 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=56748 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:28:55 server83 aibolit_wrapper[10451]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787355612662.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787355614214.txt --log=/tmp/malware_cleaner_log_17626787355615392.txt --progress=/tmp/malware_cleaner_progress_17626787355615018.json --csv_result=/tmp/revisium_csvfile_17626787355615160.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:28:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.43.63.38 DST=145.239.177.179 LEN=44 TOS=0x08 PREC=0x40 TTL=34 ID=0 DF PROTO=TCP SPT=43419 DPT=12158 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:29:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:29:01 server83 systemd: Started Session 313317 of user root. Nov 9 14:29:01 server83 systemd: Started Session 313318 of user root. Nov 9 14:29:01 server83 systemd: Started Session 313316 of user root. Nov 9 14:29:01 server83 systemd: Started Session 313319 of user root. Nov 9 14:29:02 server83 systemd: Started Session 313320 of user root. Nov 9 14:29:02 server83 systemd: Started Session 313321 of user root. Nov 9 14:29:02 server83 systemd: Started Session 313322 of user root. Nov 9 14:29:02 server83 systemd: Started Session 313324 of user root. Nov 9 14:29:02 server83 systemd: Started Session 313323 of user root. Nov 9 14:29:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=52.81.210.209 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=6012 SEQ=0 Nov 9 14:29:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60511 SEQ=1 Nov 9 14:29:05 server83 aibolit_wrapper[10883]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787457515996.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787457517970.txt --log=/tmp/malware_cleaner_log_17626787457519806.txt --progress=/tmp/malware_cleaner_progress_17626787457519328.json --csv_result=/tmp/revisium_csvfile_17626787457519538.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=28204 SEQ=1 Nov 9 14:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8524 SEQ=1 Nov 9 14:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61606 SEQ=1 Nov 9 14:29:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53149 SEQ=1 Nov 9 14:29:12 server83 aibolit_wrapper[11180]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787520488542.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626787520492110.txt --progress=/tmp/malware_cleaner_progress_17626787520491576.json --csv_result=/tmp/revisium_csvfile_17626787520491776.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:29:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.49 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55285 DPT=21911 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:14 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.200.116.35 DST=51.210.113.204 LEN=42 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=UDP SPT=50628 DPT=1194 LEN=22 Nov 9 14:29:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=1525 PROTO=TCP SPT=60304 DPT=8635 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=30791 DF PROTO=ICMP TYPE=8 CODE=0 ID=42944 SEQ=42337 Nov 9 14:29:21 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50194 SEQ=1 Nov 9 14:29:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.189 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50751 DPT=37443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50194 SEQ=1 Nov 9 14:29:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51325 SEQ=1 Nov 9 14:29:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=87.120.191.104 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57526 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.195.99 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3742 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:29:27 server83 aibolit_wrapper[11675]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787674499686.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787674501180.txt --log=/tmp/malware_cleaner_log_17626787674502868.txt --progress=/tmp/malware_cleaner_progress_17626787674502458.json --csv_result=/tmp/revisium_csvfile_17626787674502626.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:29:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=173.255.223.62 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=48192 PROTO=TCP SPT=54012 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54186 SEQ=1 Nov 9 14:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55073 SEQ=1 Nov 9 14:29:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=30727 SEQ=1 Nov 9 14:29:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25309 SEQ=1 Nov 9 14:29:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38451 SEQ=1 Nov 9 14:29:33 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=25772 PROTO=TCP SPT=38535 DPT=1009 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:29:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=188.245.87.173 DST=51.210.113.204 LEN=70 TOS=0x00 PREC=0x00 TTL=47 ID=43556 DF PROTO=ICMP TYPE=8 CODE=0 ID=24415 SEQ=2504 Nov 9 14:29:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.33.41.118 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=46 ID=32988 PROTO=TCP SPT=44737 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:36 server83 aibolit_wrapper[11958]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787760930936.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787760933132.txt --log=/tmp/malware_cleaner_log_17626787760935170.txt --progress=/tmp/malware_cleaner_progress_17626787760934724.json --csv_result=/tmp/revisium_csvfile_17626787760934922.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:29:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=198.74.58.148 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49365 DPT=5269 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=204.76.203.230 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35026 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.57.59 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x60 TTL=40 ID=4286 DF PROTO=TCP SPT=39860 DPT=5020 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:29:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:29:48 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=147.185.132.44 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55262 DPT=9232 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:29:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65013 SEQ=1 Nov 9 14:29:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=22761 SEQ=1 Nov 9 14:29:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44980 SEQ=1 Nov 9 14:29:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39360 SEQ=1 Nov 9 14:29:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55155 SEQ=1 Nov 9 14:29:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40376 SEQ=1 Nov 9 14:29:56 server83 aibolit_wrapper[12634]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626787964390612.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626787964391858.txt --log=/tmp/malware_cleaner_log_17626787964393374.txt --progress=/tmp/malware_cleaner_progress_17626787964392840.json --csv_result=/tmp/revisium_csvfile_17626787964393108.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:29:57 server83 systemd: Started Session c2892 of user root. Nov 9 14:29:57 server83 scripts.sh: Load Average: 2.90 , 2.48 Nov 9 14:29:57 server83 scripts.sh: Server IP: 51.210.113.204 Nov 9 14:29:57 server83 scripts.sh: Server Hostname: server83.dnsserverboot.com Nov 9 14:29:57 server83 scripts.sh: SSL Expiry Timestamp: 1767144779 Nov 9 14:29:57 server83 scripts.sh: HTTPD Status: inactive Nov 9 14:29:57 server83 scripts.sh: MySQL Status: active Nov 9 14:29:57 server83 scripts.sh: MySQL Version: 5.6.38 Nov 9 14:29:57 server83 scripts.sh: Disk Info: / 935G/1.8T - 56%|/home2 489G/1.8T - 30%| Nov 9 14:29:57 server83 scripts.sh: SSHD Status: active Nov 9 14:29:57 server83 scripts.sh: FTP Status: active Nov 9 14:29:57 server83 scripts.sh: LiteSpeed Status: Active Nov 9 14:29:57 server83 scripts.sh: Imunify Status: Active Nov 9 14:29:57 server83 scripts.sh: cPanel Status: active Nov 9 14:29:57 server83 scripts.sh: Memory Status: 13/31 GB - 42.77% Nov 9 14:29:57 server83 scripts.sh: Softaculous Expiry: Expires (DD/MM/YYYY) : 28/11/2025 Nov 9 14:29:57 server83 scripts.sh: Softaculous Type: Type : Premium Nov 9 14:29:57 server83 scripts.sh: Local Version: 4.4.5 Nov 9 14:29:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=162.216.150.219 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55529 DPT=47617 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:30:00 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:30:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:30:01 server83 systemd: Started Session 313329 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313326 of user root. Nov 9 14:30:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:30:01 server83 systemd: Started Session 313325 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313327 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313331 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313332 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313328 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313330 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313335 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313336 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313340 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313333 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313337 of user root. Nov 9 14:30:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:30:01 server83 systemd: Started Session 313339 of user accentri. Nov 9 14:30:01 server83 systemd: Started Session 313334 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313341 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313338 of user accentri. Nov 9 14:30:01 server83 systemd: Started Session 313342 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313343 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313344 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313345 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313347 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313346 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313349 of user root. Nov 9 14:30:01 server83 systemd: Started Session 313348 of user root. Nov 9 14:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:30:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:30:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13285 SEQ=1 Nov 9 14:30:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=3568 SEQ=1 Nov 9 14:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13285 SEQ=1 Nov 9 14:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=18951 SEQ=1 Nov 9 14:30:03 server83 aibolit_wrapper[13341]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788035908496.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788035909856.txt --log=/tmp/malware_cleaner_log_17626788035911422.txt --progress=/tmp/malware_cleaner_progress_17626788035911050.json --csv_result=/tmp/revisium_csvfile_17626788035911224.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:30:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57994 SEQ=1 Nov 9 14:30:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20959 SEQ=1 Nov 9 14:30:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=103.102.230.4 DST=145.239.177.179 LEN=40 TOS=0x08 PREC=0x20 TTL=237 ID=54321 PROTO=TCP SPT=35552 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:30:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31066 PROTO=TCP SPT=50712 DPT=4127 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:30:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.63.197.182 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54142 PROTO=TCP SPT=50883 DPT=7747 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:30:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.54.248 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3741 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=27980 SEQ=1 Nov 9 14:30:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=39431 SEQ=1 Nov 9 14:30:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.94.146.38 DST=145.239.177.179 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=18150 PROTO=TCP SPT=7328 DPT=39841 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:30:27 server83 aibolit_wrapper[16379]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788271169300.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788271170480.txt --log=/tmp/malware_cleaner_log_17626788271171730.txt --progress=/tmp/malware_cleaner_progress_17626788271171370.json --csv_result=/tmp/revisium_csvfile_17626788271171526.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:30:30 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40632 SEQ=1 Nov 9 14:30:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16768 SEQ=1 Nov 9 14:30:32 server83 aibolit_wrapper[17107]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788324146476.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788324147212.txt --log=/tmp/malware_cleaner_log_17626788324147938.txt --progress=/tmp/malware_cleaner_progress_17626788324147756.json --csv_result=/tmp/revisium_csvfile_17626788324147834.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:30:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23873 SEQ=1 Nov 9 14:30:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57889 SEQ=1 Nov 9 14:30:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57797 DF PROTO=TCP SPT=51974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:30:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61890 SEQ=1 Nov 9 14:30:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57798 DF PROTO=TCP SPT=51974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:30:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10414 PROTO=TCP SPT=39486 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:30:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10415 PROTO=TCP SPT=39486 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57799 DF PROTO=TCP SPT=51974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45415 PROTO=TCP SPT=63767 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:30:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.25 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=10416 PROTO=TCP SPT=39486 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:30:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23138 SEQ=1 Nov 9 14:30:38 server83 aibolit_wrapper[17871]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788380661666.txt --input-fn-b64-encoded --username=evershine --report-hashes --log=/tmp/malware_cleaner_log_17626788380663552.txt --progress=/tmp/malware_cleaner_progress_17626788380663288.json --csv_result=/tmp/revisium_csvfile_17626788380663412.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:30:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.18 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=45417 PROTO=TCP SPT=63767 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:30:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57800 DF PROTO=TCP SPT=51974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:30:43 server83 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Nov 9 14:30:43 server83 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh is now logged in Nov 9 14:30:43 server83 pure-ftpd: (__cpanel__service__auth__ftpd__FWsLk5IniNjR9gnz4UnrnuKLNeXyMLWgSm2J5OLMrFPUzOfwQbRze3pX5gpsuWwh@127.0.0.1) [INFO] Logout. Nov 9 14:30:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:30:46 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=43984 SEQ=1 Nov 9 14:30:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57801 DF PROTO=TCP SPT=51974 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:30:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=64586 SEQ=1 Nov 9 14:30:51 server83 aibolit_wrapper[19698]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788514173130.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788514174766.txt --log=/tmp/malware_cleaner_log_17626788514176306.txt --progress=/tmp/malware_cleaner_progress_17626788514175878.json --csv_result=/tmp/revisium_csvfile_17626788514176052.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:30:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=29703 SEQ=1 Nov 9 14:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15476 SEQ=1 Nov 9 14:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5912 SEQ=1 Nov 9 14:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54473 SEQ=1 Nov 9 14:30:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=69.235.187.83 DST=145.239.177.179 LEN=68 TOS=0x00 PREC=0x00 TTL=23 ID=0 PROTO=ICMP TYPE=8 CODE=0 ID=5 SEQ=16091 Nov 9 14:30:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=80.13.153.140 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=17433 PROTO=TCP SPT=47143 DPT=1322 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:30:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.190.149.150 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3740 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:30:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=52.14.58.0 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=35065 DPT=9443 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:30:57 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32566 PROTO=TCP SPT=49956 DPT=27071 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:31:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:31:01 server83 systemd: Started Session 313350 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313351 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313354 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313352 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313353 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313355 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313358 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313356 of user root. Nov 9 14:31:01 server83 systemd: Started Session 313357 of user root. Nov 9 14:31:01 server83 aibolit_wrapper[21155]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788617291332.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788617292820.txt --log=/tmp/malware_cleaner_log_17626788617294404.txt --progress=/tmp/malware_cleaner_progress_17626788617294012.json --csv_result=/tmp/revisium_csvfile_17626788617294182.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13639 SEQ=1 Nov 9 14:31:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49951 SEQ=1 Nov 9 14:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=24330 SEQ=1 Nov 9 14:31:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44837 SEQ=1 Nov 9 14:31:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=13430 SEQ=1 Nov 9 14:31:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7799 PROTO=TCP SPT=63950 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7800 PROTO=TCP SPT=63950 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=54460 PROTO=TCP SPT=41004 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7801 PROTO=TCP SPT=63950 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:07 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=54461 PROTO=TCP SPT=41004 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.2.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=7802 PROTO=TCP SPT=63950 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:08 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:31:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=64.62.156.87 DST=145.239.177.179 LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=34752 DF PROTO=UDP SPT=13281 DPT=1434 LEN=9 Nov 9 14:31:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=54462 PROTO=TCP SPT=41004 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.244.154 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=95 ID=54463 PROTO=TCP SPT=41004 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=218.17.184.95 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=24810 PROTO=TCP SPT=46243 DPT=40022 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:31:20 server83 aibolit_wrapper[23418]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788800084614.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788800086058.txt --log=/tmp/malware_cleaner_log_17626788800087524.txt --progress=/tmp/malware_cleaner_progress_17626788800087094.json --csv_result=/tmp/revisium_csvfile_17626788800087266.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:31:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.236.97.81 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3747 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:31:20 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=204.76.203.219 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50135 DPT=81 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23620 SEQ=1 Nov 9 14:31:23 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62770 SEQ=1 Nov 9 14:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=62770 SEQ=1 Nov 9 14:31:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53976 SEQ=1 Nov 9 14:31:24 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=146.88.241.140 DST=51.210.113.204 LEN=37 TOS=0x00 PREC=0x00 TTL=48 ID=34848 PROTO=UDP SPT=57281 DPT=7777 LEN=17 Nov 9 14:31:27 server83 aibolit_wrapper[24359]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788876211464.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626788876213394.txt --log=/tmp/malware_cleaner_log_17626788876216166.txt --progress=/tmp/malware_cleaner_progress_17626788876215250.json --csv_result=/tmp/revisium_csvfile_17626788876215888.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:31:29 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=143.42.164.97 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=42158 DPT=44445 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:31:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=91.231.89.255 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=38338 DF PROTO=TCP SPT=14509 DPT=9639 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 14:31:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.104.192.131 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=60338 DPT=3739 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:31:33 server83 aibolit_wrapper[25187]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626788939411498.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --log=/tmp/malware_cleaner_log_17626788939415360.txt --progress=/tmp/malware_cleaner_progress_17626788939414874.json --csv_result=/tmp/revisium_csvfile_17626788939415090.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:31:34 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.132.225 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55971 DPT=47693 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17379 SEQ=1 Nov 9 14:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26834 SEQ=1 Nov 9 14:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25584 SEQ=1 Nov 9 14:31:37 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=183 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17379 SEQ=1 Nov 9 14:31:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25369 SEQ=1 Nov 9 14:31:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=207.90.244.16 DST=51.210.113.204 LEN=44 TOS=0x08 PREC=0x20 TTL=110 ID=13626 PROTO=TCP SPT=26200 DPT=44309 WINDOW=41813 RES=0x00 SYN URGP=0 Nov 9 14:31:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25369 SEQ=1 Nov 9 14:31:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3765 PROTO=TCP SPT=51701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3766 PROTO=TCP SPT=51701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25158 PROTO=TCP SPT=56629 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:43 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3767 PROTO=TCP SPT=51701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25159 PROTO=TCP SPT=56629 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.21 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=3768 PROTO=TCP SPT=51701 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=25160 PROTO=TCP SPT=56629 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:31:47 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=74.125.181.148 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=33500 PROTO=TCP SPT=64305 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40935 PROTO=TCP SPT=46767 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40557 SEQ=1 Nov 9 14:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40557 SEQ=1 Nov 9 14:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=20543 SEQ=1 Nov 9 14:31:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45602 SEQ=1 Nov 9 14:31:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.24 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=40937 PROTO=TCP SPT=46767 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:31:53 server83 aibolit_wrapper[27628]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789134600056.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789134601374.txt --log=/tmp/malware_cleaner_log_17626789134602570.txt --progress=/tmp/malware_cleaner_progress_17626789134602290.json --csv_result=/tmp/revisium_csvfile_17626789134602416.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:31:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9446 SEQ=1 Nov 9 14:31:56 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29423 PROTO=TCP SPT=49956 DPT=28283 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:31:57 server83 aibolit_wrapper[28210]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789178223572.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789178224712.txt --log=/tmp/malware_cleaner_log_17626789178226084.txt --progress=/tmp/malware_cleaner_progress_17626789178225758.json --csv_result=/tmp/revisium_csvfile_17626789178225928.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:32:00 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35838 PROTO=TCP SPT=60098 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:32:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=172.253.0.26 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=35839 PROTO=TCP SPT=60098 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:32:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:32:01 server83 systemd: Started Session 313360 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313361 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313359 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313362 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313364 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313363 of user root. Nov 9 14:32:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:32:01 server83 systemd: Started Session 313367 of user accentri. Nov 9 14:32:01 server83 systemd: Started Session 313365 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313368 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313369 of user root. Nov 9 14:32:01 server83 systemd: Started Session 313366 of user accentri. Nov 9 14:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:32:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:32:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:32:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.90 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47032 PROTO=TCP SPT=45727 DPT=31759 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:32:02 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21751 PROTO=TCP SPT=60152 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:32:04 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47142 PROTO=TCP SPT=49956 DPT=25666 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:32:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21754 PROTO=TCP SPT=60152 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:32:06 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=172.253.0.30 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=21755 PROTO=TCP SPT=60152 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:32:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=10873 SEQ=1 Nov 9 14:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1576 SEQ=1 Nov 9 14:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=1576 SEQ=1 Nov 9 14:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=15999 SEQ=1 Nov 9 14:32:09 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41177 SEQ=1 Nov 9 14:32:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.111.60 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50706 DPT=12324 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=45.56.84.110 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=60911 DPT=12324 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:15 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=111.224.220.180 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=11030 PROTO=TCP SPT=10596 DPT=5342 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:32:16 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50293 SEQ=1 Nov 9 14:32:17 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=774 SEQ=1 Nov 9 14:32:17 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.236.127.141 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=0 DF PROTO=TCP SPT=39382 DPT=3746 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:32:18 server83 aibolit_wrapper[31000]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789385725480.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789385726706.txt --log=/tmp/malware_cleaner_log_17626789385727756.txt --progress=/tmp/malware_cleaner_progress_17626789385727498.json --csv_result=/tmp/revisium_csvfile_17626789385727606.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:32:18 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=50293 SEQ=1 Nov 9 14:32:21 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:32:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57802 DF PROTO=TCP SPT=54565 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:32:25 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57803 DF PROTO=TCP SPT=54565 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:32:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.210.131 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56643 DPT=48577 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:26 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=8.209.105.161 DST=51.210.113.204 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=60338 DPT=3738 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:32:26 server83 aibolit_wrapper[32173]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789466913906.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789466916006.txt --log=/tmp/malware_cleaner_log_17626789466917656.txt --progress=/tmp/malware_cleaner_progress_17626789466917252.json --csv_result=/tmp/revisium_csvfile_17626789466917438.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:32:27 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57804 DF PROTO=TCP SPT=54565 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:32:28 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39769 PROTO=TCP SPT=58945 DPT=9442 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:32:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:32:30 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:32:31 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57805 DF PROTO=TCP SPT=54565 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:32:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=14239 SEQ=1 Nov 9 14:32:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51550 SEQ=1 Nov 9 14:32:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56285 SEQ=1 Nov 9 14:32:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51550 SEQ=1 Nov 9 14:32:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=53466 SEQ=1 Nov 9 14:32:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57806 DF PROTO=TCP SPT=54565 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:32:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=41163 SEQ=1 Nov 9 14:32:41 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.61 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=2369 PROTO=TCP SPT=49064 DPT=7214 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:45 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=31766 PROTO=TCP SPT=33139 DPT=5707 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:47 server83 aibolit_wrapper[2398]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789675130740.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789675132070.txt --log=/tmp/malware_cleaner_log_17626789675133250.txt --progress=/tmp/malware_cleaner_progress_17626789675132834.json --csv_result=/tmp/revisium_csvfile_17626789675132980.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:32:50 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=42545 SEQ=1 Nov 9 14:32:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37077 SEQ=1 Nov 9 14:32:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=59584 SEQ=1 Nov 9 14:32:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=20.168.127.148 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=42116 DPT=2455 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=23229 SEQ=1 Nov 9 14:32:55 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=35.203.211.35 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57072 DPT=9743 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:32:55 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.200.116.35 DST=145.239.177.179 LEN=42 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=UDP SPT=39171 DPT=1194 LEN=22 Nov 9 14:32:58 server83 aibolit_wrapper[3863]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789787652948.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789787654662.txt --log=/tmp/malware_cleaner_log_17626789787656074.txt --progress=/tmp/malware_cleaner_progress_17626789787655690.json --csv_result=/tmp/revisium_csvfile_17626789787655862.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4893] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4897] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4897] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4900] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4909] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4911] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:32:59 server83 NetworkManager[922]: <info> [1762678979.4921] dhcp4 (eth1): dhclient started with pid 3977 Nov 9 14:32:59 server83 dhclient[3977]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x8c291c3) Nov 9 14:33:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:33:01 server83 imunify-auditd-log-reader[9638]: lost 2 message sequences Nov 9 14:33:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:33:01 server83 systemd: Started Session 313370 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313371 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313372 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313374 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313375 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313373 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313376 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313377 of user root. Nov 9 14:33:01 server83 systemd: Started Session 313378 of user root. Nov 9 14:33:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44652 SEQ=1 Nov 9 14:33:05 server83 systemd: rshmonitor.service holdoff time over, scheduling restart. Nov 9 14:33:05 server83 systemd: Stopped Status Update Service. Nov 9 14:33:05 server83 systemd: Started Status Update Service. Nov 9 14:33:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=147.185.133.173 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51348 DPT=9457 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:33:06 server83 dhclient[3977]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x8c291c3) Nov 9 14:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25412 SEQ=1 Nov 9 14:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=216.73.216.58 DST=51.210.113.204 LEN=66 TOS=0x00 PREC=0x00 TTL=108 ID=258 DF PROTO=ICMP TYPE=8 CODE=0 ID=18433 SEQ=36064 Nov 9 14:33:06 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44652 SEQ=1 Nov 9 14:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=55801 SEQ=1 Nov 9 14:33:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=185 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=26358 SEQ=1 Nov 9 14:33:08 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44466 SEQ=1 Nov 9 14:33:09 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57807 DF PROTO=TCP SPT=55654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:33:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57808 DF PROTO=TCP SPT=55654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:33:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57809 DF PROTO=TCP SPT=55654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:33:14 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=35.203.211.185 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=49894 DPT=28094 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:33:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57810 DF PROTO=TCP SPT=55654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:33:17 server83 aibolit_wrapper[6169]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626789971072472.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626789971074690.txt --log=/tmp/malware_cleaner_log_17626789971076668.txt --progress=/tmp/malware_cleaner_progress_17626789971076162.json --csv_result=/tmp/revisium_csvfile_17626789971076396.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:33:17 server83 dhclient[3977]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0x8c291c3) Nov 9 14:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65401 SEQ=1 Nov 9 14:33:19 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.38.25.100 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=8460 SEQ=1 Nov 9 14:33:24 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=38314 SEQ=1 Nov 9 14:33:24 server83 aibolit_wrapper[7088]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790045999156.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790046000542.txt --log=/tmp/malware_cleaner_log_17626790046001790.txt --progress=/tmp/malware_cleaner_progress_17626790046001466.json --csv_result=/tmp/revisium_csvfile_17626790046001620.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:33:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57811 DF PROTO=TCP SPT=55654 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:33:28 server83 dhclient[3977]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x8c291c3) Nov 9 14:33:31 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45809 SEQ=1 Nov 9 14:33:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.187.247 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37766 SEQ=1 Nov 9 14:33:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=57.130.4.212 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=63731 SEQ=1 Nov 9 14:33:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46076 SEQ=1 Nov 9 14:33:35 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.141 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=53245 PROTO=TCP SPT=22182 DPT=2701 WINDOW=42340 RES=0x00 SYN URGP=0 Nov 9 14:33:36 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41168 PROTO=TCP SPT=62886 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:33:37 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41169 PROTO=TCP SPT=62886 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:33:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14555 PROTO=TCP SPT=60457 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:33:38 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.157 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=99 ID=41170 PROTO=TCP SPT=62886 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:33:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14556 PROTO=TCP SPT=60457 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=17134 SEQ=1 Nov 9 14:33:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=56152 SEQ=1 Nov 9 14:33:39 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.253.34.98 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3745 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:33:40 server83 aibolit_wrapper[9231]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790209041098.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790209042794.txt --log=/tmp/malware_cleaner_log_17626790209044338.txt --progress=/tmp/malware_cleaner_progress_17626790209043944.json --csv_result=/tmp/revisium_csvfile_17626790209044122.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:33:42 server83 dhclient[3977]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 18 (xid=0x8c291c3) Nov 9 14:33:42 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=74.125.181.156 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=98 ID=14559 PROTO=TCP SPT=60457 DPT=853 WINDOW=64952 RES=0x00 SYN URGP=0 Nov 9 14:33:44 server83 NetworkManager[922]: <warn> [1762679024.4503] dhcp4 (eth1): request timed out Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4503] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4582] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 3977 Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4582] dhcp4 (eth1): state changed timeout -> done Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4584] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:33:44 server83 NetworkManager[922]: <warn> [1762679024.4587] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4589] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4619] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4622] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4623] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4626] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4635] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4636] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:33:44 server83 NetworkManager[922]: <info> [1762679024.4648] dhcp4 (eth1): dhclient started with pid 9662 Nov 9 14:33:44 server83 dhclient[9662]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5 (xid=0x40ede13b) Nov 9 14:33:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12696 PROTO=TCP SPT=49956 DPT=29553 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:33:46 server83 imunify360-php-daemon[734]: error sending perf stats: circuit breaker is open Nov 9 14:33:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:33:46 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:33:49 server83 dhclient[9662]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x40ede13b) Nov 9 14:33:51 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.94.138.155 DST=145.239.177.179 LEN=184 TOS=0x00 PREC=0x00 TTL=32 ID=14363 PROTO=UDP SPT=37138 DPT=34964 LEN=164 Nov 9 14:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=72.251.7.222 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51659 SEQ=1 Nov 9 14:33:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51659 SEQ=1 Nov 9 14:33:52 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25191 SEQ=1 Nov 9 14:33:52 server83 aibolit_wrapper[10679]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790325363280.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790325364736.txt --log=/tmp/malware_cleaner_log_17626790325366566.txt --progress=/tmp/malware_cleaner_progress_17626790325366156.json --csv_result=/tmp/revisium_csvfile_17626790325366362.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=25191 SEQ=1 Nov 9 14:33:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=9647 SEQ=1 Nov 9 14:33:54 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=51331 SEQ=1 Nov 9 14:33:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=48.216.244.43 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=43 ID=22005 PROTO=TCP SPT=35905 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:33:58 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57812 DF PROTO=TCP SPT=56866 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:33:59 server83 dhclient[9662]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7 (xid=0x40ede13b) Nov 9 14:33:59 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57813 DF PROTO=TCP SPT=56866 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:34:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=157.245.218.159 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=4909 PROTO=TCP SPT=61013 DPT=8089 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:34:01 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=51.195.135.163 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40409 SEQ=1 Nov 9 14:34:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:34:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:34:01 server83 systemd: Started Session 313382 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313383 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313380 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313381 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313384 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313379 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313385 of user root. Nov 9 14:34:01 server83 systemd: Created slice User Slice of accentri. Nov 9 14:34:01 server83 systemd: Started Session 313386 of user accentri. Nov 9 14:34:01 server83 systemd: Started Session 313387 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313388 of user root. Nov 9 14:34:01 server83 systemd: Started Session 313389 of user accentri. Nov 9 14:34:01 server83 systemd: Removed slice User Slice of accentri. Nov 9 14:34:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57814 DF PROTO=TCP SPT=56866 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=39606 DF PROTO=ICMP TYPE=8 CODE=0 ID=22553 SEQ=62377 Nov 9 14:34:02 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=2504 SEQ=1 Nov 9 14:34:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=40409 SEQ=1 Nov 9 14:34:03 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=91.230.168.251 DST=51.210.113.204 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=36840 DF PROTO=TCP SPT=16391 DPT=9696 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 9 14:34:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=45761 SEQ=1 Nov 9 14:34:05 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57815 DF PROTO=TCP SPT=56866 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:34:06 server83 dhclient[9662]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 15 (xid=0x40ede13b) Nov 9 14:34:08 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=79.124.62.134 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5349 PROTO=TCP SPT=58945 DPT=46372 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:34:08 server83 aibolit_wrapper[12770]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790487125102.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790487126790.txt --log=/tmp/malware_cleaner_log_17626790487128492.txt --progress=/tmp/malware_cleaner_progress_17626790487128058.json --csv_result=/tmp/revisium_csvfile_17626790487128248.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:34:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.156.73.180 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=38056 PROTO=TCP SPT=50939 DPT=7837 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:34:13 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=119.166.91.68 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=57816 DF PROTO=TCP SPT=56866 DPT=4527 WINDOW=64240 RES=0x00 SYN URGP=0 Nov 9 14:34:16 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=64288 PROTO=TCP SPT=58720 DPT=5055 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:34:20 server83 aibolit_wrapper[14280]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790608845604.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790608846896.txt --log=/tmp/malware_cleaner_log_17626790608848242.txt --progress=/tmp/malware_cleaner_progress_17626790608847904.json --csv_result=/tmp/revisium_csvfile_17626790608848066.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:34:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=216.73.216.138 DST=51.210.113.204 LEN=62 TOS=0x00 PREC=0x00 TTL=108 ID=39667 DF PROTO=ICMP TYPE=8 CODE=0 ID=22553 SEQ=34222 Nov 9 14:34:20 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.25.100 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5476 SEQ=1 Nov 9 14:34:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=47.237.114.52 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=46938 DF PROTO=TCP SPT=47962 DPT=8005 WINDOW=61690 RES=0x00 SYN URGP=0 Nov 9 14:34:21 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=18716 PROTO=TCP SPT=56487 DPT=8961 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:34:21 server83 dhclient[9662]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x40ede13b) Nov 9 14:34:23 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=47.253.47.101 DST=145.239.177.179 LEN=44 TOS=0x14 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=39382 DPT=3744 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:34:24 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=51.210.113.204 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=14528 PROTO=TCP SPT=47329 DPT=5197 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:34:29 server83 NetworkManager[922]: <warn> [1762679069.4391] dhcp4 (eth1): request timed out Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4392] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4551] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 9662 Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4551] dhcp4 (eth1): state changed timeout -> done Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4553] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:34:29 server83 NetworkManager[922]: <warn> [1762679069.4558] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4560] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4592] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4596] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4596] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4599] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4609] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4611] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:34:29 server83 NetworkManager[922]: <info> [1762679069.4622] dhcp4 (eth1): dhclient started with pid 15366 Nov 9 14:34:29 server83 dhclient[15366]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x5bb86996) Nov 9 14:34:30 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.48 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=57027 PROTO=TCP SPT=43324 DPT=5048 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=49169 SEQ=1 Nov 9 14:34:32 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16580 SEQ=1 Nov 9 14:34:33 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=46718 SEQ=1 Nov 9 14:34:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=139.99.1.148 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=35 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16605 SEQ=1 Nov 9 14:34:34 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=148.113.25.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=184 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=34060 SEQ=1 Nov 9 14:34:35 server83 dhclient[15366]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13 (xid=0x5bb86996) Nov 9 14:34:35 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:34:37 server83 aibolit_wrapper[16338]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790771027240.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790771028812.txt --log=/tmp/malware_cleaner_log_17626790771030422.txt --progress=/tmp/malware_cleaner_progress_17626790771029872.json --csv_result=/tmp/revisium_csvfile_17626790771030144.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16200 SEQ=1 Nov 9 14:34:38 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=167.114.37.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=5639 SEQ=1 Nov 9 14:34:39 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16605 SEQ=1 Nov 9 14:34:44 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.62.230 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=2672 PROTO=TCP SPT=57151 DPT=5006 WINDOW=1025 RES=0x00 SYN URGP=0 Nov 9 14:34:46 server83 imunify360-php-daemon[734]: error sending monitoring stats: circuit breaker is open Nov 9 14:34:48 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=92.222.184.1 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19274 SEQ=1 Nov 9 14:34:49 server83 dhclient[15366]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 10 (xid=0x5bb86996) Nov 9 14:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=47261 SEQ=1 Nov 9 14:34:49 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=118.193.64.235 DST=145.239.177.179 LEN=40 TOS=0x10 PREC=0x00 TTL=47 ID=3812 DF PROTO=TCP SPT=37812 DPT=409 WINDOW=29200 RES=0x00 SYN URGP=0 Nov 9 14:34:49 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52951 SEQ=1 Nov 9 14:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=72.251.7.222 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=34 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=16798 SEQ=1 Nov 9 14:34:51 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.184.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=44 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19274 SEQ=1 Nov 9 14:34:51 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=221.145.31.23 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=10123 PROTO=TCP SPT=58841 DPT=4200 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.70.125.118 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=38 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=52951 SEQ=1 Nov 9 14:34:53 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.58.142 DST=145.239.177.179 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63096 PROTO=TCP SPT=49956 DPT=27443 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:34:53 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=12110 SEQ=1 Nov 9 14:34:54 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=185.242.226.76 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=36831 DPT=40844 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:34:58 server83 aibolit_wrapper[19471]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626790983392756.txt --input-fn-b64-encoded --username=shreeganeshstone --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626790983394404.txt --log=/tmp/malware_cleaner_log_17626790983396432.txt --progress=/tmp/malware_cleaner_progress_17626790983395748.json --csv_result=/tmp/revisium_csvfile_17626790983396104.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:34:59 server83 dhclient[15366]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 14 (xid=0x5bb86996) Nov 9 14:35:01 server83 auditd[702]: Audit daemon rotating log files Nov 9 14:35:01 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=185.242.226.104 DST=51.210.113.204 LEN=44 TOS=0x00 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=53867 DPT=5014 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:35:01 server83 imunify360-php-daemon[734]: error response: 401, {"status":"error","msg":"Invalid license for Imunify360-918635dCxWmok6905002a12e50"} Nov 9 14:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:35:01 server83 systemd: Started Session 313391 of user root. Nov 9 14:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:35:01 server83 systemd: Started Session 313392 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313393 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313394 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313396 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313390 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313397 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313395 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313398 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313399 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313403 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313401 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313400 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313402 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313404 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313405 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313406 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313407 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313409 of user root. Nov 9 14:35:01 server83 systemd: Started Session 313408 of user root. Nov 9 14:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:35:01 server83 imunify-auditd-log-reader[9638]: lost 1 message sequences Nov 9 14:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=167.114.37.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=37 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=60488 SEQ=1 Nov 9 14:35:03 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=92.222.186.1 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=19255 SEQ=1 Nov 9 14:35:03 server83 aibolit_wrapper[20359]: running child proccess: /opt/alt/php-internal/usr/bin/php -d display_errors=stderr -d display_startup_errors=stderr -n -d extension=posix /opt/ai-bolit/procu2.php --deobfuscate --nobackup --forcibly_cleanup --rescan --list=/tmp/malware_cleanup_file_list_17626791039081048.txt --input-fn-b64-encoded --username=evershine --report-hashes --black-list=/tmp/malware_cleanup_file_list_17626791039082444.txt --log=/tmp/malware_cleaner_log_17626791039084194.txt --progress=/tmp/malware_cleaner_progress_17626791039083798.json --csv_result=/tmp/revisium_csvfile_17626791039083992.csv --avdb /var/imunify360/files/sigs/v1/aibolit/procu2.db --soft Nov 9 14:35:04 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=139.99.1.148 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=36 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=65191 SEQ=1 Nov 9 14:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.195.135.163 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=44811 SEQ=1 Nov 9 14:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=51.38.117.56 DST=51.210.113.204 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54382 SEQ=1 Nov 9 14:35:07 server83 kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=57.130.4.212 DST=145.239.177.179 LEN=32 TOS=0x08 PREC=0x00 TTL=39 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=58750 SEQ=1 Nov 9 14:35:08 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=23.235.176.50 DST=51.210.113.204 LEN=220 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=UDP SPT=36238 DPT=123 LEN=200 Nov 9 14:35:10 server83 kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=162.142.125.93 DST=51.210.113.204 LEN=92 TOS=0x00 PREC=0x00 TTL=35 ID=7885 PROTO=UDP SPT=39875 DPT=17185 LEN=72 Nov 9 14:35:10 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:5c:a6:2d:83:35:87:08:00 SRC=193.163.125.115 DST=145.239.177.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=37324 PROTO=TCP SPT=43202 DPT=42160 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 9 14:35:11 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=89.248.163.181 DST=145.239.177.179 LEN=52 TOS=0x00 PREC=0x20 TTL=52 ID=13762 PROTO=TCP SPT=50817 DPT=9636 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 9 14:35:12 server83 scripts.sh: curl: (7) Failed connect to linux-centos.download:443; Connection timed out Nov 9 14:35:12 server83 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=a8:a1:59:2b:3f:91:24:16:9d:dc:55:f7:08:00 SRC=79.124.49.102 DST=51.210.113.204 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19196 PROTO=TCP SPT=42111 DPT=2761 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 9 14:35:13 server83 dhclient[15366]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 17 (xid=0x5bb86996) Nov 9 14:35:14 server83 NetworkManager[922]: <warn> [1762679114.4463] dhcp4 (eth1): request timed out Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4464] dhcp4 (eth1): state changed unknown -> timeout Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4543] dhcp4 (eth1): canceled DHCP transaction, DHCP client pid 15366 Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4543] dhcp4 (eth1): state changed timeout -> done Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4545] device (eth1): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed') Nov 9 14:35:14 server83 NetworkManager[922]: <warn> [1762679114.4550] device (eth1): Activation: failed for connection 'Wired connection 1' Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4552] device (eth1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed') Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4583] policy: auto-activating connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4587] device (eth1): Activation: starting connection 'Wired connection 1' (fcf6d51b-554f-3c3d-b63f-dfc9bcd903a5) Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4588] device (eth1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed') Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4592] device (eth1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed') Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4603] device (eth1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 9 14:35:14 server83 NetworkManager[922]: <info> [1762679114.4605] dhcp4 (eth1): activation: beginning transaction (timeout in 45 seconds) Nov 9 14:35:14 server83 NetworkManager[922]: <info>